Ga naar inhoud

Ukash virus

iamannemie
 Delen

Aanbevolen berichten

iamannemie Leerling

iamannemie

Geplaatst:
Geplaatst:

Hallo

Ik heb ook het "politievirus" opgelopen. Ik heb hier al wat rondgekeken op de site, en op basis daarvan een Avari antivirus CD gebrand op een niet-geïnfecteerde computer, en dan een volledige scan op mijn laptop uitgevoerd. Dat heeft niks geholpen, want als ik nu opstart, kom ik nog steeds op hetzelfde politiescherm terecht, zels in safe mode with networking. Ik heb dus een logbestandje, maar ik kan er niet aan.

Ik heb Windows 7 Professional (Engelse versie).

Help!

Annemie

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download "HitmanPro" via de onderstaande link bijvoorbeeld naar het bureaublad op een niet geïnfecteerde computer

Klik hier om de uitgebreide handleiding te raadplegen

Klik hier om de handleiding voor het uitvoeren van HitmanPro.Kickstart via een Boot-CD

  • HitmanPro downloaden.(Kies hier de 32 of 64 bit versie).
  • HitmanPro (32bit)
  • HitmanPro (64bit)
  • Dubbelklik op HitmanPro36.exe of HitmanPro36_64.exe om het programma op te starten.
  • Klik in het beginscherm op de "Kickstartknop" zoals u kunt zien in het onderstaande rode kader.
    hmpks-a.jpg
  • Indien er reeds een USB-stick is aangesloten zal HitmanPro Kickstart deze automatisch herkennen en weergeven.
  • Klik deze USB-stick éénmaal aan waarna u de keuze krijgt om Kickstart te installeren op de USB-stick.
  • Voordat HitmanPro.Kickstart wordt geïnstalleerd wordt de USB-stick opnieuw geformatteerd.
  • Waarschuwing! Bij het opnieuw formatteren gaan alle gegevens verloren die op de USB-stick zijn opgeslagen.
  • Nadat de HitmanPro Kickstart USB-stick is aangemaakt zal deze automatisch “veilig verwijderd” worden van het betreffende systeem waarop deze is aangemaakt.
  • Start de geïnfecteerde computer op van de HitmanPro.Kickstart USB-stick. (Hoe u de computer van een USB-stick kunt opstarten lees u hier)
  • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
  • Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
  • Als de scan klaar is klik je op "volgende"
  • Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
  • Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
  • Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
    Post dit logje.
  • Klik nu op de knop "Herstarten".

Link naar reactie
Delen op andere sites
iamannemie Leerling

iamannemie

Geplaatst:
  • Auteur
Geplaatst:

dat had ik dan moeten weten voor ik het virus opliep natuurlijk :-( waar kan ik dat vinden? dan vergeet ik het nooit meer!

ik heb de 32bit dan maar gedownload - scannen is gelukt - opnieuw opgestart maar had de stick laten zitten - ik laat voor alle veiligheid alles nog maar eens lopen dan

Link naar reactie
Delen op andere sites
iamannemie Leerling

iamannemie

Geplaatst:
  • Auteur
Geplaatst:

ok - vanaf mijn eigenste laptop nu! alvast bedankt dat ik hem dankzij jullie tips weer terug kan gebruiken.

na het heropstarten met de stick, en het opnieuw scannen, sloot de computer af met een foutmelding (blauw scherm). ik heb hem dan opnieuw met stick opgestart, nog eens alles laten lopen - zelfde scenario. nu heb ik hem herstart zonder stick.

hieronder de 3 logbestanden:

