Vraag & Antwoord

Beveiliging & privacy

autorun en system op al mn schijven?

16 antwoorden
  • Goedendag, Ik heb iets vreemds op mn harde schijven en usb sticks staan. ik had laatst me usb stick in mn computer gedaan en ik dubbelklikte er op in deze computer, er gebeurde echter niets. Ik kom er wel gewoon op als ik de stationsletter ervan intyp (F:) En daar zag ik dat er 2 "onzichtbare" bestandjes op staan die ik er zelf nooit had op gezet. AutoRun.inf en SYSTEM.exe Als ik ze er van verwijder staan ze er de volgende keer gewoon weer op. Het staat op mn vaste hardeschijven, mn usb sticks en mn externe harde schijven. Kan iemand me hier van af helpen? Grtzz,
  • Volgens [url=http://www.google.nl/search?q="autorun.inf"+"system.exe"]google[/url] is het een virus. Scan eens met je virusscanner en/of plaats een hijackthis log.
  • Stop je usb stick niet meer in ander mans ze computer. Stop hem nu in je eigen computer en plaats dan een hijackthis log.
  • ik heb geen virus scanner op mn pc ben ik bang hier is een hijack this logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:19:17, on 14-1-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\NDAS\System\ndasmgmt.exe C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NDAS\System\ndassvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\calc.exe C:\program files\internet explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: StarOffice 8 .lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe O4 - Global Startup: SuperHybridEngine.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe O23 - Service: Windows_system - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\SYSTEM.exe -- End of file - 7658 bytes
  • Start hijackthis en kies voor 'do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:b1a25cf334]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:b1a25cf334] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Ga nu naar Start -> Uitvoeren Typ hier dit commando in: [b:b1a25cf334]sc stop Windows_system[/b:b1a25cf334] en druk op OK. Herhaal dit met dit commando:[b:b1a25cf334]sc delete Windows_system[/b:b1a25cf334]. Je Java software is verouderd. Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren: * Download [url=http://javadl.sun.com/webapps/download/AutoDL?BundleId=26223]Java Runtime Environment (JRE) 6u11[/url][url=http://www.filehippo.com/download_java_runtime/download/7f2b66c803203ef4e2d595783132c339/](mirror)[/url] en bewaar het naar je Bureaublad. * Sluit alle programma's die eventueel open zijn - Zeker je web browser! * Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. * Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. * Klik dan op Verwijderen of op de Wijzig/Verwijder knop. * Herhaal dit tot alle oudere versies verdwenen zijn. * Na het verwijderen van alle oudere versies, herstart je pc. * Dubbelklik vervolgens op jre-6u11-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren. Download [url=http://www.besttechie.net/tools/mbam-setup.exe][b:b1a25cf334][color=red:b1a25cf334]MalwareBytes' Anti-Malware[/color:b1a25cf334][/b:b1a25cf334][/url] en sla het op je bureaublad op. Dubbelklik op [b:b1a25cf334]mbam-setup.exe[/b:b1a25cf334] om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij:[list:b1a25cf334] [*:b1a25cf334]Update MalwareBytes' Anti-Malware [*:b1a25cf334]Start MalwareBytes' Anti-Malware [/list:u:b1a25cf334]Klik daarna op "[b:b1a25cf334]Voltooien[/b:b1a25cf334]". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:b1a25cf334] [*:b1a25cf334]Zodra het programma gestart is, ga dan naar het tabblad "[b:b1a25cf334]Instellingen[/b:b1a25cf334]". [*:b1a25cf334]Vink hier aan: "[b:b1a25cf334]Sluit Internet Explorer tijdens verwijdering van malware[/b:b1a25cf334]". [*:b1a25cf334]Ga daarna naar het tabblad "[b:b1a25cf334]Scanner[/b:b1a25cf334]", kies hier voor "[b:b1a25cf334]Snelle Scan[/b:b1a25cf334]". [*:b1a25cf334]Druk vervolgens op "[b:b1a25cf334]Scannen[/b:b1a25cf334]" om de scan te starten. [*:b1a25cf334]Het scannen kan een tijdje duren, dus wees geduldig. [*:b1a25cf334]Wanneer de scan voltooid is, klik op [b:b1a25cf334]OK[/b:b1a25cf334], daarna "[b:b1a25cf334]Bekijk Resultaten[/b:b1a25cf334]" om de resultaten te zien. [*:b1a25cf334]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:b1a25cf334]Verwijder geselecteerde[/b:b1a25cf334]". [*:b1a25cf334]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [/list:u:b1a25cf334]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:b1a25cf334]Logs[/b:b1a25cf334]" tab te klikken in het programma. Plaats dit logje samen met een nieuw logje van HijackThis [/b]
  • heb voor de gein maar een volledige scan gedaan hier het log filetje: Malwarebytes' Anti-Malware 1.32 Database versie: 1653 Windows 5.1.2600 Service Pack 3 14-1-2009 20:55:01 mbam-log-2009-01-14 (20-55-01).txt Scan type: Volledige Scan (C:\|D:\|F:\|) Objecten gescand: 97188 Verstreken tijd: 22 minute(s), 25 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) en die van hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:57:13, on 14-1-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\NDAS\System\ndasmgmt.exe C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NDAS\System\ndassvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\calc.exe C:\program files\internet explorer\IEXPLORE.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: StarOffice 8 .lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe O4 - Global Startup: SuperHybridEngine.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe O23 - Service: Windows_system - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\SYSTEM.exe -- End of file - 7844 bytes ik had me usbstick er in zitten tijdens het scannen, de 2 bestandjes staan er nog wel op, kan ik die er nu van af halen? en ik heb nog 3 andere xp installaties waar het op staat, hoe kan ik die weer cleanen? of moet ik per installatie ff een logfile maken?
