Beste bezoeker,
Welkom op PC Helpforum!

Ben je op zoek naar GRATIS hulp voor je computerprobleem?

Word vandaag lid, plaats je vraag online en het PC Helpforum-team helpt je graag verder.
Je kan lid worden als je hier klikt. Meer dan 40.000 leden deden reeds beroep op onze expertise. PC HELPFORUM vzw HELPT JE GRATIS !

Bent u reeds lid, en u ziet dit bericht? Klik dan rechtsbovenaan op inloggen of klik hier indien u uw wachtwoord bent vergeten.

+ Reageren op discussie
Resultaten: 1 t/m 10 van 10
Overzicht bedankjes3Bedankjes
  • 1 Geplaatst door kape
  • 1 Geplaatst door kape
  • 1 Geplaatst door kape

Anticiperen op nieuw politie-virus

Dit is een discussie over Anticiperen op nieuw politie-virus in het forum Archief Bestrijding malware & virussen , en maakt deel van de Bestrijding malware & virussen categorie; Beste leden, De laatste tijd (2* per maand) heb ik te kampen met het politie-virus. Toen heb ik dankzij tips ...

  1. #1
    Lid
    Geregistreerd
    10 augustus 2012
    Berichten
    14

    Standaard Anticiperen op nieuw politie-virus

    Beste leden,

    De laatste tijd (2* per maand) heb ik te kampen met het politie-virus. Toen heb ik dankzij tips hier op het forum het telkens kunnen omzeilen en verwijderen. Toch irriteert het me mateloos dat het steeds terugkomt. Misschien doe ik het niet goed of heb ik teveel virusscanners en malware-toestanden.

    Zouden jullie mij kunnen helpen anticiperen, zodat mijn pc op punt staat en dat ik eens een volgende aanval kan verhinderen.

    Alvast bedankt

    PS: Weet niet zeker of het in dit gedeelte thuishoort.

    Zie hier mijn logje.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:40:15, on 10/08/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SYSTEM32\taskeng.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\AVG\AVG2012\avgui.exe
    C:\Program Files\AVG\AVG2012\avgscanx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\explorer.exe
    C:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = FD-Computers: Kwaliteit en Service
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O3 - Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O3 - Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar"
    O4 - HKLM\..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [KOO9RV9K4Z] C:\Users\GEBRUI~1\AppData\Local\Temp\Zpd.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - Startup: ch8l0.exe.lnk = C:\Windows\System32\rundll32.exe
    O4 - Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe
    O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files\PokerStars.BE\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs:
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Google Updateservice (gupdate1ca81879840c1f1) (gupdate1ca81879840c1f1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: vToolbarUpdater12.1.5 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

    --
    End of file - 13650 bytes

  2. #2
    Website Beheerder
    Geregistreerd
    23 december 2007
    Locatie
    Kapellen
    Berichten
    37.679

    Standaard

    Het politievirus zit nog steeds op deze PC (mogelijk de reden waarom je er telkens weer mee geconfronteerd wordt). Dat gaan we dan ook hieronder aanpakken. Bovendien valt op dat je nogal veel ongewenste toolbars e.d.m. op je PC hebt zitten. Wat "kritischer" omgaan bij downloaden en internetgebruik in het algemeen is dan ook een belangrijke tip. Ook deze rotzooi nemen we hieronder mee. Voer het volgende nu uit :

    Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O3 - Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O3 - Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
    O4 - HKLM\..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar"
    O4 - HKLM\..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar"
    O4 - HKCU\..\Run: [KOO9RV9K4Z] C:\Users\GEBRUI~1\AppData\Local\Temp\Zpd.exe
    O4 - Startup: ch8l0.exe.lnk = C:\Windows\System32\rundll32.exe
    O4 - Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O20 - AppInit_DLLs:

    Klik op 'Fix checked' om de items te verwijderen.

    Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

    Download
    MBAM (Malwarebytes Anti-Malware)

    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
    Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
    Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

    Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.
    MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.


    Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

    Plak de inhoud van het logje in je volgende bericht
    , samen met een nieuw HijackThis log.
    Laatst gewijzigd door kape; 10 augustus 2012 om 14:26
    Polinho gaf dit bericht een bedankje.