log1

HitmanPro 3.7.1.186
[url="http://www.hitmanpro.com"]www.hitmanpro.com[/url]
  Computer name . . . . : AAT18695-PC
  Windows . . . . . . . : 6.1.1.7601.X86/2
  User name . . . . . . : AAT18695-PC\AAT18695
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (30 days left)
  Scan date . . . . . . : 2013-02-03 09:29:19
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 6m 50s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : Yes
  Threats . . . . . . . : 3
  Traces  . . . . . . . : 152
  Objects scanned . . . : 1.417.300
  Files scanned . . . . : 66.794
  Remnants scanned  . . : 507.955 files / 842.551 keys
Malware _____________________________________________________________________
  C:\ProgramData\InstallMate\{248B8944-31F7-4287-A06C-79D5FF68ABB2}\_Setupx.dll -> Quarantined
     Size . . . . . . . : 59.392 bytes
     Age  . . . . . . . : 0.5 days (2013-02-02 20:34:19)
     Entropy  . . . . . : 6.5
     SHA-256  . . . . . : E705B8B7CF78918BAAABAAF7EEA28A31D4B8C7FEDC8A4A3E1026A75F089EEFFA
   > Ikarus . . . . . . : Backdoor.Win32.Clack!IK
     Fuzzy  . . . . . . : 100.0

Malware remnants ____________________________________________________________
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Ransomware) -> PendingDelete
  C:\Users\AAT18695\wgsdgsdgdsgsd.exe (Ransomware) -> PendingDelete
     Size . . . . . . . : 229.376 bytes
     Age  . . . . . . . : 0.5 days (2013-02-02 20:50:03)
     Entropy  . . . . . : 6.1
     SHA-256  . . . . . : 2BDE3538FDD1692A334440692ADF8E0972DC1013044D5D7768BA65912475A403
     Product  . . . . . : Windows Installer - Unicode
     Publisher  . . . . : Microsoft Corporation
     Description  . . . : Windows® installer
     Version  . . . . . : 3.1.4000.3959
     Copyright  . . . . : © Microsoft Corporation. All rights reserved.
     Service  . . . . . : Winmgmt
     Fuzzy  . . . . . . : 11.0
     Startup
        C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
        HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\

Potential Unwanted Programs _________________________________________________
  C:\Users\AAT18695\AppData\LocalLow\AskToolbar\ (AskBar)
  C:\Users\AAT18695\AppData\LocalLow\AskToolbar\osearch.xml (AskBar)
  C:\Users\AAT18695\AppData\LocalLow\searchquband\ (SearchQU)
  HKLM\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ (SearchQU)
  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Datamngr\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}\ (SearchQU)
Cookies _____________________________________________________________________
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.jmg.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.piximedia.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.velmedia.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.allmyvideos.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cinamuse.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cineble.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cinemaden.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.filmbull.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.filmlush.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.flixaddict.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.infoplaza.nl
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.intergi.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.itshd.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.moviease.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.moviecrystal.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.movielush.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pixfuture.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pushplay.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.reelhd.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.reelvidz.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.showmeflix.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.us.e-planning.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.windyvidz.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserve2.adflan.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.zenoviaexchange.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:amazonmerchants.122.2o7.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:anetbe.tradedoubler.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:be.sitestat.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluestreak.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:cdate.122.2o7.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmedbelgique.solution.weborama.fr
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:divx.112.2o7.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:eaeacom.112.2o7.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:fairetail.directtrack.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ffddela.solution.weborama.fr
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:fl01.ct2.comclick.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ikea.122.2o7.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftwlsearchcrm.112.2o7.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnportal.112.2o7.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:static.getclicky.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.canalblog.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:timeinc.122.2o7.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.effiliation.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.solocpm.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:unigro.112.2o7.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:[url]www.googleadservices.com[/url]
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:zeddigitalbe.solution.weborama.fr
  C:\Users\AAT18695\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\33KYQDTC.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\54H5LZUR.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\5AGQAFA5.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\98KOO0O0.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@adbrite[2].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@ads.sun[1].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@be.sitestat[1].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@be.sitestat[2].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@be.sitestat[3].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@be.sitestat[4].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@casalemedia[1].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@collective-media[1].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@dmtracker[1].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@doubleclick[2].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@entrepreneursexperience[1].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@in.getclicky[1].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@media6degrees[2].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@mediaplex[2].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@nl.sitestat[1].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@perf.overture[1].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@pointroll[2].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@revsci[2].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@stat.onestat[1].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@statse.webtrendslive[1].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\aat18695@tribalfusion[1].txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\AF0NBDF1.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\D7LFKZ8B.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\E6J99U8F.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\FO2534US.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\KLK2DXSN.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\KZFZV6WR.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\Q6Y2VH99.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\S00CFNCA.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\TZBJYDGY.txt
  C:\Users\AAT18695\AppData\Roaming\Microsoft\Windows\Cookies\XW4TLE84.txt

