Ga naar inhoud
  • 0

babylon komt steeds terug.

anoniem

Gevraagd door anoniem,

Vraag

anoniem Nieuwkomer

anoniem

Geplaatst:
Geplaatst:
Hallo, Ik zocht een nieuwe driver, dacht die te hebben gevonden en klikte op "installeren". Tja, geen nieuwe driver dus maar wel een opdringerige "Babylon" als toolbar. Ik heb het meeste eraf kunnen krijgen en Windows' zoekfunctie kan niets meer vinden met de naam Babylon erin, maar toch: Babylon is er dus nog altijd. Kan iemand me helpen ? Alvast bedankt.
Link naar reactie
  • Antwoorden 80
  • Aangemaakt
  • Laatste reactie

Beste reacties voor deze vraag

Populaire dagen

Beste reacties voor deze vraag

Populaire dagen

80 antwoorden op deze vraag

Aanbevolen berichten

  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Hoi, dan gaan we kijken of ComboFix ook nog iets van ZoneAlarm vindt om te verwijderen! Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:220b2ff31b]Kladblok (of Notepad)[/b:220b2ff31b]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:220b2ff31b][color=#0000FF:220b2ff31b]ClearJavaCache:: Folder:: c:\windows\system32\ZoneLabs c:\program files\Zone Labs Firefox:: FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkqhpqx7.default\ FF - prefs.js: keyword.URL - FF - user.js: extensions.BabylonToolbar_i.babTrack - FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - FF - user.js: extensions.BabylonToolbar_i.id - FF - user.js: extensions.BabylonToolbar_i.hardId - FF - user.js: extensions.BabylonToolbar_i.instlDay - FF - user.js: extensions.BabylonToolbar_i.vrsn - FF - user.js: extensions.BabylonToolbar_i.vrsni - FF - user.js: extensions.BabylonToolbar_i.vrsnTs - FF - user.js: extensions.BabylonToolbar_i.prtnrId - FF - user.js: extensions.BabylonToolbar_i.prdct - FF - user.js: extensions.BabylonToolbar_i.aflt - FF - user.js: extensions.BabylonToolbar_i.smplGrp - FF - user.js: extensions.BabylonToolbar_i.tlbrId - FF - user.js: extensions.BabylonToolbar_i.instlRef - [/color:220b2ff31b][/b:220b2ff31b] Sla dit kladblokbestand op je bureaublad op als [b:220b2ff31b]CFScript.txt[/b:220b2ff31b]. [b:220b2ff31b][color=#FF0000:220b2ff31b]Nu eerst de antivirus en eventuele spywarescanners deaktiveren![/color:220b2ff31b][/b:220b2ff31b] Sleep CFScript.txt in ComboFix.exe [img:220b2ff31b]http://crew.nucia.eu/smeenk/CFScript.gif[/img:220b2ff31b] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond! Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in [b:220b2ff31b]C:\Combofix.txt[/b:220b2ff31b] [b:220b2ff31b]Belangrijke opmerking[/b:220b2ff31b]: [list:220b2ff31b][*:220b2ff31b][b:220b2ff31b][color=#FF0000:220b2ff31b]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:220b2ff31b][/b:220b2ff31b] [*:220b2ff31b][b:220b2ff31b][color=#0000FF:220b2ff31b]Illegal operation attempted on a registery key that has been marked for deletion.[/color:220b2ff31b][/b:220b2ff31b] [*:220b2ff31b][b:220b2ff31b][color=#FF0000:220b2ff31b]Start dan de computer opnieuw op.[/color:220b2ff31b][/b:220b2ff31b][/list:u:220b2ff31b]
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
dat ging nu een stuk sneller: ComboFix 12-01-02.02 - Administrator 04-01-2012 10:32:25.24.3 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2047.1285 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator\Desktop\CFScript.yxt.txt AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Persoonlijke firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Aanwezig AV is actief . . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))) . . 2012-01-02 15:51 . 2012-01-02 15:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-01 13:31 . 2012-01-01 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\SumatraPDF 2012-01-01 13:30 . 2012-01-01 13:30 237 ----a-w- C:\user.js 2011-12-29 14:42 . 2011-12-29 14:42 -------- d-----w- c:\program files\MailWasher Pro 2011-12-29 13:05 . 2011-12-29 13:06 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2011-12-29 11:47 . 2011-12-29 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-29 11:00 . 2011-12-29 11:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-29 10:59 . 2011-12-29 10:59 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-12-19 19:34 . 2011-12-19 19:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DxO_Labs 2011-12-19 19:32 . 2005-07-27 12:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll 2011-12-18 14:02 . 2010-03-18 18:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll 2011-12-18 14:02 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll 2011-12-18 14:02 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll 2011-12-18 14:02 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll 2011-12-18 13:51 . 2010-01-13 05:03 94208 ----a-w- c:\windows\system32\CNC5200O.dll 2011-12-18 13:51 . 2010-03-10 23:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL 2011-12-18 12:59 . 2011-12-18 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher 2011-12-18 12:50 . 2011-12-18 12:50 -------- d-----w- c:\program files\Paragon Software 2011-12-18 10:55 . 2011-12-18 10:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ilivid Player 2011-12-18 10:55 . 