Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Laptop m.i trager graag beoordelen HijackThis logje

None
23 antwoorden
  • Hallo,

    Sinds een aantal weken is mijn laptop met opstarten van Explorer en outlook en afsluiten trager. Ik heb zelf een vermoeden dat dit komt vanwege de nieuwste Mcafee virusscan en windows defender.
    Voor de zekerheid heb ik een HijackThis logje bijgevoegd. Zou iemand eens kunnen kijken of er iets vreemds in te zien is.
    Bij voorbaat dank.
    Frans
    <<>>
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:01:45, on 8-2-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: Shell=
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    unkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: AutorunsDisabled
    O4 - Global Startup: AutorunsDisabled
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/2,0,0,0/McUpdatePortal.cab
    O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://download.sp.f-secure.com/hc/kpn/PCHC_customization_KPN/fscax.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe


    End of file - 6822 bytes
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:d74213a31b]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: Shell=[/b:d74213a31b]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Download [b:d74213a31b]MalwareBytes' Anti-Malware[/color:d74213a31b][/b:d74213a31b] en sla het op je bureaublad op.
    Dubbelklik op [b:d74213a31b]mbam-setup.exe[/b:d74213a31b] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:d74213a31b]
    [*:d74213a31b]Update MalwareBytes' Anti-Malware
    [*:d74213a31b]Start MalwareBytes' Anti-Malware
    [/list:u:d74213a31b]Klik daarna op "[b:d74213a31b]Voltooien[/b:d74213a31b]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:d74213a31b]
    [*:d74213a31b]Zodra het programma gestart is, ga dan naar het tabblad "[b:d74213a31b]Instellingen[/b:d74213a31b]".
    [*:d74213a31b]Vink hier aan: "[b:d74213a31b]Sluit Internet Explorer tijdens verwijdering van malware[/b:d74213a31b]".
    [*:d74213a31b]Ga daarna naar het tabblad "[b:d74213a31b]Scanner[/b:d74213a31b]", kies hier voor "[b:d74213a31b]Snelle Scan[/b:d74213a31b]".
    [*:d74213a31b]Druk vervolgens op "[b:d74213a31b]Scannen[/b:d74213a31b]" om de scan te starten.
    [*:d74213a31b]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:d74213a31b]Wanneer de scan voltooid is, klik op [b:d74213a31b]OK[/b:d74213a31b], daarna "[b:d74213a31b]Bekijk Resultaten[/b:d74213a31b]" om de resultaten te zien.
    [*:d74213a31b]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:d74213a31b]Verwijder geselecteerde[/b:d74213a31b]".
    [*:d74213a31b]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:d74213a31b]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:d74213a31b]Logs[/b:d74213a31b]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis



    Download [b:d74213a31b]Combofix[/color:d74213a31b][/b:d74213a31b] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:d74213a31b]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:d74213a31b]download Combofix opnieuw[/b:d74213a31b].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:d74213a31b][/i:d74213a31b][list:d74213a31b][*:d74213a31b]Dubbelklik op [b:d74213a31b]Combofix.exe[/b:d74213a31b] om het te starten.
    [*:d74213a31b][i:d74213a31b]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:d74213a31b]
    [*:d74213a31b]Klik op [b:d74213a31b]OK[/b:d74213a31b] in het "NirCmd" venstertje.
    [*:d74213a31b]Klik na afloop terug op [b:d74213a31b]Ja[/b:d74213a31b] om het scannen op malware te starten.
    [*:d74213a31b]Tijdens het runnen van de fix, [b:d74213a31b]NIET[/b:d74213a31b] in het venster klikken, want dit zal je pc doen vasthangen.
    [*:d74213a31b]Wanneer de fix voltooid is en na herstart, zal de log [b:d74213a31b]Combofix.txt[/b:d74213a31b] openen.[/list:u:d74213a31b]Post dit logje in je volgende antwoord
  • Hallo Othuroyo,

    Hieronder de nieuwe logs. De regels zijn verwijdert en er is geen modules geinfecteerd.

    Ik heb combofix nog niet gedraaid. Ik wacht effe jouw antwoord af, of dit nog nodig mocht zijn.
    Het zal dan in iedergeval pas morgen (dinsdag) worden.

    Tot zover alvast dank.


    Malwarebytes' Anti-Malware 1.33
    Database versie: 1741
    Windows 5.1.2600 Service Pack 2

    9-2-2009 18:41:46
    mbam-log-2009-02-09 (18-41-46).txt

    Scan type: Snelle Scan
    Objecten gescand: 53588
    Verstreken tijd: 6 minute(s), 51 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)


    <<<<>>>>>

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:43:26, on 9-2-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\PROGRA~1\mcafee\msc\mcupdui.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    unkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: AutorunsDisabled
    O4 - Global Startup: AutorunsDisabled
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/2,0,0,0/McUpdatePortal.cab
    O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://download.sp.f-secure.com/hc/kpn/PCHC_customization_KPN/fscax.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe


    End of file - 6762 bytes
  • Ik wil wel graag een ComboFix logje zien om er zeker van te zijn dat er geen malware op jouw computer is.

    Het is geen probleem dat dat pas morgen kan.
  • Hallo,

    Het is allemaal succesvol verlopen.
    Hierbij de combofix log.

    ComboFix 09-02-08.02 - Frans 2009-02-10 11:42:48.1 - [b:17a2ff91fb]FAT32[/b:17a2ff91fb][/color:17a2ff91fb]x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.958.626 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Frans\Bureaublad\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    AV: NOD32 antivirus systeem 2.50 *On-access scanning disabled* (Outdated)
    FW: McAfee Personal Firewall *disabled*
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_NPF


    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-10 to 2009-02-10 ))))))))))))))))))))))))))))))
    .

    2009-02-10 10:24 . 2009-02-10 10:24 2,359,350 –a—— c:\windows\Webshots for Frans.bmp
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\documents and settings\Frans\Application Data\Malwarebytes
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-09 18:33 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-09 18:33 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-08 12:01 . 2009-02-08 12:01 <DIR> d——– c:\program files\Trend Micro
    2009-02-08 11:42 . 2009-02-08 11:42 <DIR> dr-h—– c:\documents and settings\Frans\Onlangs geopend
    2009-01-18 15:03 . 2009-01-18 15:03 <DIR> d——– c:\program files\Wisdom-soft ScreenHunter 5 Free
    2009-01-15 19:24 . 2009-01-15 19:24 <DIR> d——– c:\program files\Windows Defender

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-05 10:08 ——— d—–w c:\documents and settings\Frans\Application Data\Belastingdienst
    2008-12-31 12:59 ——— d—–w c:\program files\K-Lite Codec Pack
    2008-12-28 13:08 ——— d—–w c:\documents and settings\Frans\Application Data\Uniblue
    2008-12-28 12:56 ——— d–h–w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
    2008-12-19 09:43 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-12-17 18:32 ——— d—–w c:\documents and settings\All Users\Application Data\SiteAdvisor
    2008-12-17 18:26 ——— d—–w c:\program files\McAfee.com
    2008-12-17 18:26 ——— d—–w c:\program files\McAfee
    2008-12-17 18:26 ——— d—–w c:\program files\Common Files\McAfee
    2008-12-17 18:24 ——— d—–w c:\documents and settings\All Users\Application Data\McAfee
    2008-12-13 06:39 3,593,216 —-a-w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 11:57 333,184 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 11:57 333,184 ——w c:\windows\system32\dllcache\srv.sys
    2008-12-05 12:52 61,224 —-a-w c:\documents and settings\Frans\GoToAssistDownloadHelper.exe
    2008-09-12 11:49 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091220080913\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-23 98304]
    "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 160256]
    "VTTimer"="VTTimer.exe" [2003-05-07 c:\windows\system32\VTTimer.exe]
    "SoundMan"="SOUNDMAN.EXE" [2003-05-14 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Frans\Menu Start\Programma's\Opstarten\AutorunsDisabled
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-03-01 45056]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\AutorunsDisabled
    NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2008-02-25 241664]
    Realtek Wireless LAN Utility.lnk - c:\program files\Realtek\Realtek Wireless LAN Utility\RtlWake.exe [2005-06-08 741376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-12-09 15:14 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AresChatServer"=3 (0x3)
    "aawservice"=2 (0x2)
    "NOD32krn"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "Norton Ghost"=2 (0x2)
    "RetroExpLauncher"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\KCeasy\\giFT\\giFTl.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-11-10 138801]
    R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-11-10 46800]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-02-16 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2006-06-09 55024]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2004-04-19 66048]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-17 203280]
    R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [1980-01-01 14336]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [2003-09-02 183680]
    S3 hitmanpro3;Hitman Pro 3 Support Driver; [x]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196bf230-d554-11da-96ab-000b6b280a70}]
    \Shell\AutoRun\command - f:\keepas~1\KeePass.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bc76be0-0808-11d9-b05d-000b6b280a70}]
    \Shell\AutoRun\command - f:\keepas~1\KeePass.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e2f3950-ac28-11dd-9bc4-000b6b280a70}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b4e7eb0-921a-11dd-9b8e-000b6b280a70}]
    \Shell\AutoRun\command - F:\InstallTomTomHOME.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-12-17 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2008-12-17 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2009-02-10 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


    .
    ——- Bijkomende Scan ——-
    .
    uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
    uInternet Settings,ProxyOverride = <local>
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: microsoft.com\support
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-10 11:47:41
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(1100)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    - - - - - - - > 'lsass.exe'(1156)
    c:\windows\system32\relog_ap.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\windows\SYSTEM32\GEARSEC.EXE
    c:\program files\JAVA\JRE6\BIN\JQS.EXE
    c:\program files\MCAFEE\MSC\MCMSCSVC.EXE
    c:\program files\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE
    c:\program files\COMMON FILES\MCAFEE\MCPROXY\MCPROXY.EXE
    c:\program files\MCAFEE\VIRUSSCAN\MCSHIELD.EXE
    c:\program files\MCAFEE\MPF\MPFSRV.EXE
    c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-02-10 11:50:24 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-02-10 10:50:22

    Pre-Run: 8.643.444.736 bytes beschikbaar
    Post-Run: 8,565,374,976 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    176 — E O F — 2009-02-09 17:24:36
  • Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.



    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

    [b:adea23830d]Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196bf230-d554-11da-96ab-000b6b280a70}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bc76be0-0808-11d9-b05d-000b6b280a70}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e2f3950-ac28-11dd-9bc4-000b6b280a70}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b4e7eb0-921a-11dd-9b8e-000b6b280a70}]
    [/b:adea23830d][/color:adea23830d]

    Sla het kladblokbestand op als CFScript.txt

    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder:

    [img:adea23830d]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:adea23830d]

    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van de logfile.
  • Hallo,

    Ik kan flash disinfector niet downloaden


    Krijg de melding: Kan flash disinfector niet kopieren toegang is geweigerd.
    Controleer of schijf vol is, beveiligd of in gebruik.

    Op dat zelfde moment komt MCAfee dat ie virus Generic.dx heeft geconstateerd en verwijderd.
  • Schakel McAfee uit en probeer vervolgens Flash disinfector.

    Ik verzeker je dat het legitiem is en geen malware bevat.
  • Het is gelukt.

    Hierbij de nieuwe log.

    Ik zag dat combofix de bestanden autorun.inf van de schijven G,H en F verwijdert heeft (externe HD en usb) , zijn deze niet nodig om de schijven op te starten als ik ze insteek?


    <<>>
    ComboFix 09-02-08.02 - Frans 2009-02-10 17:16:22.2 - [b:7a18d36d4f]FAT32[/b:7a18d36d4f][/color:7a18d36d4f]x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.958.513 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Frans\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Frans\Bureaublad\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    AV: NOD32 antivirus systeem 2.50 *On-access scanning disabled* (Outdated)
    FW: McAfee Personal Firewall *enabled*
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    F:\autorun.inf
    G:\Autorun.inf
    H:\Autorun.inf

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-10 to 2009-02-10 ))))))))))))))))))))))))))))))
    .

    2009-02-10 10:24 . 2009-02-10 10:24 2,359,350 –a—— c:\windows\Webshots for Frans.bmp
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\documents and settings\Frans\Application Data\Malwarebytes
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-09 18:33 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-09 18:33 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-08 12:01 . 2009-02-08 12:01 <DIR> d——– c:\program files\Trend Micro
    2009-02-08 11:42 . 2009-02-08 11:42 <DIR> dr-h—– c:\documents and settings\Frans\Onlangs geopend
    2009-01-18 15:03 . 2009-01-18 15:03 <DIR> d——– c:\program files\Wisdom-soft ScreenHunter 5 Free
    2009-01-15 19:24 . 2009-01-15 19:24 <DIR> d——– c:\program files\Windows Defender

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-05 10:08 ——— d—–w c:\documents and settings\Frans\Application Data\Belastingdienst
    2008-12-31 12:59 ——— d—–w c:\program files\K-Lite Codec Pack
    2008-12-28 13:08 ——— d—–w c:\documents and settings\Frans\Application Data\Uniblue
    2008-12-28 12:56 ——— d–h–w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
    2008-12-19 09:43 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-12-17 18:32 ——— d—–w c:\documents and settings\All Users\Application Data\SiteAdvisor
    2008-12-17 18:26 ——— d—–w c:\program files\McAfee.com
    2008-12-17 18:26 ——— d—–w c:\program files\McAfee
    2008-12-17 18:26 ——— d—–w c:\program files\Common Files\McAfee
    2008-12-17 18:24 ——— d—–w c:\documents and settings\All Users\Application Data\McAfee
    2008-12-13 06:39 3,593,216 —-a-w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 11:57 333,184 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 11:57 333,184 ——w c:\windows\system32\dllcache\srv.sys
    2008-12-05 12:52 61,224 —-a-w c:\documents and settings\Frans\GoToAssistDownloadHelper.exe
    2008-09-12 11:49 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091220080913\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-10_11.49.39.67 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-10 08:55:28 32,768 —-a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-02-10 13:17:50 32,768 —-a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-02-10 08:55:28 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-02-10 13:17:50 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2009-02-10 08:55:28 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-10 13:17:50 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-10 16:22:04 16,384 —-a-w c:\windows\Temp\Perflib_Perfdata_680.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-23 98304]
    "VTTimer"="VTTimer.exe" [2003-05-07 c:\windows\system32\VTTimer.exe]
    "SoundMan"="SOUNDMAN.EXE" [2003-05-14 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Frans\Menu Start\Programma's\Opstarten\AutorunsDisabled
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-03-01 45056]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\AutorunsDisabled
    NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2008-02-25 241664]
    Realtek Wireless LAN Utility.lnk - c:\program files\Realtek\Realtek Wireless LAN Utility\RtlWake.exe [2005-06-08 741376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-12-09 15:14 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AresChatServer"=3 (0x3)
    "aawservice"=2 (0x2)
    "NOD32krn"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "Norton Ghost"=2 (0x2)
    "RetroExpLauncher"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\KCeasy\\giFT\\giFTl.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-11-10 138801]
    R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-11-10 46800]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-02-16 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2006-06-09 55024]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2004-04-19 66048]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-17 203280]
    R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [1980-01-01 14336]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [2003-09-02 183680]
    S3 hitmanpro3;Hitman Pro 3 Support Driver; [x]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-12-17 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2008-12-17 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2009-02-10 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
    uInternet Settings,ProxyOverride = <local>
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: microsoft.com\support
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-10 17:22:56
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(1256)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    - - - - - - - > 'lsass.exe'(1568)
    c:\windows\system32\relog_ap.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
    c:\windows\SYSTEM32\GEARSEC.EXE
    c:\program files\JAVA\JRE6\BIN\JQS.EXE
    c:\program files\MCAFEE\MSC\MCMSCSVC.EXE
    c:\program files\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE
    c:\program files\COMMON FILES\MCAFEE\MCPROXY\MCPROXY.EXE
    c:\program files\MCAFEE\VIRUSSCAN\MCSHIELD.EXE
    c:\program files\MCAFEE\MPF\MPFSRV.EXE
    c:\program files\COMMON FILES\ACRONIS\FOMATIK\TRUEIMAGETRYSTARTSERVICE.EXE
    c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-02-10 17:25:33 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-02-10 16:25:32
    ComboFix2.txt 2009-02-10 10:50:28

    Pre-Run: 8.525.660.160 bytes beschikbaar
    Post-Run: 8,512,618,496 bytes beschikbaar

    170 — E O F — 2009-02-09 17:24:36
  • Nee, sterker nog het is malware.

    Hoe staat het met de problemen?
  • Hallo,

    Het opstarten van windows gaat sneller. Het buroblad is er sneller.
    Ik heb ook de indruk dat het laden van internet pagina's sneller gaat.
    Met name mijn startpagina msn.nl was erg traag.
    Als alles nu schoon is, wil ik je daar hartelijk voor danken.
    Spannend om dit traject zelf eens mee te maken.

    groeten,
    Frans
  • Mooi, doe nog even dit:


    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:9128fc2fc5]ComboFix /U[/b:9128fc2fc5] typen en op enter drukken!!)


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt
  • Is gedaan.


    Nogmaals bedankt
  • Hallo,

    Ik heb nu nog een klein probleempje.

    Mijn usb stick met keypass starte eerst automatisch op. Dit doet ie nu niet meer.
    Ook installaties software dvd tjes starten niet automatisch meer op.

    Heb je enig idee waar ik dit kan herstellen?

    vr.gr
    Frans
  • Open kladblok en plak volgende vetgedrukte tekst in een leeg venster:

    [b:d9124b0df4]REGEDIT4

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196bf230-d554-11da-96ab-000b6b280a70}]
    \Shell\AutoRun\command - f:\keepas~1\KeePass.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e2f3950-ac28-11dd-9bc4-000b6b280a70}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bc76be0-0808-11d9-b05d-000b6b280a70}]
    \Shell\AutoRun\command - f:\keepas~1\KeePass.exe
    [/b:d9124b0df4]

    Sla dit op, op je Bureaublad als regfix.reg, met als type "alle bestanden"
    Dubbelklik op regfix.reg en sta het toevoegen aan het register toe.


    Plaats vervolgens een nieuw ComboFix logje.
  • Hallo,

    Hier de nieuwe log.
    Ik weet niet of het al zou moeten werken? Maar dat is nog niet het geval.

    ComboFix 09-02-08.02 - Frans 2009-02-11 19:22:01.3 - [b:ab808da1f5]FAT32[/b:ab808da1f5][/color:ab808da1f5]x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.958.649 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Frans\Bureaublad\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    AV: NOD32 antivirus systeem 2.50 *On-access scanning disabled* (Outdated)
    FW: McAfee Personal Firewall *enabled*
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-11 to 2009-02-11 ))))))))))))))))))))))))))))))
    .

    2009-02-10 10:24 . 2009-02-10 10:24 2,359,350 –a—— c:\windows\Webshots for Frans.bmp
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\documents and settings\Frans\Application Data\Malwarebytes
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-09 18:33 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-09 18:33 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-08 12:01 . 2009-02-08 12:01 <DIR> d——– c:\program files\Trend Micro
    2009-02-08 11:42 . 2009-02-08 11:42 <DIR> dr-h—– c:\documents and settings\Frans\Onlangs geopend
    2009-01-18 15:03 . 2009-01-18 15:03 <DIR> d——– c:\program files\Wisdom-soft ScreenHunter 5 Free
    2009-01-15 19:24 . 2009-01-15 19:24 <DIR> d——– c:\program files\Windows Defender

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-16 20:31 3,594,752 —-a-w c:\windows\system32\dllcache\mshtml.dll
    2009-01-05 10:08 ——— d—–w c:\documents and settings\Frans\Application Data\Belastingdienst
    2008-12-31 12:59 ——— d—–w c:\program files\K-Lite Codec Pack
    2008-12-28 13:08 ——— d—–w c:\documents and settings\Frans\Application Data\Uniblue
    2008-12-28 12:56 ——— d–h–w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
    2008-12-19 09:43 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-12-19 09:13 70,656 ——w c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 09:10 13,824 ——w c:\windows\system32\dllcache\ieudinit.exe
    2008-12-19 05:25 634,024 ——w c:\windows\system32\dllcache\iexplore.exe
    2008-12-19 05:23 161,792 —-a-w c:\windows\system32\dllcache\ieakui.dll
    2008-12-17 18:32 ——— d—–w c:\documents and settings\All Users\Application Data\SiteAdvisor
    2008-12-17 18:26 ——— d—–w c:\program files\McAfee.com
    2008-12-17 18:26 ——— d—–w c:\program files\McAfee
    2008-12-17 18:26 ——— d—–w c:\program files\Common Files\McAfee
    2008-12-17 18:24 ——— d—–w c:\documents and settings\All Users\Application Data\McAfee
    2008-12-11 11:57 333,184 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 11:57 333,184 ——w c:\windows\system32\dllcache\srv.sys
    2008-12-05 12:52 61,224 —-a-w c:\documents and settings\Frans\GoToAssistDownloadHelper.exe
    2008-09-12 11:49 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091220080913\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-10_11.49.39.67 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-16 20:33:22 124,928 ——w c:\windows\ie7updates\KB961260-IE7\advpack.dll
    + 2008-10-16 20:33:22 347,136 ——w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
    + 2008-10-16 20:33:22 214,528 ——w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
    + 2008-10-16 20:33:22 133,120 ——w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
    + 2008-10-16 20:33:22 63,488 ——w c:\windows\ie7updates\KB961260-IE7\icardie.dll
    + 2008-10-16 13:14:32 70,656 ——w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
    + 2008-10-16 20:33:22 153,088 ——w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
    + 2008-10-16 20:33:22 230,400 ——w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
    + 2008-10-15 07:04:54 161,792 ——w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
    + 2008-10-16 20:33:24 383,488 ——w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
    + 2008-10-16 20:33:24 384,512 ——w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
    + 2008-10-16 20:33:26 6,066,176 ——w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
    + 2008-10-16 20:33:26 44,544 ——w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
    + 2008-10-16 20:33:26 267,776 ——w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
    + 2008-10-16 13:11:10 13,824 ——w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
    + 2008-10-15 07:06:26 633,632 ——w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
    + 2008-10-16 20:33:26 27,648 ——w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
    + 2008-10-16 20:33:26 459,264 ——w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
    + 2008-10-16 20:33:26 52,224 ——w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
    + 2008-12-13 06:39:18 3,593,216 ——w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
    + 2008-10-16 20:33:30 477,696 ——w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
    + 2008-10-16 20:33:30 193,024 ——w c:\windows\ie7updates\KB961260-IE7\msrating.dll
    + 2008-10-16 20:33:30 671,232 ——w c:\windows\ie7updates\KB961260-IE7\mstime.dll
    + 2008-10-16 20:33:30 102,912 ——w c:\windows\ie7updates\KB961260-IE7\occache.dll
    + 2008-10-16 20:33:30 44,544 ——w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
    + 2007-03-06 01:58:28 216,800 ——w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:59:38 389,856 ——w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
    + 2008-10-16 20:33:30 105,984 ——w c:\windows\ie7updates\KB961260-IE7\url.dll
    + 2008-10-16 20:33:32 1,160,192 ——w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
    + 2008-10-16 20:33:32 233,472 ——w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
    + 2008-10-16 20:33:32 826,368 ——w c:\windows\ie7updates\KB961260-IE7\wininet.dll
    - 2009-01-15 18:09:40 1,165,584 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2009-02-11 18:10:46 1,165,584 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    - 2009-01-15 18:09:42 20,240 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2009-02-11 18:10:50 20,240 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    - 2009-01-15 18:09:40 159,504 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2009-02-11 18:10:48 159,504 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    - 2009-01-15 18:09:42 217,864 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2009-02-11 18:10:48 217,864 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    - 2009-01-15 18:09:42 18,704 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    + 2009-02-11 18:10:50 18,704 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    - 2009-01-15 18:09:42 35,088 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    + 2009-02-11 18:10:52 35,088 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2009-01-15 18:09:40 845,584 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    + 2009-02-11 18:10:48 845,584 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2009-01-15 18:09:42 922,384 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2009-02-11 18:10:48 922,384 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    - 2009-01-15 18:09:42 272,648 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    + 2009-02-11 18:10:50 272,648 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2009-01-15 18:09:42 888,080 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    + 2009-02-11 18:10:50 888,080 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2009-01-15 18:09:40 1,172,240 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    + 2009-02-11 18:10:46 1,172,240 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2008-10-16 20:33:22 124,928 —-a-w c:\windows\system32\advpack.dll
    + 2008-12-20 23:03:40 124,928 —-a-w c:\windows\system32\advpack.dll
    - 2009-02-10 08:55:28 32,768 —-a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-02-11 18:03:04 32,768 —-a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-02-10 08:55:28 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-02-11 18:03:04 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2009-02-10 08:55:28 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-11 18:03:04 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-10-16 20:33:22 124,928 ——w c:\windows\system32\dllcache\advpack.dll
    + 2008-12-20 23:03:40 124,928 ——w c:\windows\system32\dllcache\advpack.dll
    - 2008-10-16 20:33:22 347,136 —-a-w c:\windows\system32\dllcache\dxtmsft.dll
    + 2008-12-20 23:03:40 347,136 —-a-w c:\windows\system32\dllcache\dxtmsft.dll
    - 2008-10-16 20:33:22 214,528 —-a-w c:\windows\system32\dllcache\dxtrans.dll
    + 2008-12-20 23:03:40 214,528 —-a-w c:\windows\system32\dllcache\dxtrans.dll
    - 2008-10-16 20:33:22 133,120 —-a-w c:\windows\system32\dllcache\extmgr.dll
    + 2008-12-20 23:03:40 133,120 —-a-w c:\windows\system32\dllcache\extmgr.dll
    - 2008-10-16 20:33:22 63,488 ——w c:\windows\system32\dllcache\icardie.dll
    + 2008-12-20 23:03:40 63,488 ——w c:\windows\system32\dllcache\icardie.dll
    - 2008-10-16 20:33:22 153,088 ——w c:\windows\system32\dllcache\ieakeng.dll
    + 2008-12-20 23:03:40 153,088 ——w c:\windows\system32\dllcache\ieakeng.dll
    - 2008-10-16 20:33:22 230,400 ——w c:\windows\system32\dllcache\ieaksie.dll
    + 2008-12-20 23:03:40 230,400 ——w c:\windows\system32\dllcache\ieaksie.dll
    - 2008-10-16 20:33:24 383,488 ——w c:\windows\system32\dllcache\ieapfltr.dll
    + 2008-12-20 23:03:42 383,488 ——w c:\windows\system32\dllcache\ieapfltr.dll
    - 2008-10-16 20:33:24 384,512 ——w c:\windows\system32\dllcache\iedkcs32.dll
    + 2008-12-20 23:03:42 384,512 ——w c:\windows\system32\dllcache\iedkcs32.dll
    - 2008-10-16 20:33:26 6,066,176 ——w c:\windows\system32\dllcache\ieframe.dll
    + 2008-12-20 23:03:46 6,066,688 ——w c:\windows\system32\dllcache\ieframe.dll
    - 2008-10-16 20:33:26 44,544 ——w c:\windows\system32\dllcache\iernonce.dll
    + 2008-12-20 23:03:46 44,544 ——w c:\windows\system32\dllcache\iernonce.dll
    - 2008-10-16 20:33:26 267,776 ——w c:\windows\system32\dllcache\iertutil.dll
    + 2008-12-20 23:03:46 267,776 ——w c:\windows\system32\dllcache\iertutil.dll
    - 2008-10-16 20:33:26 27,648 —-a-w c:\windows\system32\dllcache\jsproxy.dll
    + 2008-12-20 23:03:48 27,648 —-a-w c:\windows\system32\dllcache\jsproxy.dll
    - 2008-10-16 20:33:26 459,264 ——w c:\windows\system32\dllcache\msfeeds.dll
    + 2008-12-20 23:03:48 459,264 ——w c:\windows\system32\dllcache\msfeeds.dll
    - 2008-10-16 20:33:26 52,224 ——w c:\windows\system32\dllcache\msfeedsbs.dll
    + 2008-12-20 23:03:48 52,224 ——w c:\windows\system32\dllcache\msfeedsbs.dll
    - 2008-10-16 20:33:30 477,696 —-a-w c:\windows\system32\dllcache\mshtmled.dll
    + 2008-12-20 23:03:52 477,696 —-a-w c:\windows\system32\dllcache\mshtmled.dll
    - 2008-10-16 20:33:30 193,024 —-a-w c:\windows\system32\dllcache\msrating.dll
    + 2008-12-20 23:03:52 193,024 —-a-w c:\windows\system32\dllcache\msrating.dll
    - 2008-10-16 20:33:30 671,232 —-a-w c:\windows\system32\dllcache\mstime.dll
    + 2008-12-20 23:03:52 671,232 —-a-w c:\windows\system32\dllcache\mstime.dll
    - 2008-10-16 20:33:30 102,912 ——w c:\windows\system32\dllcache\occache.dll
    + 2008-12-20 23:03:52 102,912 ——w c:\windows\system32\dllcache\occache.dll
    - 2008-10-16 20:33:30 44,544 —-a-w c:\windows\system32\dllcache\pngfilt.dll
    + 2008-12-20 23:03:52 44,544 —-a-w c:\windows\system32\dllcache\pngfilt.dll
    - 2008-10-16 20:33:30 105,984 ——w c:\windows\system32\dllcache\url.dll
    + 2008-12-20 23:03:52 105,984 ——w c:\windows\system32\dllcache\url.dll
    - 2008-10-16 20:33:32 1,160,192 —-a-w c:\windows\system32\dllcache\urlmon.dll
    + 2008-12-20 23:03:52 1,160,192 —-a-w c:\windows\system32\dllcache\urlmon.dll
    - 2008-10-16 20:33:32 233,472 ——w c:\windows\system32\dllcache\webcheck.dll
    + 2008-12-20 23:03:52 233,472 ——w c:\windows\system32\dllcache\webcheck.dll
    - 2008-10-16 20:33:32 826,368 —-a-w c:\windows\system32\dllcache\wininet.dll
    + 2008-12-20 23:03:54 826,368 —-a-w c:\windows\system32\dllcache\wininet.dll
    - 2008-10-16 20:33:22 347,136 —-a-w c:\windows\system32\dxtmsft.dll
    + 2008-12-20 23:03:40 347,136 —-a-w c:\windows\system32\dxtmsft.dll
    - 2008-10-16 20:33:22 214,528 —-a-w c:\windows\system32\dxtrans.dll
    + 2008-12-20 23:03:40 214,528 —-a-w c:\windows\system32\dxtrans.dll
    - 2008-10-16 20:33:22 133,120 —-a-w c:\windows\system32\extmgr.dll
    + 2008-12-20 23:03:40 133,120 —-a-w c:\windows\system32\extmgr.dll
    - 2008-10-16 20:33:22 63,488 —-a-w c:\windows\system32\icardie.dll
    + 2008-12-20 23:03:40 63,488 —-a-w c:\windows\system32\icardie.dll
    - 2008-10-16 13:14:32 70,656 —-a-w c:\windows\system32\ie4uinit.exe
    + 2008-12-19 09:13:44 70,656 —-a-w c:\windows\system32\ie4uinit.exe
    - 2008-10-16 20:33:22 153,088 —-a-w c:\windows\system32\ieakeng.dll
    + 2008-12-20 23:03:40 153,088 —-a-w c:\windows\system32\ieakeng.dll
    - 2008-10-16 20:33:22 230,400 —-a-w c:\windows\system32\ieaksie.dll
    + 2008-12-20 23:03:40 230,400 —-a-w c:\windows\system32\ieaksie.dll
    - 2008-10-15 07:04:54 161,792 —-a-w c:\windows\system32\ieakui.dll
    + 2008-12-19 05:23:56 161,792 —-a-w c:\windows\system32\ieakui.dll
    - 2008-10-16 20:33:24 383,488 —-a-w c:\windows\system32\ieapfltr.dll
    + 2008-12-20 23:03:42 383,488 —-a-w c:\windows\system32\ieapfltr.dll
    - 2008-10-16 20:33:24 384,512 —-a-w c:\windows\system32\iedkcs32.dll
    + 2008-12-20 23:03:42 384,512 —-a-w c:\windows\system32\iedkcs32.dll
    - 2008-10-16 20:33:26 6,066,176 —-a-w c:\windows\system32\ieframe.dll
    + 2008-12-20 23:03:46 6,066,688 —-a-w c:\windows\system32\ieframe.dll
    - 2008-10-16 20:33:26 44,544 —-a-w c:\windows\system32\iernonce.dll
    + 2008-12-20 23:03:46 44,544 —-a-w c:\windows\system32\iernonce.dll
    - 2008-10-16 20:33:26 267,776 —-a-w c:\windows\system32\iertutil.dll
    + 2008-12-20 23:03:46 267,776 —-a-w c:\windows\system32\iertutil.dll
    - 2008-10-16 13:11:10 13,824 —-a-w c:\windows\system32\ieudinit.exe
    + 2008-12-19 09:10:16 13,824 —-a-w c:\windows\system32\ieudinit.exe
    - 2008-10-16 20:33:26 27,648 —-a-w c:\windows\system32\jsproxy.dll
    + 2008-12-20 23:03:48 27,648 —-a-w c:\windows\system32\jsproxy.dll
    - 2009-01-10 01:35:28 20,853,704 —-a-w c:\windows\system32\MRT.exe
    + 2009-02-03 23:21:12 21,244,864 —-a-w c:\windows\system32\MRT.exe
    - 2008-10-16 20:33:26 459,264 —-a-w c:\windows\system32\msfeeds.dll
    + 2008-12-20 23:03:48 459,264 —-a-w c:\windows\system32\msfeeds.dll
    - 2008-10-16 20:33:26 52,224 —-a-w c:\windows\system32\msfeedsbs.dll
    + 2008-12-20 23:03:48 52,224 —-a-w c:\windows\system32\msfeedsbs.dll
    - 2008-12-13 06:39:18 3,593,216 —-a-w c:\windows\system32\mshtml.dll
    + 2009-01-16 20:31:16 3,594,752 —-a-w c:\windows\system32\mshtml.dll
    - 2008-10-16 20:33:30 477,696 —-a-w c:\windows\system32\mshtmled.dll
    + 2008-12-20 23:03:52 477,696 —-a-w c:\windows\system32\mshtmled.dll
    - 2008-10-16 20:33:30 193,024 —-a-w c:\windows\system32\msrating.dll
    + 2008-12-20 23:03:52 193,024 —-a-w c:\windows\system32\msrating.dll
    - 2008-10-16 20:33:30 671,232 —-a-w c:\windows\system32\mstime.dll
    + 2008-12-20 23:03:52 671,232 —-a-w c:\windows\system32\mstime.dll
    - 2008-10-16 20:33:30 102,912 —-a-w c:\windows\system32\occache.dll
    + 2008-12-20 23:03:52 102,912 —-a-w c:\windows\system32\occache.dll
    - 2008-10-16 20:33:30 44,544 —-a-w c:\windows\system32\pngfilt.dll
    + 2008-12-20 23:03:52 44,544 —-a-w c:\windows\system32\pngfilt.dll
    - 2007-11-30 12:39:46 18,808 ——w c:\windows\system32\spmsg.dll
    + 2008-07-09 07:44:08 18,808 ——w c:\windows\system32\spmsg.dll
    - 2008-10-16 20:33:30 105,984 —-a-w c:\windows\system32\url.dll
    + 2008-12-20 23:03:52 105,984 —-a-w c:\windows\system32\url.dll
    - 2008-10-16 20:33:32 1,160,192 —-a-w c:\windows\system32\urlmon.dll
    + 2008-12-20 23:03:52 1,160,192 —-a-w c:\windows\system32\urlmon.dll
    - 2008-10-16 20:33:32 233,472 —-a-w c:\windows\system32\webcheck.dll
    + 2008-12-20 23:03:52 233,472 —-a-w c:\windows\system32\webcheck.dll
    - 2008-10-16 20:33:32 826,368 —-a-w c:\windows\system32\wininet.dll
    + 2008-12-20 23:03:54 826,368 —-a-w c:\windows\system32\wininet.dll
    + 2009-02-11 18:26:46 16,384 —-a-w c:\windows\Temp\Perflib_Perfdata_768.dat
    .
    – Snapshot teruggezet naar huidige datum –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-23 98304]
    "VTTimer"="VTTimer.exe" [2003-05-07 c:\windows\system32\VTTimer.exe]
    "SoundMan"="SOUNDMAN.EXE" [2003-05-14 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Frans\Menu Start\Programma's\Opstarten\AutorunsDisabled
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-03-01 45056]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\AutorunsDisabled
    NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2008-02-25 241664]
    Realtek Wireless LAN Utility.lnk - c:\program files\Realtek\Realtek Wireless LAN Utility\RtlWake.exe [2005-06-08 741376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-12-09 15:14 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AresChatServer"=3 (0x3)
    "aawservice"=2 (0x2)
    "NOD32krn"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "Norton Ghost"=2 (0x2)
    "RetroExpLauncher"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\KCeasy\\giFT\\giFTl.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-11-10 138801]
    R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-11-10 46800]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-02-16 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2006-06-09 55024]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2004-04-19 66048]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-17 203280]
    R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [1980-01-01 14336]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [2003-09-02 183680]
    S3 hitmanpro3;Hitman Pro 3 Support Driver; [x]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196bf230-d554-11da-96ab-000b6b280a70}]
    \Shell\AutoRun\command - f:\keepas~1\KeePass.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-12-17 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2008-12-17 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2009-02-11 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
    uInternet Settings,ProxyOverride = <local>
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: microsoft.com\support
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-11 19:27:47
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(1100)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    - - - - - - - > 'lsass.exe'(1156)
    c:\windows\system32\relog_ap.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
    c:\windows\SYSTEM32\GEARSEC.EXE
    c:\program files\JAVA\JRE6\BIN\JQS.EXE
    c:\program files\MCAFEE\MSC\MCMSCSVC.EXE
    c:\program files\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE
    c:\program files\COMMON FILES\MCAFEE\MCPROXY\MCPROXY.EXE
    c:\program files\MCAFEE\VIRUSSCAN\MCSHIELD.EXE
    c:\program files\MCAFEE\MPF\MPFSRV.EXE
    c:\program files\COMMON FILES\ACRONIS\FOMATIK\TRUEIMAGETRYSTARTSERVICE.EXE
    c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-02-11 19:30:33 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-02-11 18:30:32
    ComboFix3.txt 2009-02-10 10:50:28
    ComboFix2.txt 2009-02-10 16:25:38

    Pre-Run: 9.462.628.352 bytes beschikbaar
    Post-Run: 9,446,096,896 bytes beschikbaar

    332 — E O F — 2009-02-11 18:14:50
  • [quote:86e789a725="f.ramaekers"]Hallo,

    Sorry 2 x gepost.

    Hier de nieuwe log.


    ComboFix 09-02-08.02 - Frans 2009-02-11 19:22:01.3 - [b:86e789a725]FAT32[/b:86e789a725][/color:86e789a725]x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.958.649 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Frans\Bureaublad\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    AV: NOD32 antivirus systeem 2.50 *On-access scanning disabled* (Outdated)
    FW: McAfee Personal Firewall *enabled*
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-11 to 2009-02-11 ))))))))))))))))))))))))))))))
    .

    2009-02-10 10:24 . 2009-02-10 10:24 2,359,350 –a—— c:\windows\Webshots for Frans.bmp
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\documents and settings\Frans\Application Data\Malwarebytes
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-09 18:33 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-09 18:33 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-08 12:01 . 2009-02-08 12:01 <DIR> d——– c:\program files\Trend Micro
    2009-02-08 11:42 . 2009-02-08 11:42 <DIR> dr-h—– c:\documents and settings\Frans\Onlangs geopend
    2009-01-18 15:03 . 2009-01-18 15:03 <DIR> d——– c:\program files\Wisdom-soft ScreenHunter 5 Free
    2009-01-15 19:24 . 2009-01-15 19:24 <DIR> d——– c:\program files\Windows Defender

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-16 20:31 3,594,752 —-a-w c:\windows\system32\dllcache\mshtml.dll
    2009-01-05 10:08 ——— d—–w c:\documents and settings\Frans\Application Data\Belastingdienst
    2008-12-31 12:59 ——— d—–w c:\program files\K-Lite Codec Pack
    2008-12-28 13:08 ——— d—–w c:\documents and settings\Frans\Application Data\Uniblue
    2008-12-28 12:56 ——— d–h–w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
    2008-12-19 09:43 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-12-19 09:13 70,656 ——w c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 09:10 13,824 ——w c:\windows\system32\dllcache\ieudinit.exe
    2008-12-19 05:25 634,024 ——w c:\windows\system32\dllcache\iexplore.exe
    2008-12-19 05:23 161,792 —-a-w c:\windows\system32\dllcache\ieakui.dll
    2008-12-17 18:32 ——— d—–w c:\documents and settings\All Users\Application Data\SiteAdvisor
    2008-12-17 18:26 ——— d—–w c:\program files\McAfee.com
    2008-12-17 18:26 ——— d—–w c:\program files\McAfee
    2008-12-17 18:26 ——— d—–w c:\program files\Common Files\McAfee
    2008-12-17 18:24 ——— d—–w c:\documents and settings\All Users\Application Data\McAfee
    2008-12-11 11:57 333,184 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 11:57 333,184 ——w c:\windows\system32\dllcache\srv.sys
    2008-12-05 12:52 61,224 —-a-w c:\documents and settings\Frans\GoToAssistDownloadHelper.exe
    2008-09-12 11:49 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091220080913\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-10_11.49.39.67 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-16 20:33:22 124,928 ——w c:\windows\ie7updates\KB961260-IE7\advpack.dll
    + 2008-10-16 20:33:22 347,136 ——w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
    + 2008-10-16 20:33:22 214,528 ——w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
    + 2008-10-16 20:33:22 133,120 ——w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
    + 2008-10-16 20:33:22 63,488 ——w c:\windows\ie7updates\KB961260-IE7\icardie.dll
    + 2008-10-16 13:14:32 70,656 ——w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
    + 2008-10-16 20:33:22 153,088 ——w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
    + 2008-10-16 20:33:22 230,400 ——w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
    + 2008-10-15 07:04:54 161,792 ——w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
    + 2008-10-16 20:33:24 383,488 ——w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
    + 2008-10-16 20:33:24 384,512 ——w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
    + 2008-10-16 20:33:26 6,066,176 ——w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
    + 2008-10-16 20:33:26 44,544 ——w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
    + 2008-10-16 20:33:26 267,776 ——w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
    + 2008-10-16 13:11:10 13,824 ——w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
    + 2008-10-15 07:06:26 633,632 ——w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
    + 2008-10-16 20:33:26 27,648 ——w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
    + 2008-10-16 20:33:26 459,264 ——w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
    + 2008-10-16 20:33:26 52,224 ——w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
    + 2008-12-13 06:39:18 3,593,216 ——w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
    + 2008-10-16 20:33:30 477,696 ——w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
    + 2008-10-16 20:33:30 193,024 ——w c:\windows\ie7updates\KB961260-IE7\msrating.dll
    + 2008-10-16 20:33:30 671,232 ——w c:\windows\ie7updates\KB961260-IE7\mstime.dll
    + 2008-10-16 20:33:30 102,912 ——w c:\windows\ie7updates\KB961260-IE7\occache.dll
    + 2008-10-16 20:33:30 44,544 ——w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
    + 2007-03-06 01:58:28 216,800 ——w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:59:38 389,856 ——w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
    + 2008-10-16 20:33:30 105,984 ——w c:\windows\ie7updates\KB961260-IE7\url.dll
    + 2008-10-16 20:33:32 1,160,192 ——w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
    + 2008-10-16 20:33:32 233,472 ——w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
    + 2008-10-16 20:33:32 826,368 ——w c:\windows\ie7updates\KB961260-IE7\wininet.dll
    - 2009-01-15 18:09:40 1,165,584 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2009-02-11 18:10:46 1,165,584 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    - 2009-01-15 18:09:42 20,240 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2009-02-11 18:10:50 20,240 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    - 2009-01-15 18:09:40 159,504 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2009-02-11 18:10:48 159,504 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    - 2009-01-15 18:09:42 217,864 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2009-02-11 18:10:48 217,864 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    - 2009-01-15 18:09:42 18,704 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    + 2009-02-11 18:10:50 18,704 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    - 2009-01-15 18:09:42 35,088 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    + 2009-02-11 18:10:52 35,088 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2009-01-15 18:09:40 845,584 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    + 2009-02-11 18:10:48 845,584 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2009-01-15 18:09:42 922,384 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2009-02-11 18:10:48 922,384 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    - 2009-01-15 18:09:42 272,648 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    + 2009-02-11 18:10:50 272,648 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2009-01-15 18:09:42 888,080 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    + 2009-02-11 18:10:50 888,080 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2009-01-15 18:09:40 1,172,240 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    + 2009-02-11 18:10:46 1,172,240 —-a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2008-10-16 20:33:22 124,928 —-a-w c:\windows\system32\advpack.dll
    + 2008-12-20 23:03:40 124,928 —-a-w c:\windows\system32\advpack.dll
    - 2009-02-10 08:55:28 32,768 —-a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-02-11 18:03:04 32,768 —-a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-02-10 08:55:28 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-02-11 18:03:04 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2009-02-10 08:55:28 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-11 18:03:04 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-10-16 20:33:22 124,928 ——w c:\windows\system32\dllcache\advpack.dll
    + 2008-12-20 23:03:40 124,928 ——w c:\windows\system32\dllcache\advpack.dll
    - 2008-10-16 20:33:22 347,136 —-a-w c:\windows\system32\dllcache\dxtmsft.dll
    + 2008-12-20 23:03:40 347,136 —-a-w c:\windows\system32\dllcache\dxtmsft.dll
    - 2008-10-16 20:33:22 214,528 —-a-w c:\windows\system32\dllcache\dxtrans.dll
    + 2008-12-20 23:03:40 214,528 —-a-w c:\windows\system32\dllcache\dxtrans.dll
    - 2008-10-16 20:33:22 133,120 —-a-w c:\windows\system32\dllcache\extmgr.dll
    + 2008-12-20 23:03:40 133,120 —-a-w c:\windows\system32\dllcache\extmgr.dll
    - 2008-10-16 20:33:22 63,488 ——w c:\windows\system32\dllcache\icardie.dll
    + 2008-12-20 23:03:40 63,488 ——w c:\windows\system32\dllcache\icardie.dll
    - 2008-10-16 20:33:22 153,088 ——w c:\windows\system32\dllcache\ieakeng.dll
    + 2008-12-20 23:03:40 153,088 ——w c:\windows\system32\dllcache\ieakeng.dll
    - 2008-10-16 20:33:22 230,400 ——w c:\windows\system32\dllcache\ieaksie.dll
    + 2008-12-20 23:03:40 230,400 ——w c:\windows\system32\dllcache\ieaksie.dll
    - 2008-10-16 20:33:24 383,488 ——w c:\windows\system32\dllcache\ieapfltr.dll
    + 2008-12-20 23:03:42 383,488 ——w c:\windows\system32\dllcache\ieapfltr.dll
    - 2008-10-16 20:33:24 384,512 ——w c:\windows\system32\dllcache\iedkcs32.dll
    + 2008-12-20 23:03:42 384,512 ——w c:\windows\system32\dllcache\iedkcs32.dll
    - 2008-10-16 20:33:26 6,066,176 ——w c:\windows\system32\dllcache\ieframe.dll
    + 2008-12-20 23:03:46 6,066,688 ——w c:\windows\system32\dllcache\ieframe.dll
    - 2008-10-16 20:33:26 44,544 ——w c:\windows\system32\dllcache\iernonce.dll
    + 2008-12-20 23:03:46 44,544 ——w c:\windows\system32\dllcache\iernonce.dll
    - 2008-10-16 20:33:26 267,776 ——w c:\windows\system32\dllcache\iertutil.dll
    + 2008-12-20 23:03:46 267,776 ——w c:\windows\system32\dllcache\iertutil.dll
    - 2008-10-16 20:33:26 27,648 —-a-w c:\windows\system32\dllcache\jsproxy.dll
    + 2008-12-20 23:03:48 27,648 —-a-w c:\windows\system32\dllcache\jsproxy.dll
    - 2008-10-16 20:33:26 459,264 ——w c:\windows\system32\dllcache\msfeeds.dll
    + 2008-12-20 23:03:48 459,264 ——w c:\windows\system32\dllcache\msfeeds.dll
    - 2008-10-16 20:33:26 52,224 ——w c:\windows\system32\dllcache\msfeedsbs.dll
    + 2008-12-20 23:03:48 52,224 ——w c:\windows\system32\dllcache\msfeedsbs.dll
    - 2008-10-16 20:33:30 477,696 —-a-w c:\windows\system32\dllcache\mshtmled.dll
    + 2008-12-20 23:03:52 477,696 —-a-w c:\windows\system32\dllcache\mshtmled.dll
    - 2008-10-16 20:33:30 193,024 —-a-w c:\windows\system32\dllcache\msrating.dll
    + 2008-12-20 23:03:52 193,024 —-a-w c:\windows\system32\dllcache\msrating.dll
    - 2008-10-16 20:33:30 671,232 —-a-w c:\windows\system32\dllcache\mstime.dll
    + 2008-12-20 23:03:52 671,232 —-a-w c:\windows\system32\dllcache\mstime.dll
    - 2008-10-16 20:33:30 102,912 ——w c:\windows\system32\dllcache\occache.dll
    + 2008-12-20 23:03:52 102,912 ——w c:\windows\system32\dllcache\occache.dll
    - 2008-10-16 20:33:30 44,544 —-a-w c:\windows\system32\dllcache\pngfilt.dll
    + 2008-12-20 23:03:52 44,544 —-a-w c:\windows\system32\dllcache\pngfilt.dll
    - 2008-10-16 20:33:30 105,984 ——w c:\windows\system32\dllcache\url.dll
    + 2008-12-20 23:03:52 105,984 ——w c:\windows\system32\dllcache\url.dll
    - 2008-10-16 20:33:32 1,160,192 —-a-w c:\windows\system32\dllcache\urlmon.dll
    + 2008-12-20 23:03:52 1,160,192 —-a-w c:\windows\system32\dllcache\urlmon.dll
    - 2008-10-16 20:33:32 233,472 ——w c:\windows\system32\dllcache\webcheck.dll
    + 2008-12-20 23:03:52 233,472 ——w c:\windows\system32\dllcache\webcheck.dll
    - 2008-10-16 20:33:32 826,368 —-a-w c:\windows\system32\dllcache\wininet.dll
    + 2008-12-20 23:03:54 826,368 —-a-w c:\windows\system32\dllcache\wininet.dll
    - 2008-10-16 20:33:22 347,136 —-a-w c:\windows\system32\dxtmsft.dll
    + 2008-12-20 23:03:40 347,136 —-a-w c:\windows\system32\dxtmsft.dll
    - 2008-10-16 20:33:22 214,528 —-a-w c:\windows\system32\dxtrans.dll
    + 2008-12-20 23:03:40 214,528 —-a-w c:\windows\system32\dxtrans.dll
    - 2008-10-16 20:33:22 133,120 —-a-w c:\windows\system32\extmgr.dll
    + 2008-12-20 23:03:40 133,120 —-a-w c:\windows\system32\extmgr.dll
    - 2008-10-16 20:33:22 63,488 —-a-w c:\windows\system32\icardie.dll
    + 2008-12-20 23:03:40 63,488 —-a-w c:\windows\system32\icardie.dll
    - 2008-10-16 13:14:32 70,656 —-a-w c:\windows\system32\ie4uinit.exe
    + 2008-12-19 09:13:44 70,656 —-a-w c:\windows\system32\ie4uinit.exe
    - 2008-10-16 20:33:22 153,088 —-a-w c:\windows\system32\ieakeng.dll
    + 2008-12-20 23:03:40 153,088 —-a-w c:\windows\system32\ieakeng.dll
    - 2008-10-16 20:33:22 230,400 —-a-w c:\windows\system32\ieaksie.dll
    + 2008-12-20 23:03:40 230,400 —-a-w c:\windows\system32\ieaksie.dll
    - 2008-10-15 07:04:54 161,792 —-a-w c:\windows\system32\ieakui.dll
    + 2008-12-19 05:23:56 161,792 —-a-w c:\windows\system32\ieakui.dll
    - 2008-10-16 20:33:24 383,488 —-a-w c:\windows\system32\ieapfltr.dll
    + 2008-12-20 23:03:42 383,488 —-a-w c:\windows\system32\ieapfltr.dll
    - 2008-10-16 20:33:24 384,512 —-a-w c:\windows\system32\iedkcs32.dll
    + 2008-12-20 23:03:42 384,512 —-a-w c:\windows\system32\iedkcs32.dll
    - 2008-10-16 20:33:26 6,066,176 —-a-w c:\windows\system32\ieframe.dll
    + 2008-12-20 23:03:46 6,066,688 —-a-w c:\windows\system32\ieframe.dll
    - 2008-10-16 20:33:26 44,544 —-a-w c:\windows\system32\iernonce.dll
    + 2008-12-20 23:03:46 44,544 —-a-w c:\windows\system32\iernonce.dll
    - 2008-10-16 20:33:26 267,776 —-a-w c:\windows\system32\iertutil.dll
    + 2008-12-20 23:03:46 267,776 —-a-w c:\windows\system32\iertutil.dll
    - 2008-10-16 13:11:10 13,824 —-a-w c:\windows\system32\ieudinit.exe
    + 2008-12-19 09:10:16 13,824 —-a-w c:\windows\system32\ieudinit.exe
    - 2008-10-16 20:33:26 27,648 —-a-w c:\windows\system32\jsproxy.dll
    + 2008-12-20 23:03:48 27,648 —-a-w c:\windows\system32\jsproxy.dll
    - 2009-01-10 01:35:28 20,853,704 —-a-w c:\windows\system32\MRT.exe
    + 2009-02-03 23:21:12 21,244,864 —-a-w c:\windows\system32\MRT.exe
    - 2008-10-16 20:33:26 459,264 —-a-w c:\windows\system32\msfeeds.dll
    + 2008-12-20 23:03:48 459,264 —-a-w c:\windows\system32\msfeeds.dll
    - 2008-10-16 20:33:26 52,224 —-a-w c:\windows\system32\msfeedsbs.dll
    + 2008-12-20 23:03:48 52,224 —-a-w c:\windows\system32\msfeedsbs.dll
    - 2008-12-13 06:39:18 3,593,216 —-a-w c:\windows\system32\mshtml.dll
    + 2009-01-16 20:31:16 3,594,752 —-a-w c:\windows\system32\mshtml.dll
    - 2008-10-16 20:33:30 477,696 —-a-w c:\windows\system32\mshtmled.dll
    + 2008-12-20 23:03:52 477,696 —-a-w c:\windows\system32\mshtmled.dll
    - 2008-10-16 20:33:30 193,024 —-a-w c:\windows\system32\msrating.dll
    + 2008-12-20 23:03:52 193,024 —-a-w c:\windows\system32\msrating.dll
    - 2008-10-16 20:33:30 671,232 —-a-w c:\windows\system32\mstime.dll
    + 2008-12-20 23:03:52 671,232 —-a-w c:\windows\system32\mstime.dll
    - 2008-10-16 20:33:30 102,912 —-a-w c:\windows\system32\occache.dll
    + 2008-12-20 23:03:52 102,912 —-a-w c:\windows\system32\occache.dll
    - 2008-10-16 20:33:30 44,544 —-a-w c:\windows\system32\pngfilt.dll
    + 2008-12-20 23:03:52 44,544 —-a-w c:\windows\system32\pngfilt.dll
    - 2007-11-30 12:39:46 18,808 ——w c:\windows\system32\spmsg.dll
    + 2008-07-09 07:44:08 18,808 ——w c:\windows\system32\spmsg.dll
    - 2008-10-16 20:33:30 105,984 —-a-w c:\windows\system32\url.dll
    + 2008-12-20 23:03:52 105,984 —-a-w c:\windows\system32\url.dll
    - 2008-10-16 20:33:32 1,160,192 —-a-w c:\windows\system32\urlmon.dll
    + 2008-12-20 23:03:52 1,160,192 —-a-w c:\windows\system32\urlmon.dll
    - 2008-10-16 20:33:32 233,472 —-a-w c:\windows\system32\webcheck.dll
    + 2008-12-20 23:03:52 233,472 —-a-w c:\windows\system32\webcheck.dll
    - 2008-10-16 20:33:32 826,368 —-a-w c:\windows\system32\wininet.dll
    + 2008-12-20 23:03:54 826,368 —-a-w c:\windows\system32\wininet.dll
    + 2009-02-11 18:26:46 16,384 —-a-w c:\windows\Temp\Perflib_Perfdata_768.dat
    .
    – Snapshot teruggezet naar huidige datum –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-23 98304]
    "VTTimer"="VTTimer.exe" [2003-05-07 c:\windows\system32\VTTimer.exe]
    "SoundMan"="SOUNDMAN.EXE" [2003-05-14 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Frans\Menu Start\Programma's\Opstarten\AutorunsDisabled
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-03-01 45056]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\AutorunsDisabled
    NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2008-02-25 241664]
    Realtek Wireless LAN Utility.lnk - c:\program files\Realtek\Realtek Wireless LAN Utility\RtlWake.exe [2005-06-08 741376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-12-09 15:14 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AresChatServer"=3 (0x3)
    "aawservice"=2 (0x2)
    "NOD32krn"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "Norton Ghost"=2 (0x2)
    "RetroExpLauncher"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\KCeasy\\giFT\\giFTl.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-11-10 138801]
    R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-11-10 46800]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-02-16 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2006-06-09 55024]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2004-04-19 66048]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-17 203280]
    R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [1980-01-01 14336]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [2003-09-02 183680]
    S3 hitmanpro3;Hitman Pro 3 Support Driver; [x]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196bf230-d554-11da-96ab-000b6b280a70}]
    \Shell\AutoRun\command - f:\keepas~1\KeePass.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-12-17 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2008-12-17 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2009-02-11 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
    uInternet Settings,ProxyOverride = <local>
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: microsoft.com\support
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-11 19:27:47
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(1100)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    - - - - - - - > 'lsass.exe'(1156)
    c:\windows\system32\relog_ap.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
    c:\windows\SYSTEM32\GEARSEC.EXE
    c:\program files\JAVA\JRE6\BIN\JQS.EXE
    c:\program files\MCAFEE\MSC\MCMSCSVC.EXE
    c:\program files\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE
    c:\program files\COMMON FILES\MCAFEE\MCPROXY\MCPROXY.EXE
    c:\program files\MCAFEE\VIRUSSCAN\MCSHIELD.EXE
    c:\program files\MCAFEE\MPF\MPFSRV.EXE
    c:\program files\COMMON FILES\ACRONIS\FOMATIK\TRUEIMAGETRYSTARTSERVICE.EXE
    c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-02-11 19:30:33 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-02-11 18:30:32
    ComboFix3.txt 2009-02-10 10:50:28
    ComboFix2.txt 2009-02-10 16:25:38

    Pre-Run: 9.462.628.352 bytes beschikbaar
    Post-Run: 9,446,096,896 bytes beschikbaar

    332 — E O F — 2009-02-11 18:14:50[/quote:86e789a725]
  • Hallo,


    Ik ben een aantal herstelpunten teruggegaan. Op te checken waar het mis gegaan is. Iedere keer eentje terug tot vóór installatie van combofix. De autorun van de dvd en de usb deden het weer.
    Ik heb daarna combofix opnieuw geinstaleerd en gedraaid. Zie log.
    Daarna was het weer afgelopen met autorun.
    Ik heb daarna op http://nl.brothersoft.com/Microsoft-AutoPlay-Repair-Wizard-113054.html een herstel programmaatje gedownload en geinstaleerd.
    Zowel dvd al usb doen het weer!


    Vr.gr.
    Frans

    ComboFix 09-02-12.03 - Frans 2009-02-13 12:47:19.1 - [b:22b317e45f]FAT32[/b:22b317e45f][/color:22b317e45f]x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.958.647 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Frans\Bureaublad\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    AV: NOD32 antivirus systeem 2.50 *On-access scanning disabled* (Outdated)
    FW: McAfee Personal Firewall *enabled*
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_NPF


    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-13 to 2009-02-13 ))))))))))))))))))))))))))))))
    .

    2009-02-13 12:13 . 2009-02-13 12:13 <DIR> d–hs—- c:\documents and settings\Frans\UserData
    2009-02-13 09:24 . 2002-06-21 15:09 160,217 –a—— c:\windows\system32\PowerToysLicense.rtf
    2009-02-10 10:24 . 2009-02-10 10:24 2,359,350 –a—— c:\windows\Webshots for Frans.bmp
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\documents and settings\Frans\Application Data\Malwarebytes
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-09 18:33 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-09 18:33 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-08 12:01 . 2009-02-08 12:01 <DIR> d——– c:\program files\Trend Micro
    2009-02-08 11:42 . 2009-02-08 11:42 <DIR> dr-h—– c:\documents and settings\Frans\Onlangs geopend
    2009-01-18 15:03 . 2009-01-18 15:03 <DIR> d——– c:\program files\Wisdom-soft ScreenHunter 5 Free
    2009-01-15 19:24 . 2009-01-15 19:24 <DIR> d——– c:\program files\Windows Defender

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-16 20:31 3,594,752 —-a-w c:\windows\system32\dllcache\mshtml.dll
    2009-01-05 10:08 ——— d—–w c:\documents and settings\Frans\Application Data\Belastingdienst
    2008-12-31 12:59 ——— d—–w c:\program files\K-Lite Codec Pack
    2008-12-28 13:08 ——— d—–w c:\documents and settings\Frans\Application Data\Uniblue
    2008-12-28 12:56 ——— d–h–w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
    2008-12-19 09:43 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-12-19 09:13 70,656 ——w c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 09:10 13,824 ——w c:\windows\system32\dllcache\ieudinit.exe
    2008-12-19 05:25 634,024 ——w c:\windows\system32\dllcache\iexplore.exe
    2008-12-19 05:23 161,792 —-a-w c:\windows\system32\dllcache\ieakui.dll
    2008-12-17 18:32 ——— d—–w c:\documents and settings\All Users\Application Data\SiteAdvisor
    2008-12-17 18:26 ——— d—–w c:\program files\McAfee.com
    2008-12-17 18:26 ——— d—–w c:\program files\McAfee
    2008-12-17 18:26 ——— d—–w c:\program files\Common Files\McAfee
    2008-12-17 18:24 ——— d—–w c:\documents and settings\All Users\Application Data\McAfee
    2008-12-11 11:57 333,184 ——w c:\windows\system32\dllcache\srv.sys
    2008-12-05 12:52 61,224 —-a-w c:\documents and settings\Frans\GoToAssistDownloadHelper.exe
    2008-09-12 11:49 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091220080913\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-23 98304]
    "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 160256]
    "VTTimer"="VTTimer.exe" [2003-05-07 c:\windows\system32\VTTimer.exe]
    "SoundMan"="SOUNDMAN.EXE" [2003-05-14 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Frans\Menu Start\Programma's\Opstarten\AutorunsDisabled
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-03-01 45056]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\AutorunsDisabled
    NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2008-02-25 241664]
    Realtek Wireless LAN Utility.lnk - c:\program files\Realtek\Realtek Wireless LAN Utility\RtlWake.exe [2005-06-08 741376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-12-09 15:14 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AresChatServer"=3 (0x3)
    "aawservice"=2 (0x2)
    "NOD32krn"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "Norton Ghost"=2 (0x2)
    "RetroExpLauncher"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\KCeasy\\giFT\\giFTl.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-11-10 138801]
    R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-11-10 46800]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-02-16 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2006-06-09 55024]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2004-04-19 66048]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-17 203280]
    R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [1980-01-01 14336]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [2003-09-02 183680]
    S3 hitmanpro3;Hitman Pro 3 Support Driver; [x]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196bf230-d554-11da-96ab-000b6b280a70}]
    \Shell\AutoRun\command - f:\keepas~1\KeePass.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e2f3950-ac28-11dd-9bc4-000b6b280a70}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b4e7eb0-921a-11dd-9b8e-000b6b280a70}]
    \Shell\AutoRun\command - F:\InstallTomTomHOME.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-12-17 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2008-12-17 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2009-02-13 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


    .
    ——- Bijkomende Scan ——-
    .
    uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
    uInternet Settings,ProxyOverride = <local>
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: microsoft.com\support
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-13 12:51:47
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(1100)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    - - - - - - - > 'lsass.exe'(1156)
    c:\windows\system32\relog_ap.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
    c:\windows\SYSTEM32\GEARSEC.EXE
    c:\program files\JAVA\JRE6\BIN\JQS.EXE
    c:\program files\MCAFEE\MSC\MCMSCSVC.EXE
    c:\program files\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE
    c:\program files\COMMON FILES\MCAFEE\MCPROXY\MCPROXY.EXE
    c:\program files\MCAFEE\VIRUSSCAN\MCSHIELD.EXE
    c:\program files\MCAFEE\MPF\MPFSRV.EXE
    c:\program files\COMMON FILES\ACRONIS\FOMATIK\TRUEIMAGETRYSTARTSERVICE.EXE
    c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-02-13 12:54:31 - machine werd herstart [Frans]
    ComboFix-quarantined-files.txt 2009-02-13 11:54:30
    ComboFix4.txt 2009-02-10 10:50:28
    ComboFix3.txt 2009-02-10 16:25:38
    ComboFix2.txt 2009-02-11 18:30:38

    Pre-Run: 8,902,721,536 bytes beschikbaar
    Post-Run: 8,856,502,272 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    182 — E O F — 2009-02-13 11:38:48
  • Er moet echter wel nog één ding gebeuren.


    Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.


    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

    [b:fa33ec23db]Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b4e7eb0-921a-11dd-9b8e-000b6b280a70}][/b:fa33ec23db] [/color:fa33ec23db]

    Sla het kladblokbestand op als CFScript.txt

    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder:

    [img:fa33ec23db]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:fa33ec23db]

    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van de logfile.
  • Hallo,


    Hieronder de nieuwe log.

    Tijdens de bewerking is het niet geheel vlekeloos verlopen. Nadat combofix de laptop opnieuw op wilde starten verscheen het blauwe scherm met een melding STOP c0000218 registerbestand fout …… en nog wat tekst die ik niet zo snel kon lezen. Daarna het scherm schijfconrole. En het scherm waarin ik de keuze kon maken om in veilige modus , of normaal wilde opstaren. Ik heb gekozen om windows normaal op te staren. Daarna verscheen het scherm van combofix weer, om het log bestand aan te maken.

    <<>>
    ComboFix 09-02-12.03 - Frans 2009-02-14 13:23:22.2 - [b:c6f2a50a6a]FAT32[/b:c6f2a50a6a][/color:c6f2a50a6a]x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.958.466 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Frans\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Frans\Bureaublad\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    AV: NOD32 antivirus systeem 2.50 *On-access scanning disabled* (Outdated)
    FW: McAfee Personal Firewall *enabled*
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    F:\autorun.inf
    G:\Autorun.inf
    H:\Autorun.inf

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))
    .

    2009-02-13 09:24 . 2002-06-21 15:09 160,217 –a—— c:\windows\system32\PowerToysLicense.rtf
    2009-02-10 10:24 . 2009-02-10 10:24 2,359,350 –a—— c:\windows\Webshots for Frans.bmp
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\documents and settings\Frans\Application Data\Malwarebytes
    2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-09 18:33 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-09 18:33 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-08 12:01 . 2009-02-08 12:01 <DIR> d——– c:\program files\Trend Micro
    2009-02-08 11:42 . 2009-02-08 11:42 <DIR> dr-h—– c:\documents and settings\Frans\Onlangs geopend
    2009-01-18 15:03 . 2009-01-18 15:03 <DIR> d——– c:\program files\Wisdom-soft ScreenHunter 5 Free
    2009-01-15 19:24 . 2009-01-15 19:24 <DIR> d——– c:\program files\Windows Defender

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-14 12:07 90,112 —-a-w c:\windows\DUMP7e78.tmp
    2009-01-16 20:31 3,594,752 —-a-w c:\windows\system32\dllcache\mshtml.dll
    2009-01-05 10:08 ——— d—–w c:\documents and settings\Frans\Application Data\Belastingdienst
    2008-12-31 12:59 ——— d—–w c:\program files\K-Lite Codec Pack
    2008-12-28 13:08 ——— d—–w c:\documents and settings\Frans\Application Data\Uniblue
    2008-12-28 12:56 ——— d–h–w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
    2008-12-19 09:43 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-12-19 09:13 70,656 ——w c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 09:10 13,824 ——w c:\windows\system32\dllcache\ieudinit.exe
    2008-12-19 05:25 634,024 ——w c:\windows\system32\dllcache\iexplore.exe
    2008-12-19 05:23 161,792 —-a-w c:\windows\system32\dllcache\ieakui.dll
    2008-12-17 18:32 ——— d—–w c:\documents and settings\All Users\Application Data\SiteAdvisor
    2008-12-17 18:26 ——— d—–w c:\program files\McAfee.com
    2008-12-17 18:26 ——— d—–w c:\program files\McAfee
    2008-12-17 18:26 ——— d—–w c:\program files\Common Files\McAfee
    2008-12-17 18:24 ——— d—–w c:\documents and settings\All Users\Application Data\McAfee
    2008-12-11 11:57 333,184 ——w c:\windows\system32\dllcache\srv.sys
    2008-12-05 12:52 61,224 —-a-w c:\documents and settings\Frans\GoToAssistDownloadHelper.exe
    2008-09-12 11:49 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091220080913\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-13_12.53.44.94 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-13 11:27:30 32,768 —-a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-02-14 12:16:06 32,768 —-a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-02-13 11:27:30 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-02-14 12:16:06 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2009-02-13 11:27:30 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-14 12:16:06 32,768 ——w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-14 12:36:12 16,384 —-a-w c:\windows\Temp\Perflib_Perfdata_8e0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-23 98304]
    "VTTimer"="VTTimer.exe" [2003-05-07 c:\windows\system32\VTTimer.exe]
    "SoundMan"="SOUNDMAN.EXE" [2003-05-14 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Frans\Menu Start\Programma's\Opstarten\AutorunsDisabled
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-03-01 45056]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\AutorunsDisabled
    NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2008-02-25 241664]
    Realtek Wireless LAN Utility.lnk - c:\program files\Realtek\Realtek Wireless LAN Utility\RtlWake.exe [2005-06-08 741376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-12-09 15:14 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AresChatServer"=3 (0x3)
    "aawservice"=2 (0x2)
    "NOD32krn"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "Norton Ghost"=2 (0x2)
    "RetroExpLauncher"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\KCeasy\\giFT\\giFTl.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-11-10 138801]
    R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-11-10 46800]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-02-16 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2006-06-09 55024]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2004-04-19 66048]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-17 203280]
    R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [1980-01-01 14336]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [2003-09-02 183680]
    S3 hitmanpro3;Hitman Pro 3 Support Driver; [x]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196bf230-d554-11da-96ab-000b6b280a70}]
    \Shell\AutoRun\command - g:\keepas~1\KeePass.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e2f3950-ac28-11dd-9bc4-000b6b280a70}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-12-17 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2008-12-17 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

    2009-02-14 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
    uInternet Settings,ProxyOverride = <local>
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: microsoft.com\support
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-14 13:38:04
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(1612)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    - - - - - - - > 'lsass.exe'(1676)
    c:\windows\system32\relog_ap.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\savedump.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\windows\System32\GEARSec.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-02-14 13:40:42 - machine werd herstart [Frans]
    ComboFix-quarantined-files.txt 2009-02-14 12:40:40
    ComboFix4.txt 2009-02-10 16:25:38
    ComboFix3.txt 2009-02-11 18:30:38
    ComboFix5.txt 2009-02-14 12:22:06
    ComboFix2.txt 2009-02-13 11:54:36

    Pre-Run: 8.736.555.008 bytes beschikbaar
    Post-Run: 8,721,547,264 bytes beschikbaar

    184 — E O F — 2009-02-13 11:38:48

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.