  3. #3
    Lid
    Geregistreerd
    10 augustus 2012
    Berichten
    14

    Standaard

    Hartelijk bedankt voor het advies alvast.
    En inderdaad ik heb destijds teveel van die onnozelheden geïnstalleerd waardat er steeds dingen mee meekwamen. Nu ga ik daar kritischer mee om.

    Ik heb wel gemerkt dat bij Hijack this, nog enkele dingen terug zijn gekomen ook al had ik ze "gefixed."


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:49:45, on 10/08/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Windows\SYSTEM32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = FD-Computers: Kwaliteit en Service
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O3 - Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O3 - Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files\PokerStars.BE\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Google Updateservice (gupdate1ca81879840c1f1) (gupdate1ca81879840c1f1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: vToolbarUpdater12.1.5 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

    --
    End of file - 12322 bytes




    Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
    Malwarebytes : Free anti-malware download

    Databaseversie: v2012.08.10.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Gebruiker :: PC_VAN_FD [administrator]

    Realtime bescherming: Ingeschakeld

    10/08/2012 14:33:45
    mbam-log-2012-08-10 (14-33-45).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 192070
    Verstreken tijd: 6 minuut/minuten, 14 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 4
    HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Geen actie ondernomen.
    HKCU\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\X3EKEPXJP2 (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KOO9RV9K4Z (Trojan.FakeAlert) -> Data: C:\Users\GEBRUI~1\AppData\Local\Temp\Zpd.exe -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 1
    C:\sy5tw21.bin (Trojan.SpyEyes) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 1
    C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)

  4. #4
    Website Beheerder
    Geregistreerd
    23 december 2007
    Locatie
    Kapellen
    Berichten
    37.679

    Standaard

    Vermoedelijk heb je HijackThis als Vista-gebruiker niet uitgevoerd als "administrator". Daardoor zijn er nog items in je logje overgebleven, die niet verwijderd zijn. Herhaal het eens op die wijze en hang daarna een nieuw logje van HijackThis in je volgende bericht.
    Polinho gaf dit bericht een bedankje.




  5. #5
    Lid
    Geregistreerd
    10 augustus 2012
    Berichten
    14

    Standaard

    Nu heb ik het als administrator uitgevoerd en krijg ik volgend resultaat.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:31:47, on 10/08/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\SYSTEM32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = FD-Computers: Kwaliteit en Service
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O3 - Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files\PokerStars.BE\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Google Updateservice (gupdate1ca81879840c1f1) (gupdate1ca81879840c1f1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: vToolbarUpdater12.1.5 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

    --
    End of file - 11497 bytes

  6. #6
    Website Beheerder
    Geregistreerd
    23 december 2007
    Locatie
    Kapellen
    Berichten
    37.679

    Standaard

    Dit ziet er (bijna) goed uit. Doe even het volgende :

    Download ComboFix van één van deze locaties:

    Link 1
    Link 2

    * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

    1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
    Klik hier

    2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
    3. Dubbelklik op "Combofix.exe" om de tool te starten.
    4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

    Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

    5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
    Polinho gaf dit bericht een bedankje.




  7. #7
    Lid
    Geregistreerd
    10 augustus 2012
    Berichten
    14

    Standaard

    Zo :)