2011-12-18 12:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318} 2011-12-18 10:54 . 2011-12-18 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-12-17 20:06 . 2011-12-17 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonBJ 2011-12-17 15:31 . 2011-12-17 15:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PrimoPDF 2011-12-17 15:31 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll 2011-12-17 15:30 . 2011-12-17 15:39 -------- d-----w- c:\program files\Nitro PDF 2011-12-17 15:18 . 2011-12-17 15:18 -------- d-----w- c:\program files\Common Files\Bullzip 2011-12-17 15:18 . 1999-05-06 23:00 140288 ----a-w- c:\windows\system32\comdlg32.OCX 2011-12-17 14:56 . 2011-12-17 14:56 -------- d-----w- c:\program files\GPLGS 2011-12-17 14:56 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2011-12-15 11:44 . 2011-12-30 08:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2011-12-15 10:32 . 2011-12-15 10:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft 2011-12-15 10:25 . 2012-01-01 13:25 -------- d-----w- c:\program files\BrowserCompanion 2011-12-15 10:25 . 2011-12-15 10:25 -------- d-----w- c:\documents and settings\Administrator\AppData 2011-12-14 14:09 . 2011-12-14 14:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV 2011-12-14 13:36 . 2011-12-14 13:36 -------- d-----w- c:\program files\Common Files\Java 2011-12-14 13:35 . 2011-11-17 17:06 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2011-12-14 13:13 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2011-12-14 13:12 . 2011-12-14 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJMSetup 2011-12-14 13:11 . 2011-12-14 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2011-12-14 13:06 . 2010-04-07 04:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL 2011-12-14 12:44 . 2011-12-14 12:44 -------- d-----w- c:\windows\system32\STRING 2011-12-14 12:44 . 2010-02-05 01:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL 2011-12-14 12:44 . 2010-02-05 01:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL 2011-12-12 07:49 . 2011-12-12 07:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-12-12 07:49 . 2011-12-12 07:49 229208 ----a-w- c:\windows\system32\drivers\VMM.sys 2011-12-11 20:06 . 2011-12-11 20:06 -------- d-----w- c:\program files\Microsoft Virtual PC 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\ScanSoft 2011-12-11 13:57 . 2011-12-12 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2011-12-10 14:06 . 2011-12-10 14:07 -------- d-----w- c:\program files\HP . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-30 14:55 . 2011-11-09 13:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-30 14:55 . 2011-11-02 09:06 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2011-12-16 08:11 . 2011-10-20 08:55 165232 ---ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll 2011-12-10 14:24 . 2010-09-28 18:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25 . 2010-07-21 06:59 1859584 ------w- c:\windows\system32\win32k.sys 2011-11-17 17:06 . 2010-07-26 17:34 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-17 16:56 . 2011-10-23 13:49 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-11 14:01 . 2011-11-11 14:01 22032 ----a-w- c:\windows\DCEBoot.exe 2011-11-08 23:42 . 2011-11-08 23:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys 2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 12:42 . 2011-11-04 18:31 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-11-04 12:42 . 2011-11-04 18:31 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-11-04 12:42 . 2011-08-15 14:06 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-11-04 11:23 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2010-07-21 06:59 33280 ------w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2010-07-21 06:59 2148864 ------w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2010-07-21 06:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-21 21:47 . 2011-11-29 12:00 20616 ----a-w- c:\windows\system32\fbnative.exe 2011-10-21 21:46 . 2011-09-29 07:02 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2011-10-21 21:46 . 2011-09-29 07:02 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2011-10-21 21:46 . 2011-09-29 07:02 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2011-10-21 21:46 . 2011-09-29 07:02 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys 2011-10-18 11:13 . 2006-02-28 12:00 186880 ------w- c:\windows\system32\encdec.dll 2011-10-12 12:13 . 2002-02-09 23:00 72748 ----a-w- c:\windows\unins000.exe 2011-10-10 14:22 . 2010-04-15 23:22 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-13 09:46 . 2011-09-13 09:46 153296 ----a-w- c:\program files\uninst.exe 2011-09-13 09:45 . 2011-09-13 09:45 2365248 ----a-w- c:\program files\Defraggler.exe 2011-12-21 08:02 . 2012-01-04 08:23 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-02_16.07.16 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-04 07:51 . 2012-01-04 07:51 16384 c:\windows\temp\Perflib_Perfdata_39c.dat + 2012-01-04 08:23 . 2012-01-04 08:23 16384 c:\windows\temp\Perflib_Perfdata_2f4.dat + 2006-02-28 12:00 . 