naar klikken van link - geredirect naar GOMEO

**Arjan10** · 02-02-11, 00:13

ik word als ik op google op een link klik door gelinkt naar gomeo..
wat kan/moet ik doen om er vanaf te komen.

alvast bedankt, Arjan

**roelof1967** · 02-02-11, 08:52

Hoi,

Wil je eens deze stappen nemen.

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Roelof

**Arjan10** · 02-02-11, 14:32

ComboFix 11-01-31.02 - Arjan 02-02-2011 12:47:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2814.1635 [GMT 1:00]
Gestart vanuit: c:\users\Arjan\Desktop\ComboFix.exe
AV: McAfee Antivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Antivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Arjan\.COMMgr
c:\users\Arjan\AppData\Local\Adobe updater
c:\users\Arjan\AppData\Roaming\.#
c:\users\Arjan\AppData\Roaming\.#\MBX@1468@1E12990.###
c:\users\Arjan\AppData\Roaming\.#\MBX@1468@1E129C0.###
c:\users\Arjan\AppData\Roaming\.#\MBX@1468@1E129F0.###
c:\windows\system32\nt.dll

Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

Besmet exemplaar van c:\windows\System32\wininit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2011-01-02 to 2011-02-02 ))))))))))))))))))))))))))))))
.

2011-02-02 12:06 . 2011-02-02 12:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-31 13:51 . 2011-02-01 18:27 -------- d-----w- c:\users\Arjan\AppData\Local\PokerStars
2011-01-31 13:50 . 2011-01-31 13:51 -------- d-----w- c:\program files\PokerStars
2011-01-31 12:13 . 2011-01-31 12:13 -------- d-----w- c:\users\Arjan\AppData\Local\Mozilla
2011-01-31 12:09 . 2011-01-31 12:09 -------- d-----w- c:\program files\SpywareGuard
2011-01-31 12:02 . 2011-01-31 12:04 -------- d-----w- c:\program files\SpywareBlaster
2011-01-30 22:47 . 2009-07-14 17:45 132224 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2011-01-30 22:47 . 2009-07-14 17:48 64512 ----a-w- c:\windows\system32\WUDFSvc.dll
2011-01-30 22:47 . 2009-07-14 17:48 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2011-01-30 22:47 . 2009-07-14 17:48 162304 ----a-w- c:\windows\system32\WUDFPlatform.dll
2011-01-30 22:47 . 2009-07-14 17:45 92672 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2011-01-30 22:47 . 2009-07-14 17:45 195584 ----a-w- c:\windows\system32\WUDFHost.exe
2011-01-30 22:47 . 2009-07-14 17:48 567808 ----a-w- c:\windows\system32\WUDFx.dll
2011-01-14 11:41 . 2008-02-25 15:29 6080 ----a-w- c:\windows\system32\drivers\zntport.sys
2011-01-14 11:41 . 2008-02-25 15:29 14544 ----a-w- c:\windows\system32\drivers\TVicPort.sys
2011-01-14 11:41 . 2008-02-25 15:28 238080 ----a-w- c:\windows\system32\ITEIO_64.dll
2011-01-12 20:20 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 20:20 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 20:20 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 20:20 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 20:20 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 20:20 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 20:19 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-12 18:29 . 2011-01-12 18:31 -------- d-----w- c:\users\Arjan\AppData\Roaming\PC Suite
2011-01-12 18:29 . 2011-01-30 22:46 -------- d-----w- c:\programdata\PC Suite
2011-01-12 18:27 . 2011-01-12 18:27 -------- d-----w- c:\program files\Common Files\PCSuite
2011-01-12 18:26 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-01-12 18:25 . 2011-01-12 18:25 -------- d-----w- c:\program files\PC Connectivity Solution
2011-01-12 18:20 . 2010-02-26 13:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-01-12 15:25 . 2011-01-12 15:25 -------- d-----w- c:\programdata\Nokia
2011-01-12 15:06 . 2011-01-12 15:19 -------- d-----w- c:\users\Arjan\AppData\Local\Nokia
2011-01-12 14:33 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-01-12 14:33 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-01-12 14:23 . 2011-01-12 14:23 -------- d-----w- c:\users\Arjan\{04fb4650-ccef-4f02-866d-fdeae1e7e8c1}
2011-01-12 14:21 . 2011-01-12 18:27 -------- d-----w- c:\program files\Common Files\Nokia
2011-01-12 14:16 . 2011-01-12 18:27 -------- d-----w- c:\program files\Nokia
2011-01-12 14:14 . 2011-01-12 16:36 -------- d-----w- c:\programdata\Installations
2011-01-12 14:06 . 2011-01-12 18:29 -------- d-----w- c:\program files\DIFX
2011-01-05 21:03 . 2011-01-05 21:03 -------- d--h--w- c:\programdata\CanonBJ
2011-01-05 21:02 . 2007-03-18 19:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP8S.DLL
2011-01-05 21:02 . 2007-03-18 19:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD8S.DLL
2011-01-05 21:01 . 2008-02-05 19:00 216064 ----a-w- c:\windows\system32\CNMLM8S.DLL

