Vraag & Antwoord

Beveiliging & privacy

pc aanmelden voor onderzoek

Anoniem
Margreet57
60 antwoorden
  • Hallo mensen,
    Ik weet niet of dit het goede topic is maar ik wou graag een pc voor onderzoek aanmelden. Kan dat?
    Groetenissen,
    Margreet.
  • Hoi Margreet:

  • Okee, hier is dan het log van AdwCleaner:

    # AdwCleaner v2.100 - Verslag gemaakt op 10/12/2012 om 20:35:05
    # Geactualiseerd op 09/12/2012 door Xplode
    # Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Gebruiker : Margreet - MARGREET-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Margreet\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    Map Verwijdert : C:\Program Files (x86)\Application Updater
    Map Verwijdert : C:\Program Files (x86)\Common Files\spigot
    Map Verwijdert : C:\Users\Margreet\AppData\Roaming\yourfiledownloader

    ***** [Register] *****

    Sleutel Verwijdert : HKCU\Software\APN PIP
    Sleutel Verwijdert : HKCU\Software\Conduit
    Sleutel Verwijdert : HKCU\Software\Softonic
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap
    Sleutel Verwijdert : HKLM\Software\Conduit
    Sleutel Verwijdert : HKLM\Software\PIP
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    ***** [Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    [OK] Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

    File : C:\Users\Margreet\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    File : C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S2].txt - [1495 octets] - [10/12/2012 20:35:05]