  • ik heb trouwens geprobeerd om er een oude usb stick in te doen die ik al in geen maanden meer gebruikt heb en waar die bestandjes dus zeker niet op kunnen staan, alleen zet de computer de bestandjes daar ook op dus er zit toch nogsteeds iets niet helemaal lekker
  • Dat klopt sound, die oude usb stick cleanen we later wel. Volg gewoon nauwkeurig mijn instructies, zo worden en de usb-sticks en deze xp installatie geschoond. Daarna gaan we de andere installaties af, ik verzeker je dat ik bekend ben met jouw probleem en dat ik weet hoe ik het kan oplossen :wink: Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe. Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen. Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt). Post de inhoud van dit bestandje.
  • hierbij het logje: ComboFix 09-01-13.04 - Marc 2009-01-15 19:48:53.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.684 [GMT 1:00] Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINDOWS_SYSTEM -------\Service_Windows_system (((((((((((((((((((( Bestanden Gemaakt van 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))) . 2009-01-14 20:24 . 2009-01-14 20:24 <DIR> d-------- c:\documents and settings\Marc\Application Data\Malwarebytes 2008-12-26 10:58 . 2009-01-04 16:45 <DIR> d-------- c:\documents and settings\Marc\Application Data\dvdcss . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-08 08:59 --------- d-----w c:\program files\Eee Storage 2009-07-08 08:56 --------- d-----w c:\program files\InterVideo 2009-07-08 08:42 --------- d-----w c:\program files\Common Files\InterVideo 2009-07-08 08:37 --------- d-----w c:\program files\Skype 2009-07-08 08:37 --------- d-----w c:\program files\Common Files\Skype 2009-07-08 08:37 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-07-08 08:32 --------- d-----w c:\program files\Sun 2009-07-08 08:30 --------- d-----w c:\program files\Asus 2009-07-08 08:27 --------- d-----w c:\program files\WIDCOMM 2009-07-08 08:26 --------- d-----w c:\program files\RALINK 2009-07-08 08:26 --------- d-----w c:\program files\EeePC 2009-07-08 08:25 --------- d-----w c:\program files\Elantech 2009-07-08 08:25 --------- d-----w c:\documents and settings\Marc\Application Data\InstallShield 2009-07-08 08:24 --------- d-----w c:\program files\Intel 2009-07-08 08:23 --------- d-----w c:\program files\Realtek 2009-07-08 08:22 315,392 ----a-w c:\windows\HideWin.exe 2009-07-08 08:08 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2009-07-08 08:06 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2009-07-08 08:03 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-07-08 07:46 --------- d-----w c:\program files\microsoft frontpage 2009-01-15 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-01-15 18:14 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-15 18:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-14 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-01-14 21:00 --------- d-----w c:\program files\Lavasoft 2009-01-14 20:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-14 19:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-14 19:24 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-14 19:19 --------- d-----w c:\program files\Java 2009-01-14 17:19 --------- d-----w c:\program files\Trend Micro 2009-01-14 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-07 16:39 --------- d-----w c:\program files\IrfanView 2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-03 17:26 --------- d-----w c:\program files\DAEMON Tools Lite 2008-12-25 13:14 --------- d-----w c:\program files\Google 2008-12-15 21:41 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-15 21:41 --------- d-----w c:\program files\Compulite 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-09 15:11 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2008-09-03 18:21 46 ----a-w c:\documents and settings\Marc\Application Data\wklnhst.dat 2008-09-01 15:51 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2008-05-07 14:34 15,523,560 ----a-w c:\program files\U1 Setup.