    ComboFix 12-08-09.01 - Gebruiker 10/08/2012 17:43:23.1.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3326.1893 [GMT 2:00]
    Gestart vanuit: d:\users\Gebruiker\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Mozilla Firefox\components\AskHPRFF.js
    c:\users\Gebruiker\561.jpg
    c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\chrome.manifest
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\funmoods.css
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\funmoods.xul
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\arwDwn.gif
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\ae.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\bg.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\ch.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\cn.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\cz.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\de.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\eg.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\en.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\es.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\fr.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\gr.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\he.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\il.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\it.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\ja.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\jp.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\nl.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\no.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\pl.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\pt.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\ro.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\ru.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\sa.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\se.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\sv.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\tr.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\ua.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\us.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\help_16.gif
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\home.gif
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\logo.png
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\privecy_16_hot.gif
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\tellafriend.gif
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\loader.xul
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\mtstart.js
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\tmplt.js
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\uninsthk.js
    c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\install.rdf
    c:\windows\system\oeminfo.ini
    c:\windows\system32\Thumbs.db
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-07-10 to 2012-08-10 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-10 15:55 . 2012-08-10 15:55 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp
    2012-08-10 15:55 . 2012-08-10 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-10 10:29 . 2012-08-10 10:29 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-10 10:29 . 2012-08-10 10:29 -------- d-----w- c:\program files\Hijack
    2012-08-10 09:50 . 2012-08-10 09:50 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
    2012-08-10 09:49 . 2012-08-10 09:49 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-10 09:49 . 2012-08-10 09:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-10 09:49 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-10 09:46 . 2012-08-10 09:46 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Helios
    2012-08-10 09:45 . 2012-08-10 09:46 -------- d-----w- c:\program files\TextPad 6
    2012-08-10 09:26 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D8C773C-E1A3-410E-A4F3-A0085D5C733D}\mpengine.dll
    2012-08-08 13:37 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-30 17:46 . 2012-07-30 17:46 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\AVG2012
    2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\users\Gebruiker\AppData\Local\AVG Secure Search
    2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\programdata\AVG Secure Search
    2012-07-30 17:44 . 2012-07-30 17:44 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\program files\Common Files\AVG Secure Search
    2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\program files\AVG Secure Search
    2012-07-30 17:42 . 2012-07-30 17:42 -------- d-----w- C:\$AVG
    2012-07-30 17:42 . 2012-08-10 09:21 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-07-30 17:42 . 2012-07-30 17:50 -------- d-----w- c:\programdata\AVG2012
    2012-07-12 10:46 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-12 10:42 . 2012-06-02 08:27 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2012-07-12 10:42 . 2012-06-02 08:26 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
    2012-07-12 10:42 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-05 16:47 . 2012-07-11 10:20 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 16:47 . 2012-07-11 10:20 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 15:26 . 2012-07-11 10:20 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 22:19 . 2012-06-19 14:51 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 14:51 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 14:51 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 14:51 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-19 14:51 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-19 14:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-19 14:51 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-19 14:51 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:12 . 2012-06-19 14:51 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 00:04 . 2012-07-11 10:20 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 00:03 . 2012-07-11 10:20 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-25 20:35 . 2012-06-07 20:08 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "Spotify"="c:\users\Gebruiker\AppData\Roaming\Spotify\Spotify.exe" [2012-05-05 9478320]
    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "Spotify Web Helper"="c:\users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-05 932528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-04 103896]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-30 1147488]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-9-11 390432]
    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R3 ADM8511;ADMtek ADM8511 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\NET8511.SYS [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 15:17]
    .
    2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 15:17]
    .
    2012-08-09 c:\windows\Tasks\RMSchedule.job
    - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-01-25 21:24]
    .
    .
    ------- Bijkomende Scan -------
    .
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {{878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files\PokerStars.BE\PokerStarsUpdate.exe
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
    FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - Google
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=
    FF - user.js: extensions.funmoods_i.hmpg - true
    FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
    FF - user.js: extensions.funmoods_i.dfltSrch - true
    FF - user.js: extensions.funmoods_i.srchPrvdr - Search
    FF - user.js: extensions.funmoods_i.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
    FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
    FF - user.js: extensions.funmoods_i.id - 346c81b2000000000000002354d9c437
    FF - user.js: extensions.funmoods_i.instlDay - 15424
    FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1614:48
    FF - user.js: extensions.funmoods_i.prtnrId - funmoods
    FF - user.js: extensions.funmoods_i.prdct - funmoods
    FF - user.js: extensions.funmoods_i.aflt - make
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods_i.tlbrId - base
    FF - user.js: extensions.funmoods_i.instlRef -
    FF - user.js: extensions.funmoods_i.dfltLng -
    FF - user.js: extensions.funmoods_i.excTlbr - false
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-10 - (no file)
    Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    HKCU-Run-ares - c:\program files\Ares\Ares.exe
    AddRemove-{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E} - c:\program files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-08-10 17:55
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-08-10 18:04:14
    ComboFix-quarantined-files.txt 2012-08-10 16:04
    .
    Pre-Run: 67.466.604.544 bytes beschikbaar
    Post-Run: 67.454.169.088 bytes beschikbaar
    .
    - - End Of File - - ACC96F6309ED18CDEDC18B92CFFEB9B3

  8. #8
    Website Beheerder
    Geregistreerd
    23 december 2007
    Locatie
    Kapellen
    Berichten
    37.679

    Standaard

    Open een kladblokbestand.