    ########## EOF - C:\AdwCleaner[S2].txt - [1555 octets] ##########
  • En dit is de DDS logtekst:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
    Run by Margreet at 20:43:59 on 2012-12-10
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.4095.2682 [GMT 1:00]
    .
    AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Persoonlijke firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Users\Margreet\AppData\Local\CrossLoop\CrossLoopService.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\OO Software\Defrag\oodag.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\OO Software\Defrag\oodtray.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Windows\Samsung\PanelMgr\caller64.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
    mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
    mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:3
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{683B5A40-ECD6-4F55-9A61-6D1F4257D2D1} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
    x64-Run: [Acronis Scheduler2Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]
    R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2009-5-11 178728]
    R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-11-28 72240]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-11-28 15920]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2012-5-12 1263200]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 140672]
    R2 afcdpsrv;Acronis Nonstop Backup-service ;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-5-12 3246040]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-6 236544]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 CrossLoopService;CrossLoop Service;C:\Users\Margreet\AppData\Local\CrossLoop\CrossLoopService.exe [2012-10-16 569072]
    R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
    R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2010-6-21 2532680]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2012-5-13 11576]
    R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-5-12 285280]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-5-11 46136]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-11 239616]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-5-15 1327520]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-10 19456]
    S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-10 57856]
    S3 tvnserver;TightVNC Server;C:\Users\Margreet\AppData\Local\CrossLoop\tvnserver.exe [2012-10-16 814080]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2012-12-10 17:42:59 340992 —-a-w- C:\Windows\System32\schannel.dll
    2012-12-10 17:42:58 96768 —-a-w- C:\Windows\SysWow64\sspicli.dll
    2012-12-10 17:42:58 458712 —-a-w- C:\Windows\System32\drivers\cng.sys
    2012-12-10 17:42:58 307200 —-a-w- C:\Windows\System32
    crypt.dll
    2012-12-10 17:42:58 247808 —-a-w- C:\Windows\SysWow64\schannel.dll
    2012-12-10 17:42:58 220160 —-a-w- C:\Windows\SysWow64
    crypt.dll
    2012-12-10 17:42:58 22016 —-a-w- C:\Windows\SysWow64\secur32.dll
    2012-12-10 17:42:58 154480 —-a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-12-10 17:42:58 1448448 —-a-w- C:\Windows\System32\lsasrv.dll
    2012-12-10 11:59:32 ——– d—–w- C:\Users\Margreet\AppData\Local\AdFender
    2012-12-10 11:59:32 ——– d—–w- C:\ProgramData\AdFender
    2012-12-10 11:59:32 ——– d—–w- C:\Program Files (x86)\AdFender
    2012-12-10 11:57:14 ——– d—–w- C:\Users\Margreet\AppData\Local\Secunia PSI
    2012-12-10 11:57:04 ——– d—–w- C:\Program Files (x86)\Secunia
    2012-12-10 11:03:03 ——– d—–w- C:\Users\Margreet\AppData\Local\{6A4264F5-5105-4B32-A9BD-7C15CA9D991F}
    2012-12-09 12:27:16 ——– d—–w- C:\Users\Margreet\AppData\Local\{9A665E3A-8952-4BE4-9C83-B812520253FB}
    2012-12-08 11:15:18 ——– d—–w- C:\Users\Margreet\AppData\Local\{54D4CF7A-43B0-486D-83ED-0E4DC2F8F957}
    2012-12-07 12:26:06 9125352 —-a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D97D4092-E877-42ED-AB2D-355F8B33CE12}\mpengine.dll
    2012-12-07 12:23:38 ——– d—–w- C:\Users\Margreet\AppData\Local\{BA52DBFF-9368-4C45-BD85-CD1A57A7CD57}