2012-01-04 07:55 86624 c:\windows\system32\perfc009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 86624 c:\windows\system32\perfc009.dat + 2006-02-28 12:00 . 2012-01-04 07:55 498840 c:\windows\system32\perfh009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 498840 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 98304] "RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPopUpsOnBoot"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^ERUNT AutoBackup.lnk] backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^OpenOffice.org 3.3 .lnk] backup=c:\windows\pss\OpenOffice.org 3.3 .lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2 .lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^USB Alert.lnk] backup=c:\windows\pss\USB Alert.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-06-16 15:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2010-03-04 12:31 311296 ------w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com] 2010-08-09 12:47 248832 ------w- c:\program files\filehippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 16:54 127022 ------w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-06-02 15:03 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [29-9-2011 8:02 38920] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [29-9-2011 8:02 42376] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [30-8-2010 11:26 57112] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2-10-2011 13:23 436792] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [29-9-2011 8:02 16008] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [29-9-2011 8:02 184072] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 11:03 169312] R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [29-11-2011 12:59 60552] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12-1-2011 15:41 810144] R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [29-11-2011 12:59 23176] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 13:21 92592] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [21-7-2010 8:47 77824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2-11-2011 10:06 253600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21-7-2010 8:49 1691480] S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] S3 epmntdrv;epmntdrv;\??\c:\windows\system32\epmntdrv.sys --> c:\windows\system32\epmntdrv.sys [?] S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?] S3 EuGdiDrv;EuGdiDrv;\??\c:\windows\system32\EuGdiDrv.sys --> c:\windows\system32\EuGdiDrv.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10-3-2010 7:18 24216] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [29-12-2011 14:05 24064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-9-2010 19:47 20464] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [30-8-2010 12:42 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [30-8-2010 12:42 11104] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [29-6-2011 7:55 93848] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [15-8-2011 15:06 104752] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] . Inhoud van de 'Gedeelde Taken' map . 2012-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-02 14:55] . 2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . 2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: google.nl\www TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkqhpqx7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-04 10:38 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run MailWasher = c:\progra~1\MAILWA~1\MAILWA~1.EXE? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,fc,0a,51,b3,6e,d3,42,a3,c5,73,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}\InProcServer32*] "kapffnboifaaaignnaoeli"=hex:62,61,70,61,00,fc "japfomdjemhlembmnjll"=hex:63,61,6b,70,6b,6d,00,7c "kapfjneppglggkhafldhoc"=hex:6d,61,63,68,6f,6c,67,68,70,70,6f,68,69,70,64,6f, 6c,67,66,62,6a,70,66,68,67,6a,00,00 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–¤|ÿÿÿÿÀ•¤|ù•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1264) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(3228) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-01-04 10:39:07 ComboFix-quarantined-files.txt 2012-01-04 09:39 ComboFix2.txt 2012-01-03 14:13 ComboFix3.txt 2012-01-03 13:50 ComboFix4.txt 2012-01-03 11:39 ComboFix5.txt 2012-01-04 09:31 . Pre-Run: 186.389.811.200 bytes free Post-Run: 186.381.340.672 bytes free . - - End Of File - - 1067BC44B3E87FDA4D76E0F54748D4B6
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