log2

HitmanPro 3.7.1.186
[url="http://www.hitmanpro.com"]www.hitmanpro.com[/url]
  Computer name . . . . : AAT18695-PC
  Windows . . . . . . . : 6.1.1.7601.X86/2
  User name . . . . . . : AAT18695-PC\AAT18695
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (30 days left)
  Scan date . . . . . . : 2013-02-03 09:41:54
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 10m 57s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No
  Threats . . . . . . . : 0
  Traces  . . . . . . . : 10
  Objects scanned . . . : 1.417.343
  Files scanned . . . . : 66.739
  Remnants scanned  . . : 507.903 files / 842.701 keys
Potential Unwanted Programs _________________________________________________
  C:\Users\AAT18695\AppData\LocalLow\AskToolbar\ (AskBar)
  C:\Users\AAT18695\AppData\LocalLow\AskToolbar\osearch.xml (AskBar)
  C:\Users\AAT18695\AppData\LocalLow\searchquband\ (SearchQU)
  HKLM\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ (SearchQU)
  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Datamngr\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}\ (SearchQU)

log3

HitmanPro 3.7.1.186
[url="http://www.hitmanpro.com"]www.hitmanpro.com[/url]
  Computer name . . . . : AAT18695-PC
  Windows . . . . . . . : 6.1.1.7601.X86/2
  User name . . . . . . : AAT18695-PC\AAT18695
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (30 days left)
  Scan date . . . . . . : 2013-02-03 09:56:47
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 9m 17s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No
  Threats . . . . . . . : 0
  Traces  . . . . . . . : 10
  Objects scanned . . . : 1.417.395
  Files scanned . . . . : 66.810
  Remnants scanned  . . : 507.900 files / 842.685 keys
Potential Unwanted Programs _________________________________________________
  C:\Users\AAT18695\AppData\LocalLow\AskToolbar\ (AskBar)
  C:\Users\AAT18695\AppData\LocalLow\AskToolbar\osearch.xml (AskBar)
  C:\Users\AAT18695\AppData\LocalLow\searchquband\ (SearchQU)
  HKLM\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ (SearchQU)
  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Datamngr\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}\ (SearchQU)
  HKU\S-1-5-21-3185118736-544573984-607138941-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}\ (SearchQU)

Ik hoor graag wat er nu nog moet gebeuren.

Alvast bedankt!

Annemie

Link naar reactie
Delen op andere sites
iamannemie Leerling

iamannemie

Geplaatst:
  • Auteur
Geplaatst:

HijackThis logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:33:10, on 3/02/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskhost.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\AAT18695\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\AAT18695\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Texter\texter.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_BE&c=92&bd=all&pf=cmnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_BE&c=92&bd=all&pf=cmnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_BE&c=92&bd=all&pf=cmnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [acevents] "c:\Program Files\ActivIdentity\ActivClient\acevents.exe"

O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\AAT18695\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\AAT18695\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')

O4 - HKUS\S-1-5-21-3185118736-544573984-607138941-1002\..\Run: [Google Update] "C:\Users\AAT18695\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')

O4 - S-1-5-21-3185118736-544573984-607138941-1002 Startup: Dropbox.lnk = C:\Users\AAT18695\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')

O4 - S-1-5-21-3185118736-544573984-607138941-1002 Startup: Texter.lnk = C:\Program Files\Texter\texter.exe (User '?')

O4 - Startup: Dropbox.lnk = C:\Users\AAT18695\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Texter.lnk = C:\Program Files\Texter\texter.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.dexia.be

O15 - Trusted Zone: http://*.mcafee.com (HKLM)

O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)

O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)

O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1459259-CEDE-4A1D-BD68-193CB4DE938E}: NameServer = 0.0.0.0

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O20 - AppInit_DLLs:

O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - c:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\windows\system32\Hpservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 13066 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

32-bits was de goede keuze :-)

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O20 - AppInit_DLLs:

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.