    Kopieer en plak daarin de onderstaande vetgedrukte tekst.


    Firefox::
    FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\
    FF - prefs.js: keyword.URL -

    FF - user.js: extensions.funmoods_i.hmpg - true
    FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
    FF - user.js: extensions.funmoods_i.dfltSrch - true
    FF - user.js: extensions.funmoods_i.srchPrvdr - Search
    FF - user.js: extensions.funmoods_i.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
    FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
    FF - user.js: extensions.funmoods_i.id - 346c81b2000000000000002354d9c437
    FF - user.js: extensions.funmoods_i.instlDay - 15424
    FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1614:48
    FF - user.js: extensions.funmoods_i.prtnrId - funmoods
    FF - user.js: extensions.funmoods_i.prdct - funmoods
    FF - user.js: extensions.funmoods_i.aflt - make
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods_i.tlbrId - base
    FF - user.js: extensions.funmoods_i.instlRef -
    FF - user.js: extensions.funmoods_i.dfltLng -
    FF - user.js: extensions.funmoods_i.excTlbr – false


    Sla dit bestand op je bureaublad op als CFScript.

    Sleep CFScript.txt in ComboFix.exe
    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

    Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

    Download Security Check en sla dit op je bureaublad op.

    Start Security Check
    Volg de instructies op het scherm.
    Aan het eind verschijnt een log (checkup.txt). Plaats de inhoud ervan in je volgende antwoord. Sluit kladblok.




  9. #9
    Lid
    Geregistreerd
    10 augustus 2012
    Berichten
    14

    Standaard

    Logje Combo

    ComboFix 12-08-09.01 - Gebruiker 11/08/2012 13:45:16.3.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3326.1782 [GMT 2:00]
    Gestart vanuit: d:\users\Gebruiker\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: d:\users\Gebruiker\Desktop\CFScript..txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-07-11 to 2012-08-11 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-11 11:51 . 2012-08-11 11:51 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp
    2012-08-11 11:51 . 2012-08-11 11:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-11 11:41 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A7BEA72-7842-4E74-B9F3-A29A9A5B0B28}\mpengine.dll
    2012-08-11 11:30 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-10 10:29 . 2012-08-10 10:29 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-10 10:29 . 2012-08-10 10:29 -------- d-----w- c:\program files\Hijack
    2012-08-10 09:50 . 2012-08-10 09:50 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
    2012-08-10 09:49 . 2012-08-10 09:49 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-10 09:49 . 2012-08-10 09:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-10 09:49 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-10 09:46 . 2012-08-10 09:46 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Helios
    2012-08-10 09:45 . 2012-08-10 09:46 -------- d-----w- c:\program files\TextPad 6
    2012-07-30 17:46 . 2012-07-30 17:46 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\AVG2012
    2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\users\Gebruiker\AppData\Local\AVG Secure Search
    2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\programdata\AVG Secure Search
    2012-07-30 17:44 . 2012-07-30 17:44 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\program files\Common Files\AVG Secure Search
    2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\program files\AVG Secure Search
    2012-07-30 17:42 . 2012-07-30 17:42 -------- d-----w- C:\$AVG
    2012-07-30 17:42 . 2012-08-11 08:37 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-07-30 17:42 . 2012-07-30 17:50 -------- d-----w- c:\programdata\AVG2012
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-13 13:40 . 2012-07-12 10:46 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 16:47 . 2012-07-11 10:20 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 16:47 . 2012-07-11 10:20 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 15:26 . 2012-07-11 10:20 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 22:19 . 2012-06-19 14:51 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 14:51 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 14:51 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 14:51 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-19 14:51 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-19 14:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-19 14:51 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-19 14:51 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:12 . 2012-06-19 14:51 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 08:33 . 2012-07-12 10:43 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25 . 2012-07-12 10:43 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25 . 2012-07-12 10:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-12 10:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-12 10:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 00:04 . 2012-07-11 10:20 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 00:03 . 2012-07-11 10:20 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-25 20:35 . 2012-06-07 20:08 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
    "Spotify"="c:\users\Gebruiker\AppData\Roaming\Spotify\Spotify.exe" [2012-05-05 9478320]
    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "Spotify Web Helper"="c:\users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-05 932528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-04 103896]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-30 1147488]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-9-11 390432]
    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    R3 ADM8511;ADMtek ADM8511 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\NET8511.SYS [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 15:17]
    .
    2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 15:17]
    .
    2012-08-10 c:\windows\Tasks\RMSchedule.job
    - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-01-25 21:24]
    .
    .
    ------- Bijkomende Scan -------
    .
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {{878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files\PokerStars.BE\PokerStarsUpdate.exe
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
    FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - Google
    FF - user.js: extensions.funmoods_i.excTlbr - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-08-11 13:51
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-08-11 13:52:58
    ComboFix-quarantined-files.txt 2012-08-11 11:52
    ComboFix2.txt 2012-08-11 11:14
    ComboFix3.txt 2012-08-10 16:04
    .
    Pre-Run: 73.864.966.144 bytes beschikbaar
    Post-Run: 73.839.632.384 bytes beschikbaar
    .
    - - End Of File - - 79EEC2B9FECE465F9914B4E43C83CF18