dat ging nu een stuk sneller: ComboFix 12-01-02.02 - Administrator 04-01-2012 10:32:25.24.3 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2047.1285 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator\Desktop\CFScript.yxt.txt AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Persoonlijke firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Aanwezig AV is actief . . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))) . . 2012-01-02 15:51 . 2012-01-02 15:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-01 13:31 . 2012-01-01 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\SumatraPDF 2012-01-01 13:30 . 2012-01-01 13:30 237 ----a-w- C:\user.js 2011-12-29 14:42 . 2011-12-29 14:42 -------- d-----w- c:\program files\MailWasher Pro 2011-12-29 13:05 . 2011-12-29 13:06 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2011-12-29 11:47 . 2011-12-29 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-29 11:00 . 2011-12-29 11:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-29 10:59 . 2011-12-29 10:59 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-12-19 19:34 . 2011-12-19 19:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DxO_Labs 2011-12-19 19:32 . 2005-07-27 12:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll 2011-12-18 14:02 . 2010-03-18 18:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll 2011-12-18 14:02 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll 2011-12-18 14:02 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll 2011-12-18 14:02 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll 2011-12-18 13:51 . 2010-01-13 05:03 94208 ----a-w- c:\windows\system32\CNC5200O.dll 2011-12-18 13:51 . 2010-03-10 23:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL 2011-12-18 12:59 . 2011-12-18 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher 2011-12-18 12:50 . 2011-12-18 12:50 -------- d-----w- c:\program files\Paragon Software 2011-12-18 10:55 . 2011-12-18 10:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ilivid Player 2011-12-18 10:55 . 2011-12-18 12:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318} 2011-12-18 10:54 . 2011-12-18 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-12-17 20:06 . 2011-12-17 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonBJ 2011-12-17 15:31 . 2011-12-17 15:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PrimoPDF 2011-12-17 15:31 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll 2011-12-17 15:30 . 2011-12-17 15:39 -------- d-----w- c:\program files\Nitro PDF 2011-12-17 15:18 . 2011-12-17 15:18 -------- d-----w- c:\program files\Common Files\Bullzip 2011-12-17 15:18 . 1999-05-06 23:00 140288 ----a-w- c:\windows\system32\comdlg32.OCX 2011-12-17 14:56 . 2011-12-17 14:56 -------- d-----w- c:\program files\GPLGS 2011-12-17 14:56 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2011-12-15 11:44 . 2011-12-30 08:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2011-12-15 10:32 . 2011-12-15 10:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft 2011-12-15 10:25 . 2012-01-01 13:25 -------- d-----w- c:\program files\BrowserCompanion 2011-12-15 10:25 . 2011-12-15 10:25 -------- d-----w- c:\documents and settings\Administrator\AppData 2011-12-14 14:09 . 2011-12-14 14:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV 2011-12-14 13:36 . 2011-12-14 13:36 -------- d-----w- c:\program files\Common Files\Java 2011-12-14 13:35 . 2011-11-17 17:06 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2011-12-14 13:13 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2011-12-14 13:12 . 2011-12-14 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJMSetup 2011-12-14 13:11 . 2011-12-14 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2011-12-14 13:06 . 2010-04-07 04:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL 2011-12-14 12:44 . 2011-12-14 12:44 -------- d-----w- c:\windows\system32\STRING 2011-12-14 12:44 . 2010-02-05 01:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL 2011-12-14 12:44 . 2010-02-05 01:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL 2011-12-12 07:49 . 2011-12-12 07:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-12-12 07:49 . 2011-12-12 07:49 229208 ----a-w- c:\windows\system32\drivers\VMM.sys 2011-12-11 20:06 . 2011-12-11 20:06 -------- d-----w- c:\program files\Microsoft Virtual PC 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\ScanSoft 2011-12-11 13:57 . 2011-12-12 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2011-12-10 14:06 . 2011-12-10 14:07 -------- d-----w- c:\program files\HP . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-30 14:55 . 2011-11-09 13:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-30 14:55 . 2011-11-02 09:06 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2011-12-16 08:11 . 2011-10-20 08:55 165232 ---ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll 2011-12-10 14:24 . 2010-09-28 18:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25 . 2010-07-21 06:59 1859584 ------w- c:\windows\system32\win32k.sys 2011-11-17 17:06 . 2010-07-26 17:34 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-17 16:56 . 2011-10-23 13:49 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-11 14:01 . 2011-11-11 14:01 22032 ----a-w- c:\windows\DCEBoot.exe 2011-11-08 23:42 . 2011-11-08 23:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys 2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 12:42 . 2011-11-04 18:31 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-11-04 12:42 . 2011-11-04 18:31 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-11-04 12:42 . 