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-06-25 335872] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584] NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2005-03-31 180224] SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-07-08 303104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi4"= xgusb.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\GcConsole.exe"= "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RT\\RTOffline.exe"= "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RT\\RTInt.exe"= "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\VectorPanel.exe"= "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RemotePanel.exe"= R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-03-31 109184] R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2008-09-02 120704] R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2009-07-08 11264] R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-05-21 25088] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-05-17 36864] R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2005-03-31 39168] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-07-08 625024] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-18 33752] S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2005-03-31 91392] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{010af56c-7565-11dd-ac18-0015afeeb0f1}] \Shell\Auto\command - F:\SYSTEM.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d5a4902-b7ec-11dd-ac82-0015afeeb0f1}] \Shell\Auto\command - F:\ \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa6936e9-7929-11dd-ac26-0015aff617aa}] \Shell\Auto\command - H:\SYSTEM.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e40a4e32-d9aa-11dd-acbb-00221591f751}] \Shell\Auto\command - F:\SYSTEM.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec5e01ce-e270-11dd-acd9-0015afeeb0f1}] \Shell\Auto\command - G:\SYSTEM.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe . Inhoud van de 'Gedeelde Taken' map 2009-01-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 14:12] . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe . ------- Bijkomende Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\jnlb9vbz.default\ FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-15 19:53:02 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\NDAS\System\ndassvc.exe . ************************************************************************** . Voltooingstijd: 2009-01-15 19:55:19 - machine werd herstart ComboFix-quarantined-files.txt 2009-01-15 18:55:16 Pre-Run: 33.099.788.288 bytes beschikbaar Post-Run: 33,341,067,264 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 194 --- E O F --- 2009-01-14 17:16:43
  • ik heb me laptop gisteren moeten gebruiken met een externe schijf er aan en ditkeer zette hij die bestandjes er niet meer op dus iig tot zo ver super bedankt :)
  • Dat zou goed kunnen, maar de kans is nog groter dat het terugkomt als je er niet snel iets aan doet. Doet dit: Open een kladblokbestand. Kopieer de onderstaande code, en plak deze in het kladblokbestand. [color=blue:fe7f56a112][b:fe7f56a112]Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{010af56c-7565-11dd-ac18-0015afeeb0f1}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d5a4902-b7ec-11dd-ac82-0015afeeb0f1}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa6936e9-7929-11dd-ac26-0015aff617aa}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e40a4e32-d9aa-11dd-acbb-00221591f751}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec5e01ce-e270-11dd-acd9-0015afeeb0f1}][/b:fe7f56a112][/color:fe7f56a112] Sla het kladblokbestand op als CFScript.txt Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder: [img:fe7f56a112]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:fe7f56a112] ComboFix zal opnieuw starten. Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.
  • ik heb gedaan wat je zei alleen toen hij opende stond er dat er een nieuwere versie beschikbaar was en die heb ik gedownload, maar heeft ie nu dat txt bestandje wel goed gedaan? hier iig het logje: ComboFix 09-01-19.03 - Marc 2009-01-19 22:31:55.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1015.660 [GMT 1:00] Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))) . 2009-01-14 20:24 . 2009-01-14 20:24 <DIR> d-------- c:\documents and settings\Marc\Application Data\Malwarebytes 2008-12-26 10:58 . 2009-01-04 16:45 <DIR> d-------- c:\documents and settings\Marc\Application Data\dvdcss . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-08 08:59 --------- d-----w c:\program files\Eee Storage 2009-07-08 08:56 --------- d-----w c:\program files\InterVideo 2009-07-08 08:42 --------- d-----w c:\program files\Common Files\InterVideo 2009-07-08 08:37 --------- d-----w c:\program files\Skype 2009-07-08 08:37 --------- d-----w c:\program files\Common Files\Skype 2009-07-08 08:37 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-07-08 08:32 --------- d-----w c:\program files\Sun 2009-07-08 08:30 --------- d-----w c:\program files\Asus 2009-07-08 08:27 --------- d-----w c:\program files\WIDCOMM 2009-07-08 08:26 --------- d-----w c:\program files\RALINK 2009-07-08 08:26 --------- d-----w c:\program files\EeePC 2009-07-08 08:25 --------- d-----w c:\program files\Elantech 2009-07-08 08:25 --------- d-----w c:\documents and settings\Marc\Application Data\InstallShield 2009-07-08 08:24 --------- d-----w c:\program files\Intel 2009-07-08 08:23 --------- d-----w c:\program files\Realtek 2009-07-08 08:22 315,392 ----a-w c:\windows\HideWin.exe 2009-07-08 08:08 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2009-07-08 08:06 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2009-07-08 08:03 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-07-08 07:46 --------- d-----w c:\program files\microsoft frontpage 2009-01-19 21:04 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-01-16 06:18 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-16 06:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-14 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-01-14 21:00 --------- d-----w c:\program files\Lavasoft 2009-01-14 20:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-14 19:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-14 19:24 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-14 19:19 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-01-14 19:19 --------- d-----w c:\program files\Java 2009-01-14 17:19 --------- d-----w c:\program files\Trend Micro 2009-01-14 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-07 16:39 --------- d-----w c:\program files\IrfanView 2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-03 17:26 --------- d-----w c:\program files\DAEMON Tools Lite 2008-12-25 13:14 --------- d-----w c:\program files\Google 2008-12-15 21:41 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-15 21:41 --------- d-----w c:\program files\Compulite 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-09 15:11 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-09-03 18:21 46 ----a-w c:\documents and settings\Marc\Application Data\wklnhst.dat 2008-09-01 15:51 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2008-05-07 14:34 15,523,560 ----a-w c:\program files\U1 Setup.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-15_19.54.16.39 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-15 18:46:31 53,098 ----a-w c:\windows\system32\perfc009.dat + 2009-01-19 21:07:57 53,098 ----a-w c:\windows\system32\perfc009.dat - 2009-01-15 18:46:31 69,812 ----a-w c:\windows\system32\perfc013.dat + 2009-01-19 21:07:57 69,812 ----a-w c:\windows\system32\perfc013.dat - 2009-01-15 18:46:31 380,684 ----a-w c:\windows\system32\perfh009.dat + 2009-01-19 21:07:57 380,684 ----a-w c:\windows\system32\perfh009.dat - 2009-01-15 18:46:31 442,556 ----a-w c:\windows\system32\perfh013.dat + 2009-01-19 21:07:57 442,556 ----a-w c:\windows\system32\perfh013.dat + 2009-01-19 21:03:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_20c.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-06-25 335872] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584] NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2005-03-31 180224] SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-07-08 303104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi4"= xgusb.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\GcConsole.exe"= "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RT\\RTOffline.exe"= "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RT\\RTInt.exe"= "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\VectorPanel.exe"= "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RemotePanel.exe"= R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-03-31 109184] R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2008-09-02 120704] R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2009-07-08 11264] R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-05-21 25088] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-05-17 36864] R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2005-03-31 39168] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-18 33752] S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2005-03-31 91392] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-07-08 625024] . Inhoud van de 'Gedeelde Taken' map 2009-01-19 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 14:12] . . ------- Bijkomende Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\jnlb9vbz.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-19 22:33:48 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2009-01-19 22:35:20 ComboFix-quarantined-files.txt 2009-01-19 21:35:17 ComboFix2.txt 2009-01-15 18:55:21 Pre-Run: 33.302.077.440 bytes beschikbaar Post-Run: 33,319,723,008 bytes beschikbaar 163 --- E O F --- 2009-01-14 17:16:43
  • Hoe staat het met de problemen?
  • ik was net bezig met bluetooth en wou de instellingen daarvan openen, alleen dat gebeurde niet, toen wou ik de pc op stand-by zetten en ook dat gebeurde niet. ook normaal afsluiten wou ie niet dus heb ik hem uitgezet door lang op de on-off knop te drukken, en nu hij opnieuw is opgestart kan ik wel gewoon bij de instellingen van bluetooth. of heeft dat ergens anders mee te maken?
  • Het lijkt mij niet echt malware gerelateerd... Het lijkt me het beste om een dagje(of 2) te wachten om te kijken of je weer symptomen van malware tegenkomt. Als dit het geval is moet je dat hier zeggen.
  • okej is goed, iig super bedankt zal ik voor me andere computer een nieuw nderwerp starten of gaan we die hier achteraan plakken? ik kan echter vrijdag pas met die pc aan de gang omdat ik de komende dagen niet thuis ben.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.