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-06-10 21:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-06-10 21:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-13 11:32 . 2010-12-13 11:32 3140048 ----a-w- c:\users\Arjan\DMSetup.exe
2010-11-10 04:33 . 2010-12-10 10:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF751142-0308-4F8A-AAB3-614A9E454160}\mpengine.dll
2010-11-04 18:56 . 2010-12-17 07:43 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-17 07:43 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-17 07:43 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-17 07:43 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-17 07:43 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-10-13 21:28 . 2011-01-31 16:51 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 13:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-22 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Software Informer"="d:\software informer\softinfo.exe" [2009-11-25 2011205]
"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2009-10-30 369200]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"Google Update"="c:\users\Arjan\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-17 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-12-20 697856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-13 1033512]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-16 821768]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_15_Plus_Download-versie\TrayServer.exe" [2008-09-10 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-17 13552160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\users\Arjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - d:\limewire\LimeWire.exe [2009-12-16 503808]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-11-17 08:47 135168 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-15 19:36 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;D:\PhotoshopElementsFileAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-07 30192]
R3 Ltn_stk7070P;PCTV LITEON based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [2008-02-04 542976]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 84264]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-23 691696]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 164840]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 141792]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-04-07 210432]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 313288]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-12-28 45600]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 23:10]

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 23:10]

2011-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517746929-2529423961-100234602-1000Core.job
- c:\users\Arjan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-07 20:38]

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517746929-2529423961-100234602-1000UA.job
- c:\users\Arjan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-07 20:38]

2011-01-23 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-12-10 17:08]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.voetbalzone.nl/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=1209&m=aspire_7530
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Arjan\AppData\Roaming\Mozilla\Firefox\Profiles\dqgbr0nn.default\
FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
FF - prefs.js: browser.startup.homepage - hxxp://www.voetbalzone.nl/|http://sokker.org/|http://www.goalst....mzhiphop.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6092
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AARC - c:\users\Arjan\Documents\System\winsystem.exe
MSConfigStartUp-Halo2 - c:\windows\system32\sshnas21.dll
AddRemove-GameSpy Arcade - d:\progra~1\GAMESP~1\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-02 14:13
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(5160)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\rundll32.exe
c:\program files\IObit\Game Booster\GameBox.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Voltooingstijd: 2011-02-02 14:18:52 - machine werd herstart
ComboFix-quarantined-files.txt 2011-02-02 13:18

Pre-Run: 41.621.733.376 bytes beschikbaar
Post-Run: 41.346.953.216 bytes beschikbaar

- - End Of File - - 417E510CB0C95AF63B87558497B1731F

**roelof1967** · 02-02-11, 14:56

Hoi,

Heel wat opgelost.
Hoe is het nu met je problemen ?

Roelof

**Arjan10** · 02-02-11, 15:07

Ja volgens mij geen problemen meer.!

Heb ik nog 1 vraag hoe is dat eigenlijk op me pc gekomen, en hoe kan ik voorkomen dat het weer gebeurd.

Alvast Bedankt voor alles!

**roelof1967** · 02-02-11, 15:54

Hoi,

Mooi dat het beestje weg is.
Hoe het op je computer gekomen is, kan ik niet zeggen.
Wat ik je wel kan vertellen is dat een bijgewerkte virusscanner, anti malware scanner en gezond verstand heel veel kunnen doen.

Gaan we even de tools opruimen.

Download OTC.exe (by OldTimer)

Plaats het bestand op je bureaublad.
Zorg dat er een internetverbinding is.
Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.

Roelof

Onderwerp: naar klikken van link - geredirect naar GOMEO

LinkBack

Onderwerp Gereedschap

Zoek

Toon

naar klikken van link - geredirect naar GOMEO

Forum Rechten