    Logje Security Check

    Results of screen317's Security Check version 0.99.43
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    AVG Anti-Virus Free Edition 2012
    Microsoft Security Essentials
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware versie 1.62.0.1300
    Java(TM) 6 Update 31
    Java(TM) 6 Update 5
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 10.3.183.11 Flash Player out of Date!
    Adobe Reader 8 Adobe Reader out of Date!
    Adobe Reader X (10.1.1)
    Mozilla Firefox (14.0.1)
    Google Chrome 20.0.1132.57
    Google Chrome 21.0.1180.60
    Google Chrome 21.0.1180.75
    Google Chrome VisualElementsManifest.xml..
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````

  10. #10
    Website Beheerder
    Geregistreerd
    23 december 2007
    Locatie
    Kapellen
    Berichten
    37.679

    Standaard

    Combofix heeft zijn werk correct gedaan. Dat logje is inmiddels OK.

    Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

    Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

    Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

    Uit de Security Check blijkt dat je één en ander moet updaten.

    Je Java software is verouderd.
    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

    Ga naar Java SE 7 en download daar de juiste Java versie naar uw bureaublad, 32 of 64 bit.


    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
    • Herhaal dit tot alle oudere versies verdwenen zijn.
    • Na het verwijderen van alle oudere versies, herstart je pc.
    • Dubbelklik vervolgens op jre-7-windows-x64 / x86 op je Bureaublad om de nieuwste versie van Java te installeren.

    Van Adobe Flash Player en Adobe Reader moet je ook de meest recente versie binnenhalen. En bij Google Chrome zitten er blijkbaar 3 verschillende versies op de PC. Kijk eens bij Software of je daar de oudste versies van kan verwijderen en de meest recente behouden.




+ Reageren op discussie

Soortgelijke discussies

  1. politie virus
    door sensima in forum Archief Bestrijding malware & virussen
    Reacties: 1
    Laatste bericht: 2 augustus 2012, 14:08
  2. [OPGELOST] Politie virus
    door ErwinJongkamp in forum Archief Bestrijding malware & virussen
    Reacties: 5
    Laatste bericht: 2 augustus 2012, 11:10
  3. politie virus
    door jelle_1992 in forum Archief Bestrijding malware & virussen
    Reacties: 4
    Laatste bericht: 28 juli 2012, 17:13
  4. [OPGELOST] Politie Virus
    door DragonLord in forum Archief Bestrijding malware & virussen
    Reacties: 3
    Laatste bericht: 24 juli 2012, 16:52
  5. [OPGELOST] Politie virus
    door Wouter Van Dyck in forum Archief Bestrijding malware & virussen
    Reacties: 3
    Laatste bericht: 21 juli 2012, 13:40

Labels voor deze discussie

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •