Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

pc spywarevrij maken aub

None
11 antwoorden
  • Hallo

    Hieronder een hijackthis logje van een besmette computer. Ik heb zelf spybot s&d en malwarebytes antimalware gedraaid, en ook ATF cleaner. Logje is daarna gemaakt.

    Alvast bedankt voor de hulp!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:30:05, on 29/01/2009
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Norman\Nvc\bin
    vcoas.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\WINDOWS\System32\igfxsrvc.exe
    C:\PROGRA~1\Utils\OneTouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Norman\Nvc\bin\cclaw.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
    C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
    C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Administrator\Bureaublad\HiJackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0413/bl8.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0413/bl7.asp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0413/bl7.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Xerox\EReg\EReg.exe" /Startup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224160698828
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224160772109
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8E620B5B-F66E-419E-9380-1BA45E194EF4}: NameServer = 194.7.1.4
    O20 - AppInit_DLLs: acaptuser32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin
    vcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


    End of file - 9405 bytes


  • Zou je de nieuwste updates van windowsupdate.com willen ophalen?
    Je hebt internet explorer 6 en service pack 1, dat is niet echt veilig.



    Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:0f4bf6ee71]O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Xerox\EReg\EReg.exe"/Startup [/b:0f4bf6ee71]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:0f4bf6ee71]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Xerox\EReg\EReg.exe) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    ECHO.
    ECHO Deleting folders>>log.txt
    FOR %%I in (
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Xerox";) DO (
    IF EXIST %%I (
    RD /S /Q %%I
    IF EXIST %%I (
    ECHO %%I not deleted>>log.txt
    ) ELSE (
    ECHO %%I deleted>>log.txt)
    ) ELSE (
    ECHO %%I not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:0f4bf6ee71]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.



    Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    [b:0f4bf6ee71]
  • Ok, alles gedaan zoals gezegd, ziehier de logbestandjes.

    [b:ea80d0bb63]Del.bat log[/b:ea80d0bb63]
    ———————————————————————————
    Deleting files
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Xerox\EReg\EReg.exe not found
    Deleting folders
    "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Xerox" deleted
    ———————————————————————————


    [b:ea80d0bb63]Combofix log[/b:ea80d0bb63]
    ———————————————————————————
    ComboFix 09-02-03.01 - Administrator 2009-02-03 11:53:00.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.187 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
    AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\IE4 Error Log.txt
    c:\windows\system32\comrepl.exe
    c:\windows\system32\winspool.dll
    e:\recycler\.DS_Store

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))))
    .

    2009-02-02 17:19 . 2009-02-02 17:19 <DIR> d——– c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2009-02-02 17:14 . 2009-02-02 17:14 <DIR> d——– c:\program files\MSXML 4.0
    2009-02-02 17:06 . 2008-10-16 21:33 6,066,176 ——— c:\windows\system32\dllcache\ieframe.dll
    2009-02-02 17:06 . 2007-04-17 10:32 2,455,488 ——— c:\windows\system32\dllcache\ieapfltr.dat
    2009-02-02 17:06 . 2007-03-08 06:11 1,032,192 ——— c:\windows\system32\dllcache\ieframe.dll.mui
    2009-02-02 17:06 . 2008-10-16 21:33 459,264 ——— c:\windows\system32\dllcache\msfeeds.dll
    2009-02-02 17:06 . 2008-10-16 21:33 383,488 ——— c:\windows\system32\dllcache\ieapfltr.dll
    2009-02-02 17:06 . 2008-10-16 21:33 267,776 ——— c:\windows\system32\dllcache\iertutil.dll
    2009-02-02 17:06 . 2008-10-16 21:33 63,488 ——— c:\windows\system32\dllcache\icardie.dll
    2009-02-02 17:06 . 2008-10-16 21:33 52,224 ——— c:\windows\system32\dllcache\msfeedsbs.dll
    2009-02-02 17:06 . 2008-10-16 14:11 13,824 ——— c:\windows\system32\dllcache\ieudinit.exe
    2009-02-02 16:06 . 2009-02-02 17:06 <DIR> d——– c:\windows\system32
    l-nl
    2009-02-02 16:06 . 2009-02-02 16:06 <DIR> d——– c:\windows\system32
    l
    2009-02-02 16:06 . 2009-02-02 16:06 <DIR> d——– c:\windows\l2schemas
    2009-02-02 15:46 . 2008-09-10 02:16 1,307,648 –a—— c:\windows\system32\msxml6.dll
    2009-02-02 15:45 . 2008-04-14 18:03 695,808 ——— c:\windows\system32\dllcache\drmv2clt.dll
    2009-02-02 15:20 . 2008-06-14 18:36 272,640 ——— c:\windows\system32\dllcache\bthport.sys
    2009-02-02 15:19 . 2008-08-14 14:27 2,193,536 ——— c:\windows\system32\dllcache
    toskrnl.exe
    2009-02-02 15:19 . 2008-08-14 14:27 2,149,888 ——— c:\windows\system32\dllcache
    tkrnlmp.exe
    2009-02-02 15:19 . 2008-08-14 14:27 2,070,400 ——— c:\windows\system32\dllcache
    tkrnlpa.exe
    2009-02-02 15:19 . 2008-08-14 14:27 2,028,544 ——— c:\windows\system32\dllcache
    tkrpamp.exe
    2009-02-02 15:19 . 2008-09-15 16:28 1,846,528 ——— c:\windows\system32\dllcache\win32k.sys
    2009-02-02 15:18 . 2008-04-11 20:06 691,712 ——— c:\windows\system32\dllcache\inetcomm.dll
    2009-02-02 15:18 . 2008-10-24 12:21 455,296 ——— c:\windows\system32\dllcache\mrxsmb.sys
    2009-02-02 15:18 . 2008-12-11 11:57 333,952 ——— c:\windows\system32\dllcache\srv.sys
    2009-02-02 15:18 . 2008-05-01 15:37 331,776 ——— c:\windows\system32\dllcache\msadce.dll
    2009-02-02 15:18 . 2008-05-08 15:02 203,136 ——— c:\windows\system32\dllcache\rmcast.sys
    2009-02-02 15:17 . 2008-09-04 18:17 1,106,944 ——— c:\windows\system32\dllcache\msxml3.dll
    2009-02-02 15:17 . 2008-10-15 17:37 337,408 ——— c:\windows\system32\dllcache
    etapi32.dll
    2009-02-02 15:05 . 2009-02-02 15:05 <DIR> d——– c:\documents and settings\LocalService\Menu Start
    2009-02-02 15:05 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
    2009-02-02 15:05 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
    2009-02-02 14:28 . 2008-04-14 18:02 221,184 –a—— c:\windows\system32\wmpns.dll
    2009-02-02 14:27 . 2009-02-02 16:40 316,640 –a—— c:\windows\WMSysPr9.prx
    2009-02-02 14:26 . 2009-02-02 14:26 <DIR> d——– c:\windows\provisioning
    2009-02-02 14:26 . 2009-02-02 16:06 <DIR> d——– c:\windows\peernet
    2009-02-02 14:22 . 2009-02-02 16:07 <DIR> d——– c:\windows\ServicePackFiles
    2009-02-02 14:11 . 2009-02-02 16:07 <DIR> d——– c:\windows\EHome
    2009-02-02 13:27 . 2002-04-15 21:11 67,866 ——— c:\windows\system32\drivers
    etwlan5.img
    2009-02-02 13:27 . 2008-04-14 22:33 11,264 ——— c:\windows\system32\spnpinst.exe
    2009-02-02 13:27 . 2004-08-02 14:20 7,208 ——— c:\windows\system32\secupd.sig
    2009-02-02 13:27 . 2004-08-02 14:20 4,569 ——— c:\windows\system32\secupd.dat
    2009-02-02 12:41 . 2007-08-10 20:52 26,488 –a—— c:\windows\system32\spupdsvc.exe
    2009-02-02 12:40 . 2009-02-02 16:06 <DIR> d——– c:\windows\system32\bits
    2009-02-02 12:40 . 2009-02-03 10:15 <DIR> d–h—– c:\windows\$hf_mig$
    2009-02-02 12:39 . 2008-04-14 18:02 354,304 –a—— c:\windows\system32\winhttp.dll
    2009-02-02 12:39 . 2008-04-14 18:02 18,944 –a—— c:\windows\system32\qmgrprxy.dll
    2009-02-02 12:39 . 2008-04-14 18:02 8,192 ——— c:\windows\system32\bitsprx2.dll
    2009-02-02 12:39 . 2008-04-14 18:02 7,168 ——— c:\windows\system32\bitsprx3.dll
    2009-02-02 12:33 . 2008-10-16 14:08 27,672 –a—— c:\windows\system32\wuapi.dll.mui
    2009-01-29 12:21 . 2007-01-13 09:49 188,416 –a—— c:\windows\system32\igfxres.dll
    2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-28 17:12 . 2009-01-29 08:51 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-01-28 17:12 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-28 17:12 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-28 17:10 . 2009-01-28 17:10 64,160 –a—— c:\windows\system32\drivers\Lbd.sys
    2009-01-28 17:09 . 2009-01-28 17:09 <DIR> d——– c:\program files\Lavasoft
    2009-01-28 17:09 . 2009-01-28 17:09 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-28 17:09 . 2009-01-29 12:26 <DIR> d–h-c— c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-01-28 15:48 . 2009-01-28 15:48 <DIR> d——– c:\program files\Alwil Software
    2009-01-28 13:57 . 2009-01-28 13:57 <DIR> d——– c:\program files\MonInfo
    2009-01-28 10:49 . 2009-02-03 11:22 <DIR> d——– c:\program files\Mozilla Thunderbird
    2009-01-28 10:49 . 2009-01-28 10:49 <DIR> d——– c:\documents and settings\Administrator\Application Data\Thunderbird
    2009-01-28 10:49 . 2009-01-28 10:49 <DIR> d——– c:\documents and settings\Administrator\Application Data\Talkback
    2009-01-28 10:49 . 2009-01-28 10:49 0 –a—— c:\windows
    sreg.dat
    2009-01-21 14:28 . 2009-01-21 14:28 <DIR> d——– c:\documents and settings\Administrator\Application Data\Xerox
    2009-01-21 10:06 . 2009-01-21 10:06 <DIR> d——– c:\documents and settings\Administrator\Application Data\Thinstall

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-03 10:04 ——— d—–w c:\program files\Google
    2009-01-21 09:05 ——— d—–w c:\program files\Common Files\Adobe
    2008-12-31 16:04 691,560 —-a-w c:\windows\system32\OGACheckControl.dll
    2008-12-31 16:04 528,744 —-a-w c:\windows\system32\OGAVerify.exe
    2008-12-31 16:04 502,120 —-a-w c:\windows\system32\OGAAddin.dll
    2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-11-07 15:45 2,174,976 ——w c:\windows\system32\dllcache\WMVCore.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "MaxtorOneTouch"="c:\progra~1\Utils\OneTouch.exe" [2003-05-21 45056]
    "MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-28 509784]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-01-13 163840]
    "Persistence"="c:\windows\System32\igfxpers.exe" [2007-01-13 135168]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2008-04-20 25214]
    SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-08-29 6824264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=acaptuser32.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-28 64160]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-28 111184]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-02 20560]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-08 33752]
    S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sys [2007-04-24 227584]
    S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
    S3 X-Rite;X-Rite USB Service;c:\windows\system32\DRIVERS\XrUsb.sys –> c:\windows\system32\DRIVERS\XrUsb.sys [?]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-02 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

    2009-02-03 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

    2009-01-30 c:\windows\Tasks\Schijfopruiming.job
    - c:\windows\system32\cleanmgr.exe [2008-04-14 18:02]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    SafeBoot-Lavasoft Ad-Aware Service


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.be/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0413/bl8.asp
    uInternet Connection Wizard,ShellNext = hxxp://go.compaq.com/1Q00CDT/0413/bl7.asp
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {8E620B5B-F66E-419E-9380-1BA45E194EF4} = 194.7.1.4
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-03 11:54:09
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
    .
    Voltooingstijd: 2009-02-03 11:55:35
    ComboFix-quarantined-files.txt 2009-02-03 10:55:32

    Pre-Run: 12.703.260.672 bytes beschikbaar
    Post-Run: 12,781,088,768 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    194
    ———————————————————————————








  • Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • Gebeurd, hier de nieuwe log:

    ComboFix 09-02-03.01 - Administrator 2009-02-03 15:07:46.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.194 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt
    AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    c:\windows
    sreg.dat
    c:\windows\system32\OGAAddin.dll
    c:\windows\system32\OGACheckControl.dll
    c:\windows\system32\OGAVerify.exe
    c:\windows\WMSysPr9.prx
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrator\Application Data\Xerox
    c:\windows
    sreg.dat
    c:\windows\system32\OGAAddin.dll
    c:\windows\system32\OGACheckControl.dll
    c:\windows\system32\OGAVerify.exe
    c:\windows\WMSysPr9.prx

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))))
    .

    2009-02-02 17:19 . 2009-02-02 17:19 <DIR> d——– c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2009-02-02 17:14 . 2009-02-02 17:14 <DIR> d——– c:\program files\MSXML 4.0
    2009-02-02 17:06 . 2008-10-16 21:33 6,066,176 ——— c:\windows\system32\dllcache\ieframe.dll
    2009-02-02 17:06 . 2007-04-17 10:32 2,455,488 ——— c:\windows\system32\dllcache\ieapfltr.dat
    2009-02-02 17:06 . 2007-03-08 06:11 1,032,192 ——— c:\windows\system32\dllcache\ieframe.dll.mui
    2009-02-02 17:06 . 2008-10-16 21:33 459,264 ——— c:\windows\system32\dllcache\msfeeds.dll
    2009-02-02 17:06 . 2008-10-16 21:33 383,488 ——— c:\windows\system32\dllcache\ieapfltr.dll
    2009-02-02 17:06 . 2008-10-16 21:33 267,776 ——— c:\windows\system32\dllcache\iertutil.dll
    2009-02-02 17:06 . 2008-10-16 21:33 63,488 ——— c:\windows\system32\dllcache\icardie.dll
    2009-02-02 17:06 . 2008-10-16 21:33 52,224 ——— c:\windows\system32\dllcache\msfeedsbs.dll
    2009-02-02 17:06 . 2008-10-16 14:11 13,824 ——— c:\windows\system32\dllcache\ieudinit.exe
    2009-02-02 16:06 . 2009-02-02 17:06 <DIR> d——– c:\windows\system32
    l-nl
    2009-02-02 16:06 . 2009-02-02 16:06 <DIR> d——– c:\windows\system32
    l
    2009-02-02 16:06 . 2009-02-02 16:06 <DIR> d——– c:\windows\l2schemas
    2009-02-02 15:46 . 2008-09-10 02:16 1,307,648 –a—— c:\windows\system32\msxml6.dll
    2009-02-02 15:45 . 2008-04-14 18:03 695,808 ——— c:\windows\system32\dllcache\drmv2clt.dll
    2009-02-02 15:20 . 2008-06-14 18:36 272,640 ——— c:\windows\system32\dllcache\bthport.sys
    2009-02-02 15:19 . 2008-08-14 14:27 2,193,536 ——— c:\windows\system32\dllcache
    toskrnl.exe
    2009-02-02 15:19 . 2008-08-14 14:27 2,149,888 ——— c:\windows\system32\dllcache
    tkrnlmp.exe
    2009-02-02 15:19 . 2008-08-14 14:27 2,070,400 ——— c:\windows\system32\dllcache
    tkrnlpa.exe
    2009-02-02 15:19 . 2008-08-14 14:27 2,028,544 ——— c:\windows\system32\dllcache
    tkrpamp.exe
    2009-02-02 15:19 . 2008-09-15 16:28 1,846,528 ——— c:\windows\system32\dllcache\win32k.sys
    2009-02-02 15:18 . 2008-04-11 20:06 691,712 ——— c:\windows\system32\dllcache\inetcomm.dll
    2009-02-02 15:18 . 2008-10-24 12:21 455,296 ——— c:\windows\system32\dllcache\mrxsmb.sys
    2009-02-02 15:18 . 2008-12-11 11:57 333,952 ——— c:\windows\system32\dllcache\srv.sys
    2009-02-02 15:18 . 2008-05-01 15:37 331,776 ——— c:\windows\system32\dllcache\msadce.dll
    2009-02-02 15:18 . 2008-05-08 15:02 203,136 ——— c:\windows\system32\dllcache\rmcast.sys
    2009-02-02 15:17 . 2008-09-04 18:17 1,106,944 ——— c:\windows\system32\dllcache\msxml3.dll
    2009-02-02 15:17 . 2008-10-15 17:37 337,408 ——— c:\windows\system32\dllcache
    etapi32.dll
    2009-02-02 15:05 . 2009-02-02 15:05 <DIR> d——– c:\documents and settings\LocalService\Menu Start
    2009-02-02 15:05 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
    2009-02-02 15:05 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
    2009-02-02 14:28 . 2008-04-14 18:02 221,184 –a—— c:\windows\system32\wmpns.dll
    2009-02-02 14:26 . 2009-02-02 14:26 <DIR> d——– c:\windows\provisioning
    2009-02-02 14:26 . 2009-02-02 16:06 <DIR> d——– c:\windows\peernet
    2009-02-02 14:22 . 2009-02-02 16:07 <DIR> d——– c:\windows\ServicePackFiles
    2009-02-02 14:11 . 2009-02-02 16:07 <DIR> d——– c:\windows\EHome
    2009-02-02 13:27 . 2002-04-15 21:11 67,866 ——— c:\windows\system32\drivers
    etwlan5.img
    2009-02-02 13:27 . 2008-04-14 22:33 11,264 ——— c:\windows\system32\spnpinst.exe
    2009-02-02 13:27 . 2004-08-02 14:20 7,208 ——— c:\windows\system32\secupd.sig
    2009-02-02 13:27 . 2004-08-02 14:20 4,569 ——— c:\windows\system32\secupd.dat
    2009-02-02 12:41 . 2007-08-10 20:52 26,488 –a—— c:\windows\system32\spupdsvc.exe
    2009-02-02 12:40 . 2009-02-02 16:06 <DIR> d——– c:\windows\system32\bits
    2009-02-02 12:40 . 2009-02-03 10:15 <DIR> d–h—– c:\windows\$hf_mig$
    2009-02-02 12:39 . 2008-04-14 18:02 354,304 –a—— c:\windows\system32\winhttp.dll
    2009-02-02 12:39 . 2008-04-14 18:02 18,944 –a—— c:\windows\system32\qmgrprxy.dll
    2009-02-02 12:39 . 2008-04-14 18:02 8,192 ——— c:\windows\system32\bitsprx2.dll
    2009-02-02 12:39 . 2008-04-14 18:02 7,168 ——— c:\windows\system32\bitsprx3.dll
    2009-02-02 12:33 . 2008-10-16 14:08 27,672 –a—— c:\windows\system32\wuapi.dll.mui
    2009-01-29 12:21 . 2007-01-13 09:49 188,416 –a—— c:\windows\system32\igfxres.dll
    2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-28 17:12 . 2009-01-29 08:51 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-01-28 17:12 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-28 17:12 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-28 17:09 . 2009-02-03 12:49 <DIR> d——– c:\program files\Lavasoft
    2009-01-28 17:09 . 2009-02-03 12:49 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-28 15:48 . 2009-01-28 15:48 <DIR> d——– c:\program files\Alwil Software
    2009-01-28 13:57 . 2009-01-28 13:57 <DIR> d——– c:\program files\MonInfo
    2009-01-28 10:49 . 2009-02-03 15:04 <DIR> d——– c:\program files\Mozilla Thunderbird
    2009-01-28 10:49 . 2009-01-28 10:49 <DIR> d——– c:\documents and settings\Administrator\Application Data\Thunderbird
    2009-01-28 10:49 . 2009-01-28 10:49 <DIR> d——– c:\documents and settings\Administrator\Application Data\Talkback
    2009-01-21 10:06 . 2009-01-21 10:06 <DIR> d——– c:\documents and settings\Administrator\Application Data\Thinstall

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-03 10:04 ——— d—–w c:\program files\Google
    2009-01-21 09:05 ——— d—–w c:\program files\Common Files\Adobe
    2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-11-07 15:45 2,174,976 ——w c:\windows\system32\dllcache\WMVCore.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2009-02-03_11.54.43,23 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-03 10:10:55 53,608 —-a-w c:\windows\system32\perfc009.dat
    + 2009-02-03 13:34:03 53,608 —-a-w c:\windows\system32\perfc009.dat
    - 2009-02-03 10:10:55 70,426 —-a-w c:\windows\system32\perfc013.dat
    + 2009-02-03 13:34:03 70,426 —-a-w c:\windows\system32\perfc013.dat
    - 2009-02-03 10:10:55 383,254 —-a-w c:\windows\system32\perfh009.dat
    + 2009-02-03 13:34:03 383,254 —-a-w c:\windows\system32\perfh009.dat
    - 2009-02-03 10:10:55 444,960 —-a-w c:\windows\system32\perfh013.dat
    + 2009-02-03 13:34:03 444,960 —-a-w c:\windows\system32\perfh013.dat
    + 2009-02-03 13:29:54 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_6d8.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "MaxtorOneTouch"="c:\progra~1\Utils\OneTouch.exe" [2003-05-21 45056]
    "MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-01-13 163840]
    "Persistence"="c:\windows\System32\igfxpers.exe" [2007-01-13 135168]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2008-04-20 25214]
    SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-08-29 6824264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=acaptuser32.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-28 111184]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-02 20560]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-08 33752]
    S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sys [2007-04-24 227584]
    S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
    S3 X-Rite;X-Rite USB Service;c:\windows\system32\DRIVERS\XrUsb.sys –> c:\windows\system32\DRIVERS\XrUsb.sys [?]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-02 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe []

    2009-02-03 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe []

    2009-01-30 c:\windows\Tasks\Schijfopruiming.job
    - c:\windows\system32\cleanmgr.exe [2008-04-14 18:02]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.be/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0413/bl8.asp
    uInternet Connection Wizard,ShellNext = hxxp://go.compaq.com/1Q00CDT/0413/bl7.asp
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {8E620B5B-F66E-419E-9380-1BA45E194EF4} = 194.7.1.4
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-03 15:09:37
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
    .
    Voltooingstijd: 2009-02-03 15:11:05
    ComboFix-quarantined-files.txt 2009-02-03 14:11:03
    ComboFix2.txt 2009-02-03 10:55:36

    Pre-Run: 12.911.980.544 bytes beschikbaar
    Post-Run: 12,900,507,648 bytes beschikbaar

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    196









  • Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.


    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • Ook gedaan, nieuwe log:

    ComboFix 09-02-03.01 - Administrator 2009-02-03 15:54:29.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.177 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt
    AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    c:\windows\Temp\Perflib_Perfdata_6d8.dat
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Temp\Perflib_Perfdata_6d8.dat

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))))
    .

    2009-02-02 17:19 . 2009-02-02 17:19 <DIR> d——– c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2009-02-02 17:14 . 2009-02-02 17:14 <DIR> d——– c:\program files\MSXML 4.0
    2009-02-02 17:06 . 2008-10-16 21:33 6,066,176 ——— c:\windows\system32\dllcache\ieframe.dll
    2009-02-02 17:06 . 2007-04-17 10:32 2,455,488 ——— c:\windows\system32\dllcache\ieapfltr.dat
    2009-02-02 17:06 . 2007-03-08 06:11 1,032,192 ——— c:\windows\system32\dllcache\ieframe.dll.mui
    2009-02-02 17:06 . 2008-10-16 21:33 459,264 ——— c:\windows\system32\dllcache\msfeeds.dll
    2009-02-02 17:06 . 2008-10-16 21:33 383,488 ——— c:\windows\system32\dllcache\ieapfltr.dll
    2009-02-02 17:06 . 2008-10-16 21:33 267,776 ——— c:\windows\system32\dllcache\iertutil.dll
    2009-02-02 17:06 . 2008-10-16 21:33 63,488 ——— c:\windows\system32\dllcache\icardie.dll
    2009-02-02 17:06 . 2008-10-16 21:33 52,224 ——— c:\windows\system32\dllcache\msfeedsbs.dll
    2009-02-02 17:06 . 2008-10-16 14:11 13,824 ——— c:\windows\system32\dllcache\ieudinit.exe
    2009-02-02 16:06 . 2009-02-02 17:06 <DIR> d——– c:\windows\system32
    l-nl
    2009-02-02 16:06 . 2009-02-02 16:06 <DIR> d——– c:\windows\system32
    l
    2009-02-02 16:06 . 2009-02-02 16:06 <DIR> d——– c:\windows\l2schemas
    2009-02-02 15:46 . 2008-09-10 02:16 1,307,648 –a—— c:\windows\system32\msxml6.dll
    2009-02-02 15:45 . 2008-04-14 18:03 695,808 ——— c:\windows\system32\dllcache\drmv2clt.dll
    2009-02-02 15:20 . 2008-06-14 18:36 272,640 ——— c:\windows\system32\dllcache\bthport.sys
    2009-02-02 15:19 . 2008-08-14 14:27 2,193,536 ——— c:\windows\system32\dllcache
    toskrnl.exe
    2009-02-02 15:19 . 2008-08-14 14:27 2,149,888 ——— c:\windows\system32\dllcache
    tkrnlmp.exe
    2009-02-02 15:19 . 2008-08-14 14:27 2,070,400 ——— c:\windows\system32\dllcache
    tkrnlpa.exe
    2009-02-02 15:19 . 2008-08-14 14:27 2,028,544 ——— c:\windows\system32\dllcache
    tkrpamp.exe
    2009-02-02 15:19 . 2008-09-15 16:28 1,846,528 ——— c:\windows\system32\dllcache\win32k.sys
    2009-02-02 15:18 . 2008-04-11 20:06 691,712 ——— c:\windows\system32\dllcache\inetcomm.dll
    2009-02-02 15:18 . 2008-10-24 12:21 455,296 ——— c:\windows\system32\dllcache\mrxsmb.sys
    2009-02-02 15:18 . 2008-12-11 11:57 333,952 ——— c:\windows\system32\dllcache\srv.sys
    2009-02-02 15:18 . 2008-05-01 15:37 331,776 ——— c:\windows\system32\dllcache\msadce.dll
    2009-02-02 15:18 . 2008-05-08 15:02 203,136 ——— c:\windows\system32\dllcache\rmcast.sys
    2009-02-02 15:17 . 2008-09-04 18:17 1,106,944 ——— c:\windows\system32\dllcache\msxml3.dll
    2009-02-02 15:17 . 2008-10-15 17:37 337,408 ——— c:\windows\system32\dllcache
    etapi32.dll
    2009-02-02 15:05 . 2009-02-02 15:05 <DIR> d——– c:\documents and settings\LocalService\Menu Start
    2009-02-02 15:05 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
    2009-02-02 15:05 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
    2009-02-02 14:28 . 2008-04-14 18:02 221,184 –a—— c:\windows\system32\wmpns.dll
    2009-02-02 14:26 . 2009-02-02 14:26 <DIR> d——– c:\windows\provisioning
    2009-02-02 14:26 . 2009-02-02 16:06 <DIR> d——– c:\windows\peernet
    2009-02-02 14:22 . 2009-02-02 16:07 <DIR> d——– c:\windows\ServicePackFiles
    2009-02-02 14:11 . 2009-02-02 16:07 <DIR> d——– c:\windows\EHome
    2009-02-02 13:27 . 2002-04-15 21:11 67,866 ——— c:\windows\system32\drivers
    etwlan5.img
    2009-02-02 13:27 . 2008-04-14 22:33 11,264 ——— c:\windows\system32\spnpinst.exe
    2009-02-02 13:27 . 2004-08-02 14:20 7,208 ——— c:\windows\system32\secupd.sig
    2009-02-02 13:27 . 2004-08-02 14:20 4,569 ——— c:\windows\system32\secupd.dat
    2009-02-02 12:41 . 2007-08-10 20:52 26,488 –a—— c:\windows\system32\spupdsvc.exe
    2009-02-02 12:40 . 2009-02-02 16:06 <DIR> d——– c:\windows\system32\bits
    2009-02-02 12:40 . 2009-02-03 10:15 <DIR> d–h—– c:\windows\$hf_mig$
    2009-02-02 12:39 . 2008-04-14 18:02 354,304 –a—— c:\windows\system32\winhttp.dll
    2009-02-02 12:39 . 2008-04-14 18:02 18,944 –a—— c:\windows\system32\qmgrprxy.dll
    2009-02-02 12:39 . 2008-04-14 18:02 8,192 ——— c:\windows\system32\bitsprx2.dll
    2009-02-02 12:39 . 2008-04-14 18:02 7,168 ——— c:\windows\system32\bitsprx3.dll
    2009-02-02 12:33 . 2008-10-16 14:08 27,672 –a—— c:\windows\system32\wuapi.dll.mui
    2009-01-29 12:21 . 2007-01-13 09:49 188,416 –a—— c:\windows\system32\igfxres.dll
    2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-28 17:12 . 2009-01-29 08:51 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-01-28 17:12 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-28 17:12 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-28 17:09 . 2009-02-03 12:49 <DIR> d——– c:\program files\Lavasoft
    2009-01-28 17:09 . 2009-02-03 12:49 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-28 15:48 . 2009-01-28 15:48 <DIR> d——– c:\program files\Alwil Software
    2009-01-28 13:57 . 2009-01-28 13:57 <DIR> d——– c:\program files\MonInfo
    2009-01-28 10:49 . 2009-02-03 15:51 <DIR> d——– c:\program files\Mozilla Thunderbird
    2009-01-28 10:49 . 2009-01-28 10:49 <DIR> d——– c:\documents and settings\Administrator\Application Data\Thunderbird
    2009-01-28 10:49 . 2009-01-28 10:49 <DIR> d——– c:\documents and settings\Administrator\Application Data\Talkback
    2009-01-21 10:06 . 2009-01-21 10:06 <DIR> d——– c:\documents and settings\Administrator\Application Data\Thinstall

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-03 10:04 ——— d—–w c:\program files\Google
    2009-01-21 09:05 ——— d—–w c:\program files\Common Files\Adobe
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2009-02-03_11.54.43,23 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-03 10:10:55 53,608 —-a-w c:\windows\system32\perfc009.dat
    + 2009-02-03 13:34:03 53,608 —-a-w c:\windows\system32\perfc009.dat
    - 2009-02-03 10:10:55 70,426 —-a-w c:\windows\system32\perfc013.dat
    + 2009-02-03 13:34:03 70,426 —-a-w c:\windows\system32\perfc013.dat
    - 2009-02-03 10:10:55 383,254 —-a-w c:\windows\system32\perfh009.dat
    + 2009-02-03 13:34:03 383,254 —-a-w c:\windows\system32\perfh009.dat
    - 2009-02-03 10:10:55 444,960 —-a-w c:\windows\system32\perfh013.dat
    + 2009-02-03 13:34:03 444,960 —-a-w c:\windows\system32\perfh013.dat
    + 2009-02-03 14:56:57 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_75c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "MaxtorOneTouch"="c:\progra~1\Utils\OneTouch.exe" [2003-05-21 45056]
    "MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-01-13 163840]
    "Persistence"="c:\windows\System32\igfxpers.exe" [2007-01-13 135168]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2008-04-20 25214]
    SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-08-29 6824264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=acaptuser32.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-28 111184]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-02 20560]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-08 33752]
    S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sys [2007-04-24 227584]
    S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
    S3 X-Rite;X-Rite USB Service;c:\windows\system32\DRIVERS\XrUsb.sys –> c:\windows\system32\DRIVERS\XrUsb.sys [?]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-02 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe []

    2009-02-03 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe []

    2009-01-30 c:\windows\Tasks\Schijfopruiming.job
    - c:\windows\system32\cleanmgr.exe [2008-04-14 18:02]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.be/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0413/bl8.asp
    uInternet Connection Wizard,ShellNext = hxxp://go.compaq.com/1Q00CDT/0413/bl7.asp
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {8E620B5B-F66E-419E-9380-1BA45E194EF4} = 194.7.1.4
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-03 15:59:32
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    c:\program files\TechSmith\SnagIt 9\TscHelp.exe
    c:\program files\TechSmith\SnagIt 9\SnagPriv.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\TechSmith\SnagIt 9\SnagItEditor.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-02-03 16:02:25 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-02-03 15:02:21
    ComboFix2.txt 2009-02-03 14:11:06
    ComboFix3.txt 2009-02-03 10:55:36

    Pre-Run: 12.887.597.056 bytes beschikbaar
    Post-Run: 12,868,124,672 bytes beschikbaar

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    199







  • Hoe staat het met de problemen?
  • Ziet er goed uit, startpagina weer normaal en computer weer snel genoeg.

    Bedankt!!!
  • Mooizo, doe nog even dit:


    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren ComboFix /U typen en op enter drukken!!)


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt
  • Ok ook gedaan

    Bedankt!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.