    2012-12-06 11:51:07 ——– d—–w- C:\Users\Margreet\AppData\Local\{927BFDF8-CDEC-42F7-B602-033C66580F4C}
    2012-12-05 11:16:40 ——– d—–w- C:\Users\Margreet\AppData\Local\{FBB8D4B1-2C16-4D41-ADE2-11D37A58577D}
    2012-12-04 10:41:20 ——– d—–w- C:\Users\Margreet\AppData\Local\{9F6C6E61-9C01-4FC1-8863-8B22EE7F23C6}
    2012-12-03 09:21:18 ——– d—–w- C:\Users\Margreet\AppData\Local\{8A3E2AEA-4778-49BB-AD02-352DC723EA19}
    2012-12-02 20:38:08 ——– d—–w- C:\Users\Margreet\AppData\Local\{E5D240C8-ECD3-41D2-AC71-E52DD1E864BD}
    2012-12-02 10:49:22 ——– d—–w- C:\Program Files (x86)\MSXML 4.0
    2012-12-02 07:33:36 ——– d—–w- C:\Users\Margreet\AppData\Local\{F6BA043D-1EB2-40B0-BE6B-BAA8035F3898}
    2012-12-02 07:17:38 ——– d—–w- C:\Users\Margreet\AppData\Local\PSU
    2012-12-02 07:16:52 73728 —-a-w- C:\Windows\System32\ssdevm64.dll
    2012-12-02 07:16:52 701440 —-a-w- C:\Windows\SysWow64\msxml2.dll
    2012-12-02 07:16:52 57344 —-a-w- C:\Windows\SysWow64\ssdevm.dll
    2012-12-02 07:16:52 49152 —-a-w- C:\Windows\SysWow64\ssusbpn.dll
    2012-12-02 07:16:52 471040 —-a-w- C:\Windows\ssndii.exe
    2012-12-02 07:16:52 47104 —-a-w- C:\Windows\System32\ssusbp64.dll
    2012-12-02 07:16:52 44544 —-a-w- C:\Windows\SysWow64\msxml4a.dll
    2012-12-02 07:16:52 38160 —-a-w- C:\Windows\SysWow64\msxml2r.dll
    2012-12-02 07:16:52 21776 —-a-w- C:\Windows\SysWow64\msxml2a.dll
    2012-12-02 07:16:50 ——– d—–w- C:\Windows\Samsung
    2012-12-01 16:15:08 ——– d—–w- C:\Users\Margreet\AppData\Local\{DB099405-08B6-4550-BA8F-845341A97981}
    2012-12-01 16:06:47 ——– d—–w- C:\Program Files (x86)\SAMSUNG
    2012-12-01 16:06:44 ——– d—–w- C:\Temp
    2012-11-30 09:42:36 ——– d—–w- C:\Users\Margreet\AppData\Local\{5F9E7A8F-A371-49BA-9999-800C96F35029}
    2012-11-29 10:36:07 ——– d—–w- C:\Users\Margreet\AppData\Local\{219D1E61-8197-44D7-BB04-A4AD0DDB38D1}
    2012-11-28 21:36:23 15920 —-a-w- C:\Windows\System32\drivers\NBVolUp.sys
    2012-11-28 21:36:22 72240 —-a-w- C:\Windows\System32\drivers\NBVol.sys
    2012-11-28 11:26:10 ——– d—–w- C:\Users\Margreet\AppData\Local\{E8E3DAB4-89D3-4F52-9723-6416D9495176}
    2012-11-27 11:02:11 ——– d—–w- C:\Users\Margreet\AppData\Local\{C0E8E32B-A59A-4E7F-AEA8-DB9C5BF3209D}
    2012-11-25 18:27:13 ——– d—–w- C:\Users\Margreet\AppData\Local\{64E5A780-78A0-4771-AE42-925FA1820B3A}
    2012-11-24 13:12:09 ——– d—–w- C:\Users\Margreet\AppData\Local\{2EF6DFDA-F7A7-465C-A84E-D9F39733EBBA}
    2012-11-23 23:26:31 ——– d—–w- C:\Users\Margreet\AppData\Local\{4D032FE1-3DF0-4960-95A1-32307AEB51FB}
    2012-11-23 09:54:56 ——– d—–w- C:\Users\Margreet\AppData\Local\{40E0387C-CE0E-4EC2-AC3E-E5D8EDF4051E}
    2012-11-22 13:15:35 ——– d—–w- C:\Users\Margreet\AppData\Local\{ECDB7B74-58AD-43A1-8B8E-3A79EBC19051}
    2012-11-21 19:49:24 ——– d—–w- C:\Users\Margreet\AppData\Local\{B3555451-3330-457C-A196-C8C1E7F46E61}
    2012-11-21 13:14:59 ——– d—–w- C:\Users\Margreet\AppData\Local\{D67705AA-CFB0-4B68-A53E-6CA172E9A8B6}
    2012-11-20 21:59:24 ——– d—–w- C:\Users\Margreet\AppData\Local\{43B35854-5755-4E3B-A216-B42B4BB84B56}
    2012-11-20 09:54:25 ——– d—–w- C:\Users\Margreet\AppData\Local\{0711803E-C8AF-46D2-B872-05F88AB66703}
    2012-11-19 11:07:43 ——– d—–w- C:\Users\Margreet\AppData\Local\{652E2D22-3B57-44D4-A020-A816022E8402}
    2012-11-18 12:55:00 ——– d—–w- C:\Users\Margreet\AppData\Local\{15658385-0350-4B42-AFB5-691C76C2B822}
    2012-11-16 21:24:37 ——– d—–w- C:\Program Files\Media Preview
    2012-11-16 16:13:22 ——– d—–w- C:\Users\Margreet\AppData\Local\{C499B761-F7D9-427C-A953-CBF3C429B7FA}
    2012-11-15 19:47:39 ——– d—–w- C:\Users\Margreet\AppData\Local\{9BC94501-748D-4E7E-8B76-03DFFAE5495F}
    2012-11-14 23:36:16 ——– d—–w- C:\Users\Margreet\AppData\Local\{A266ED80-EFD2-480A-AC0D-90D2389F099F}
    2012-11-14 11:33:03 ——– d—–w- C:\Users\Margreet\AppData\Local\{3610DE01-4820-41D5-B7AA-FC07259848E3}
    2012-11-13 21:09:53 ——– d—–w- C:\Users\Margreet\AppData\Local\{FBCDB52E-90BC-4E78-BBAF-355AC5349537}
    2012-11-13 19:54:56 2560 —-a-w- C:\Windows\System32\drivers
    l-NL\wdf01000.sys.mui