2011-08-15 14:06 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-11-04 11:23 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2010-07-21 06:59 33280 ------w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2010-07-21 06:59 2148864 ------w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2010-07-21 06:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-21 21:47 . 2011-11-29 12:00 20616 ----a-w- c:\windows\system32\fbnative.exe 2011-10-21 21:46 . 2011-09-29 07:02 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2011-10-21 21:46 . 2011-09-29 07:02 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2011-10-21 21:46 . 2011-09-29 07:02 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2011-10-21 21:46 . 2011-09-29 07:02 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys 2011-10-18 11:13 . 2006-02-28 12:00 186880 ------w- c:\windows\system32\encdec.dll 2011-10-12 12:13 . 2002-02-09 23:00 72748 ----a-w- c:\windows\unins000.exe 2011-10-10 14:22 . 2010-04-15 23:22 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-13 09:46 . 2011-09-13 09:46 153296 ----a-w- c:\program files\uninst.exe 2011-09-13 09:45 . 2011-09-13 09:45 2365248 ----a-w- c:\program files\Defraggler.exe 2011-12-21 08:02 . 2012-01-04 08:23 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-02_16.07.16 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-04 07:51 . 2012-01-04 07:51 16384 c:\windows\temp\Perflib_Perfdata_39c.dat + 2012-01-04 08:23 . 2012-01-04 08:23 16384 c:\windows\temp\Perflib_Perfdata_2f4.dat + 2006-02-28 12:00 . 2012-01-04 07:55 86624 c:\windows\system32\perfc009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 86624 c:\windows\system32\perfc009.dat + 2006-02-28 12:00 . 2012-01-04 07:55 498840 c:\windows\system32\perfh009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 498840 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 98304] "RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPopUpsOnBoot"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^ERUNT AutoBackup.lnk] backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^OpenOffice.org 3.3 .lnk] backup=c:\windows\pss\OpenOffice.org 3.3 .lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2 .lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^USB Alert.lnk] backup=c:\windows\pss\USB Alert.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-06-16 15:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2010-03-04 12:31 311296 ------w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com] 2010-08-09 12:47 248832 ------w- c:\program files\filehippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 16:54 127022 ------w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-06-02 15:03 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [29-9-2011 8:02 38920] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [29-9-2011 8:02 42376] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [30-8-2010 11:26 57112] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2-10-2011 13:23 436792] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [29-9-2011 8:02 16008] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [29-9-2011 8:02 184072] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 11:03 169312] R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [29-11-2011 12:59 60552] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12-1-2011 15:41 810144] R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [29-11-2011 12:59 23176] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 13:21 92592] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [21-7-2010 8:47 77824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2-11-2011 10:06 253600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21-7-2010 8:49 1691480] S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] S3 epmntdrv;epmntdrv;\??\c:\windows\system32\epmntdrv.sys --> c:\windows\system32\epmntdrv.sys [?] S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?] S3 EuGdiDrv;EuGdiDrv;\??\c:\windows\system32\EuGdiDrv.sys --> c:\windows\system32\EuGdiDrv.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10-3-2010 7:18 24216] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [29-12-2011 14:05 24064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-9-2010 19:47 20464] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [30-8-2010 12:42 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [30-8-2010 12:42 11104] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [29-6-2011 7:55 93848] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [15-8-2011 15:06 104752] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] . Inhoud van de 'Gedeelde Taken' map . 2012-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-02 14:55] . 2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . 2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: google.nl\www TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkqhpqx7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-04 10:38 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run MailWasher = c:\progra~1\MAILWA~1\MAILWA~1.EXE? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,fc,0a,51,b3,6e,d3,42,a3,c5,73,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}\InProcServer32*] "kapffnboifaaaignnaoeli"=hex:62,61,70,61,00,fc "japfomdjemhlembmnjll"=hex:63,61,6b,70,6b,6d,00,7c "kapfjneppglggkhafldhoc"=hex:6d,61,63,68,6f,6c,67,68,70,70,6f,68,69,70,64,6f, 6c,67,66,62,6a,70,66,68,67,6a,00,00 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–¤|ÿÿÿÿÀ•¤|ù•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1264) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(3228) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-01-04 10:39:07 ComboFix-quarantined-files.txt 2012-01-04 09:39 ComboFix2.txt 2012-01-03 14:13 ComboFix3.txt 2012-01-03 13:50 ComboFix4.txt 2012-01-03 11:39 ComboFix5.txt 2012-01-04 09:31 . Pre-Run: 186.389.811.200 bytes free Post-Run: 186.381.340.672 bytes free . - - End Of File - - 1067BC44B3E87FDA4D76E0F54748D4B6
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
nee, geen vragen meer. Nogmaals héél véél dank voor geduld, tijd, kennis enz. Wat ik mij wel afvraag: er moeten talloze pc's die babylon (en ask) hebben, want het komt met allerlei progjes mee, zelfs als je ze van de originele website ophaalt. Hoe komen die van de r..zooi af, en: hoe vaak en hoe lang ben je hier (en op andere websites) mee bezig?
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Windows Firewall ook uitschakelen: Daarvoor ga je naar Start\Uitvoeren en de opdracht luidt: [b:8ead0111a0]services.msc[/b:8ead0111a0]. Klik op de knop OK. [color=#0000FF:8ead0111a0][b:8ead0111a0]N.B.: Uitvoeren kan ook gestart worden door gelijktijdig de "Windowstoets + R-toets" in te drukken.[/b:8ead0111a0][/color:8ead0111a0] In het venster Services scroll je naar [b:8ead0111a0][color=#0000FF:8ead0111a0]Windows Firewall[/color:8ead0111a0][/b:8ead0111a0]. Dubbelklikk op die vermelding, bij "Opstarttype" zet je de instelling op "Gedeaktiveerd". Klik nu eerst op de knop [b:8ead0111a0]Toepassen[/b:8ead0111a0]; vervolgens klik je op de knop [b:8ead0111a0]Stoppen[/b:8ead0111a0], wacht even en klik uiteindelijk op [b:8ead0111a0]OK[/b:8ead0111a0].
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
Dan gaan we opruimen: [color=#FF0000:17a36825e5][b:17a36825e5]Stap •1•[/b:17a36825e5][/color:17a36825e5] [b:17a36825e5]TDSSKiller[/b:17a36825e5] en dito [b:17a36825e5]C:\TDSSKiller[/b:17a36825e5] mag je handmatig verwijderen. [color=#FF0000:17a36825e5][b:17a36825e5]Stap •2•[/b:17a36825e5][/color:17a36825e5] ComboFix mag nu verwijderd worden: [list:17a36825e5][*:17a36825e5] ga daarvoor naar Start - Uitvoeren [*:17a36825e5] kopieer en plak hierin het volgende: [b:17a36825e5]Combofix /Uninstall[/b:17a36825e5] [*:17a36825e5] klik daarna op [b:17a36825e5]OK[/b:17a36825e5]. [*:17a36825e5] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:17a36825e5] Voorbeeld: [img:17a36825e5]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:17a36825e5] Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken. [i:17a36825e5]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.[/i:17a36825e5] [color=#FF0000:17a36825e5][b:17a36825e5]Stap •3•[/b:17a36825e5][/color:17a36825e5] [b:17a36825e5]Welk programma[/b:17a36825e5]: TFC. [b:17a36825e5]Waarvoor/waarom[/b:17a36825e5]:grondige reiniging van Windows. [b:17a36825e5]Moeilijkheidsgraad[/b:17a36825e5]: geen. Windows Vista en Windows 7 gebruikers starten dit tool via rechtsklik erop met administratorrechten. [b:17a36825e5]Download: [url=http://oldtimer.geekstogo.com/TFC.exe][color=#0000FF:17a36825e5]Download TFC naar je bureaublad (klick)[/color:17a36825e5] [/b:17a36825e5][/url] [b:17a36825e5]TFC opstarten[/b:17a36825e5]: Windows 2000 en Windows XP: start TFC.exe middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start TFC.exe middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [list:17a36825e5][*:17a36825e5] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen! [*:17a36825e5] Vervolgens klik je op de knop [b:17a36825e5]Start[/b:17a36825e5] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is. [*:17a36825e5] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt. [*:17a36825e5] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op. [*:17a36825e5] Noot: TFC vertoont geen log![/list:u:17a36825e5] [color=#FF0000:17a36825e5][b:17a36825e5]Stap •4•[/b:17a36825e5][/color:17a36825e5] Doe ook nog een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is. Download naar je bureaublad [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:17a36825e5][color=#0000FF:17a36825e5]Security Check[/color:17a36825e5][/b:17a36825e5][/url]. [list:17a36825e5][*:17a36825e5] Klik/dubbelklik op [b:17a36825e5]SecurityCheck.exe[/b:17a36825e5] en let op de instrukties in het zwarte venster. [*:17a36825e5] Een Kladblok document genaamd [b:17a36825e5]checkup.txt[/b:17a36825e5] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:17a36825e5] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:17a36825e5] Post de inhoud van [b:17a36825e5]checkup.txt [/b:17a36825e5]in je volgende post.
Link naar reactie
  • 0
anoniem Nieuwkomer

anoniem

Geplaatst:
  • Auteur
Geplaatst:
1. Combofix verwijderd 9er kwam alleen een klein schermpje met die mededeling) 2. TDSSkiller handmatig verwijderd 3. TFC gedaan 4. De security test gedaan: Results of screen317's Security Check version 0.99.30 Windows XP Service Pack 3 x86 Internet Explorer 8 [b:67e8b2b952]`````````````````````````````` [u:67e8b2b952]Antivirus/Firewall Check:[/u:67e8b2b952][/b:67e8b2b952] Windows Firewall Enabled! ESET Online Scanner v3 ESET Smart Security Antivirus up to date! [b:67e8b2b952]``````````````````````````````` [u:67e8b2b952]Anti-malware/Other Utilities Check:[/u:67e8b2b952][/b:67e8b2b952] CCleaner Java(TM) 7 Update 2 Adobe Flash Player 11.2.202.160 Mozilla Firefox (9.0.1) [b:67e8b2b952]```````````````````````````````` Process Check: [u:67e8b2b952]objlist.exe by Laurent[/u:67e8b2b952][/b:67e8b2b952] [b:67e8b2b952]``````````End of Log````````````[/b:67e8b2b952] en dan zie ik dat Windows Firewall alwéér enabled is, hoewel ik die zojuist disabled had.
Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Gast
Antwoord op deze vraag...

×   Geplakt als verrijkte tekst.   Herstel opmaak

  Er zijn maximaal 75 emoji toegestaan.

×   Je link werd automatisch ingevoegd.   Tonen als normale link

×   Je vorige inhoud werd hersteld.   Leeg de tekstverwerker

×   Je kunt afbeeldingen niet direct plakken. Upload of voeg afbeeldingen vanaf een URL in

×
Ga naar vragenoverzicht

  • Populaire leden

    Er is nog niemand die deze week reputatie heeft ontvangen.

  • Leden

    Geen leden om te tonen

×
×
  • Nieuwe aanmaken...