    2012-11-13 19:54:55 9728 —-a-w- C:\Windows\System32\Wdfres.dll
    2012-11-13 19:54:55 785512 —-a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-13 19:54:55 54376 —-a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-13 19:47:38 87040 —-a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-13 19:47:38 198656 —-a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-13 19:47:37 84992 —-a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-13 19:47:37 744448 —-a-w- C:\Windows\System32\WUDFx.dll
    2012-11-13 19:47:37 45056 —-a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-13 19:47:37 229888 —-a-w- C:\Windows\System32\WUDFHost.exe
    2012-11-13 19:47:37 194048 —-a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-12 20:56:56 ——– d—–w- C:\Users\Margreet\AppData\Local\{9805A5FF-8A84-4AC5-B160-BE2D3CD37AE5}
    2012-11-11 21:33:10 ——– d—–w- C:\Users\Margreet\AppData\Local\{F7D287F9-722A-4907-B38F-4CFB6A222792}
    2012-11-11 21:32:41 ——– d—–w- C:\Users\Margreet\AppData\Local\{C42AFD24-89EA-4723-B2DF-28509865ED11}
    .
    ==================== Find3M ====================
    .
    2012-11-11 19:56:00 73656 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-11 19:56:00 697272 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-18 18:25:58 3149824 —-a-w- C:\Windows\System32\win32k.sys
    2012-10-16 08:38:37 135168 —-a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 —-a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 —-a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 —-a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 —-a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 —-a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 —-a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 11:31:03 2312704 —-a-w- C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:52 1392128 —-a-w- C:\Windows\System32\wininet.dll
    2012-10-08 11:22:55 1494528 —-a-w- C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22 173056 —-a-w- C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35 599040 —-a-w- C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:33 2382848 —-a-w- C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:24 1800704 —-a-w- C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:03 1129472 —-a-w- C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:44 1427968 —-a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05 142848 —-a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21 420864 —-a-w- C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:56 2382848 —-a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-03 17:56:54 1914248 —-a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 —-a-w- C:\Windows\System32
    laapi.dll
    2012-10-03 17:44:21 303104 —-a-w- C:\Windows\System32
    lasvc.dll
    2012-10-03 17:44:17 246272 —-a-w- C:\Windows\System32
    etcorehc.dll
    2012-10-03 17:44:17 18944 —-a-w- C:\Windows\System32
    etevent.dll
    2012-10-03 17:44:16 216576 —-a-w- C:\Windows\System32
    csi.dll
    2012-10-03 17:42:16 569344 —-a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 —-a-w- C:\Windows\SysWow64
    etevent.dll
    2012-10-03 16:42:24 175104 —-a-w- C:\Windows\SysWow64
    etcorehc.dll
    2012-10-03 16:42:23 156672 —-a-w- C:\Windows\SysWow64
    csi.dll
    2012-10-03 16:07:26 45568 —-a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-29 17:54:26 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-25 22:47:43 78336 —-a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 —-a-w- C:\Windows\System32\synceng.dll
    2012-09-24 21:16:33 95208 —-a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-22 11:19:26 131584 —-a-w- C:\Windows\SysWow64\SpoonUninstall.exe
    2012-09-14 19:19:29 2048 —-a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 —-a-w- C:\Windows\SysWow64\tzres.dll
    2009-08-11 15:48:44 777320 —-a-w- C:\Program Files (x86)\Setup.exe
    2009-01-23 12:55:36 184320 —-a-w- C:\Program Files (x86)\SecSNMP.dll
    2006-09-01 16:05:22 4218880 —-a-w- C:\Program Files (x86)\Ssres.dll
    .
    ============= FINISH: 20:44:13,49 ===============










  • Je hebt WinSysClean nog niet in deze machine gezet?
    Wel doen hoor.

    [b:69f96bf1e1]Welk programma[/b:69f96bf1e1]:
  • Ik ga ff WinSysClean installeren en..
    Okee, hier is dan het ComboFixLog:

    [hjt]
    combofix 12-12-10.01 - margreet 10-12-2012 22:29:29.1.4 - x64
    microsoft windows 7 ultimate 6.1.7601.1.1252.31.1043.18.4095.2560 [b:e915b4fcbc][gmt 1:00][/b:e915b4fcbc]
    gestart vanuit:
  • Is het misschien ook verstandig om WinSysClean ook op mn andere pc te installeren?
    Sorry maar dit wist ik niet….
  • Gewoon doen inderdaad.

    [b:58cc38d626]Welk programma[/b:58cc38d626]:
  • Tja…en ik dacht dat deze pc 'schoon' was :cry:

    Emsisoft Emergency Kit - Versie 3.0
    Laatste Update: 11-12-2012 12:36:45

    Scaninstellingen:

    Scantype: Diepe scan
    Objecten: Rootkits, Geheugen, Sporen, C:\, D:\

    Detecteer riskware: Uit
    Scan archieven: Aan
    ADS Scan: Aan
    Bestandsextensiefilter: Uit
    Geavanceerde cache: Aan
    Directe schijftoegang: Uit

    Scan gestart: 11-12-2012 12:37:02

    C:\Windows\AutoKMS\AutoKMS.exe Ontdekt: Trojan.Generic.6325903 (B)

    Gescand 498820
    Gevonden 1

    Scan geëindigd: 11-12-2012 15:12:55
    Scantijd: 2:35:53

    C:\Windows\AutoKMS\AutoKMS.exe Verwijderd Trojan.Generic.6325903 (B)

    Verwijderd 1
  • ff Bij de weg:
    Heb het logboek van eset boven es bekeken en wat mij daarbij opviel was een heleboel besmetting via de site van Softonic. Ook dus met net verwijderde trojan. Heb dus ook Softonic geblokkeerd in mijn browser.
  • Softonic geruikt wrappers.
    Je denkt software te downloaden maar krijgt een wrapper.
    Die wrapper installeert vervolgens de bedoelde software en tevens (na onderzoek van jouw Windows) ook zonder jouw weten vervelende dingen, zoals de Abylon toolbar enz.

    Meer info over die wrappers vindt je hier: https://www.emsisoft.com/en/kb/articles/tec120224/

    [b:ef3ef0b6af]Welk programma[/b:ef3ef0b6af]:
  • Okee, dan is hier het log van AdwCleaner:

    # AdwCleaner v2.100 - Verslag gemaakt op 12/12/2012 om 20:03:56
    # Geactualiseerd op 09/12/2012 door Xplode
    # Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Gebruiker : Margreet - MARGREET-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Margreet\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****


    ***** [Register] *****


    ***** [Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

    File : C:\Users\Margreet\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    File : C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S2].txt - [1624 octets] - [10/12/2012 20:35:05]
    AdwCleaner[S3].txt - [987 octets] - [12/12/2012 20:03:56]

    ########## EOF - C:\AdwCleaner[S3].txt - [1046 octets]
    ##########


    Dan ga ik nu even je link bekijken.
  • Tja…weer een nieuwe vorm van besmetting? Ze worden steeds slimmer…zucht.
    Als ik het goed begrijp is een wrapper het schil van de appel die je juist niet wil hebben…., wel de appel zelf.
    Geen wonder dat Eset soms protesteert bij Softonic, en ook vaak bij Toggle.
    Ik heb zo'n donkerbruin vermoeden dat een hoop mensen dit niet weten.
  • Je mag het volgende doen:

    [b:fcac5c888c]Welk programma[/b:fcac5c888c]:
  • Okee, en hier is dan de logfile van Emsisoft:

    Emsisoft Emergency Kit - Versie 3.0
    Laatste Update: 12-12-2012 22:13:41

    Scaninstellingen:

    Scantype: Diepe scan
    Objecten: Rootkits, Geheugen, Sporen, C:\, D:\

    Detecteer riskware: Uit
    Scan archieven: Aan
    ADS Scan: Aan
    Bestandsextensiefilter: Uit
    Geavanceerde cache: Aan
    Directe schijftoegang: Uit

    Scan gestart: 12-12-2012 22:16:07


    Gescand 508137
    Gevonden 0

    Scan geëindigd: 13-12-2012 1:11:22
    Scantijd: 2:55:15
  • Uh….zijn er verder nog stappen die ik moet ondernemen?
  • Hoi Margreet, heb het momenteel erg druk.

    [b:a9cf1daf1e]Doe de ESET online scan (Klik).[/b:a9cf1daf1e]
    [list:a9cf1daf1e]
    [*:a9cf1daf1e]Klik op de knop [b:a9cf1daf1e]ESET Online Scanner[/b:a9cf1daf1e]
    [*:a9cf1daf1e]Zet een vinkje bij [b:a9cf1daf1e]YES, I accept the Terms of Use[/b:a9cf1daf1e]
    [*:a9cf1daf1e]Klik op [b:a9cf1daf1e]Start[/b:a9cf1daf1e]
    [*:a9cf1daf1e]Sta het ActiveX control toe om te installeren.
    [*:a9cf1daf1e]Zet een vinkje bij de volgende opties:
    [list:a9cf1daf1e][*:a9cf1daf1e][b:a9cf1daf1e]Remove found threats[/b:a9cf1daf1e]
    [*:a9cf1daf1e][b:a9cf1daf1e]Scan archives[/b:a9cf1daf1e][/list:u:a9cf1daf1e]
    [*:a9cf1daf1e]Klik vervolgens op [b:a9cf1daf1e]
  • Sorry Abraham, ik wist niet dat je het druk had :?

    Ik plak ff het log van Eset Online Scan:
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    # version=8
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6844
    # api_version=3.0.2
    # EOSSerial=974b30a230d6064f93b70e3c589f0e7b
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=false
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-12-15 10:45:17
    # local_time=2012-12-15 11:45:17 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776573 100 94 83305 107198167 0 0
    # compatibility_mode=8208 16776701 100 98 6121127 105577669 0 0
    # scanned=203400
    # found=0
    # cleaned=0
    # scan_time=4270
    # nod_component=V3 Build:0x30000000
    # version=8
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6844
    # api_version=3.0.2
    # EOSSerial=974b30a230d6064f93b70e3c589f0e7b
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-12-15 11:38:43
    # local_time=2012-12-15 12:38:43 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1043
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776573 100 94 86511 107201373 0 0
    # compatibility_mode=8208 16776701 100 98 6124333 105580875 0 0
    # scanned=203619
    # found=2
    # cleaned=2
    # scan_time=2510
    # nod_component=V3 Build:0x30000000
    D:\Margreet\Gein\Poes.exe Win32/Joke.ScreenMate programma (opgeschoond door te verwijderen - in quarantaine

    geplaatst) 6EB1CB1D94A00DAF1FB91218B050FDCBA8436C03 C
    D:\Margreet\Gein\2003\Poes.exe Win32/Joke.ScreenMate programma (opgeschoond door te verwijderen - in quarantaine

    geplaatst) 6EB1CB1D94A00DAF1FB91218B050FDCBA8436C03 C

    Ik moet dus wel eerlijk bekennen dat gevonden exe bestand door mij ooit es is gedownload…
  • Als je iets wil installeren dat je leuk lijkt maar er niet helemaal zeker van bent, Google dan eerst op dat programma.

    Dat geeft je dan inzicht in die software.

    Laat weten hoe je PC nu draait.
  • Dat had ik ook idd moeten doen…
    Verder voor de rest draait ie als n zonnetje.
    Ik zal in t vervolg wat meer gaan Googelen naar 'ervaringen met programma's' en natuurlijk evt. waarschuwingen.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord