Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Relay service?

#robkeb#
12 antwoorden
  • Van mijn provider kreeg ik een mail dat er via mijn pc een relay service draait.
    Zou iemand in dit log na kunnen gaan waar ik die kan vinden en hoe ik die verwijder?

    Alvast bedankt.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:47:29, on 13-2-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\2xExplorer\2xExplorer.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    unkey
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,95/mcinsctl.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: McAfee Application Installer Cleanup (0173171234201561) (0173171234201561mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\017317~1.EXE (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


    End of file - 8797 bytes
  • Ga nu naar Start -> Uitvoeren
    Typ hier dit commando in: [b:238d9f6798]sc stop McAfee Application Installer Cleanup[/b:238d9f6798] en druk op OK.
    Herhaal dit met dit commando:[b:238d9f6798]sc delete McAfee Application Installer Cleanup[/b:238d9f6798].


    Download [b:238d9f6798]MalwareBytes' Anti-Malware[/color:238d9f6798][/b:238d9f6798] en sla het op je bureaublad op.
    Dubbelklik op [b:238d9f6798]mbam-setup.exe[/b:238d9f6798] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:238d9f6798]
    [*:238d9f6798]Update MalwareBytes' Anti-Malware
    [*:238d9f6798]Start MalwareBytes' Anti-Malware
    [/list:u:238d9f6798]Klik daarna op "[b:238d9f6798]Voltooien[/b:238d9f6798]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:238d9f6798]
    [*:238d9f6798]Zodra het programma gestart is, ga dan naar het tabblad "[b:238d9f6798]Instellingen[/b:238d9f6798]".
    [*:238d9f6798]Vink hier aan: "[b:238d9f6798]Sluit Internet Explorer tijdens verwijdering van malware[/b:238d9f6798]".
    [*:238d9f6798]Ga daarna naar het tabblad "[b:238d9f6798]Scanner[/b:238d9f6798]", kies hier voor "[b:238d9f6798]Snelle Scan[/b:238d9f6798]".
    [*:238d9f6798]Druk vervolgens op "[b:238d9f6798]Scannen[/b:238d9f6798]" om de scan te starten.
    [*:238d9f6798]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:238d9f6798]Wanneer de scan voltooid is, klik op [b:238d9f6798]OK[/b:238d9f6798], daarna "[b:238d9f6798]Bekijk Resultaten[/b:238d9f6798]" om de resultaten te zien.
    [*:238d9f6798]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:238d9f6798]Verwijder geselecteerde[/b:238d9f6798]".
    [*:238d9f6798]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:238d9f6798]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:238d9f6798]Logs[/b:238d9f6798]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis



    Download [b:238d9f6798]Combofix[/color:238d9f6798][/b:238d9f6798] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:238d9f6798]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:238d9f6798]download Combofix opnieuw[/b:238d9f6798].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:238d9f6798][/i:238d9f6798][list:238d9f6798][*:238d9f6798]Dubbelklik op [b:238d9f6798]Combofix.exe[/b:238d9f6798] om het te starten.
    [*:238d9f6798][i:238d9f6798]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:238d9f6798]
    [*:238d9f6798]Klik op [b:238d9f6798]OK[/b:238d9f6798] in het "NirCmd" venstertje.
    [*:238d9f6798]Klik na afloop terug op [b:238d9f6798]Ja[/b:238d9f6798] om het scannen op malware te starten.
    [*:238d9f6798]Tijdens het runnen van de fix, [b:238d9f6798]NIET[/b:238d9f6798] in het venster klikken, want dit zal je pc doen vasthangen.
    [*:238d9f6798]Wanneer de fix voltooid is en na herstart, zal de log [b:238d9f6798]Combofix.txt[/b:238d9f6798] openen.[/list:u:238d9f6798]Post dit logje in je volgende antwoord
  • Bedankt weer tot nu toe.

    Misschien ben ik iets belangrijks vergeten te vertellen: enkele dagen geleden kreeg ik na het opstarten van m'n pc de melding van Windows dat het bestand svchost.exe wegens een fout afgesloten moest worden. Had ik nog nooit gehad. Als ik daarna in Taakbeheer keek draaide er nog wel een service met de naam svchost.exe. Ook stond er "mijzelf.exe" waarbij "mijzelf" mijn accountnaam is. Handmatig verwijderen van dat bestand lukte niet en ook via Taakbeheer de service uitschakelen lukte ook niet. Die service liet zich namelijk niet selecteren. Ik heb toen een herstelpunt teruggeplaatst en nadien was de melding over de svchost.exe die afgesloten diende te worden verdwenen, evenals het bestand "mijzelf.exe". Sorry als dit van belang was en dat ik het vergeten ben.

    Hieronder volgen de logs van achtereenvolgens MalwareBytes, Hijackthis en Combofix:

    Malwarebytes' Anti-Malware 1.34
    Database versie: 1760
    Windows 5.1.2600 Service Pack 2

    13-2-2009 20:27:44
    mbam-log-2009-02-13 (20-27-44).txt

    Scan type: Snelle Scan
    Objecten gescand: 66980
    Verstreken tijd: 29 minute(s), 55 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 4

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\Documents and Settings\Mijzelf\Local Settings\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mijzelf\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mijzelf\Local Settings\Temp\BN97.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


    ————————————————————————————-

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:43:45, on 13-2-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Opera\opera.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\2xExplorer\2xExplorer.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    unkey
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,95/mcinsctl.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: McAfee Application Installer Cleanup (0173171234201561) (0173171234201561mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\017317~1.EXE (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


    End of file - 8562 bytes


    ————————————————————————————-

    ComboFix 09-02-12.03 - Mijzelf 2009-02-13 20:52:10.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.767.442 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Mijzelf\Bureaublad\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *enabled*
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-13 to 2009-02-13 ))))))))))))))))))))))))))))))
    .

    2009-02-13 19:48 . 2009-02-13 19:48 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-13 19:48 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-13 19:48 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-08 12:05 . 2009-02-08 12:05 <DIR> d——– c:\documents and settings\Mijzelf\Application Data\OpenOffice.org
    2009-02-08 11:39 . 2009-02-08 11:40 <DIR> d——– c:\program files\OpenOffice.org 3
    2009-02-07 17:14 . 2009-02-08 15:14 2,828 –ahs—- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2009-02-07 17:14 . 2009-02-08 14:53 88 -r-hs—- c:\documents and settings\All Users\Application Data\4224C0C611.sys
    2009-02-07 16:45 . 2009-02-07 16:45 <DIR> d——– c:\program files\Common Files\Protexis
    2009-02-07 16:45 . 2009-02-07 17:00 <DIR> d——– c:\program files\Common Files\Corel
    2009-02-07 16:45 . 2009-02-07 17:07 <DIR> d——– c:\documents and settings\All Users\Application Data\Corel
    2009-02-07 16:25 . 2009-02-07 16:45 <DIR> d——– c:\program files\Corel
    2009-02-07 16:25 . 2009-02-07 16:25 <DIR> d——– c:\documents and settings\Mijzelf\Application Data\InstallShield
    2009-02-05 19:25 . 2009-02-05 19:25 <DIR> d——– C:\Nieuwe map (2)
    2009-01-24 16:06 . 2003-12-17 09:50 19,968 ——— c:\windows\LOGI_MWX.EXE
    2009-01-24 14:19 . 2009-01-24 14:19 <DIR> d——– c:\program files\MUSICMATCH
    2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d——– c:\windows\Java
    2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d——– c:\program files\PC Wizard 2008
    2009-01-23 22:48 . 2007-09-15 15:11 27,136 –a—— c:\windows\system32\PCWizard.cpl
    2009-01-22 16:33 . 2009-02-13 20:44 <DIR> dr-h—– c:\documents and settings\Mijzelf\Onlangs geopend

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-13 18:05 ——— d—–w c:\program files\Mozilla Thunderbird
    2009-02-13 15:45 ——— d—–w c:\documents and settings\LocalService\Application Data\SACore
    2009-02-11 17:12 ——— d—–w c:\program files\McAfee
    2009-02-10 20:01 ——— d—–w c:\program files\Conbuilder
    2009-02-07 16:15 ——— d—–w c:\documents and settings\Mijzelf\Application Data\Corel
    2009-02-05 18:24 ——— d—–w c:\program files\SlimBrowser
    2009-01-25 12:22 ——— d—–w c:\program files\Shape Viewer
    2009-01-22 15:26 ——— d—–w c:\documents and settings\Mijzelf\Application Data\Apple Computer
    2009-01-11 12:37 ——— d—–w c:\program files\Route_Riter
    2009-01-09 11:03 79,304 —-a-w c:\windows\system32\drivers\mfeavfk.sys
    2009-01-09 11:03 40,552 —-a-w c:\windows\system32\drivers\mfesmfk.sys
    2009-01-09 11:03 35,272 —-a-w c:\windows\system32\drivers\mfebopk.sys
    2009-01-09 11:03 34,216 —-a-w c:\windows\system32\drivers\mferkdk.sys
    2009-01-09 11:03 213,640 —-a-w c:\windows\system32\drivers\mfehidk.sys
    2008-12-20 08:53 ——— d—–w c:\program files\Java
    2008-10-12 09:18 41,791 —-a-w c:\documents and settings\Mijzelf\Application Data\mdb.bin
    2005-09-27 11:22 313,283 -c–a-w c:\program files\cwshredder.zip
    2004-10-20 09:42 328,488 -c–a-w c:\program files\CWSInstall.exe
    2004-04-14 15:38 186,368 -c–a-w c:\program files\LSPFix.exe
    2004-04-13 17:23 3,662,787 -c–a-w c:\program files\spybotsd12.exe
    2008-06-21 16:54 15,646 –sha-w c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2009-01-24_22.15.30.43 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-02-08 10:46:01 64,000 —-a-w c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.15.0__ce2cb7e279207b9e\cli_cppuhelper.dll
    + 2009-02-08 10:48:16 3,072 —-a-w c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\15.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
    + 2009-02-08 10:40:37 11,264 —-a-w c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.12.0__ce2cb7e279207b9e\cli_basetypes.dll
    + 2009-02-08 10:46:04 823,296 —-a-w c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.1.0__ce2cb7e279207b9e\cli_oootypes.dll
    + 2009-02-08 10:40:38 7,680 —-a-w c:\windows\assembly\GAC_MSIL\cli_ure\1.0.15.0__ce2cb7e279207b9e\cli_ure.dll
    + 2009-02-08 10:40:39 114,688 —-a-w c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.1.0__ce2cb7e279207b9e\cli_uretypes.dll
    + 2009-02-08 10:40:41 3,072 —-a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\12.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
    + 2009-02-08 10:48:17 3,072 —-a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\1.1.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
    + 2009-02-08 10:40:42 3,072 —-a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\15.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
    + 2009-02-08 10:40:43 3,072 —-a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\1.1.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
    + 2009-02-07 16:03:04 394,534 —-a-r c:\windows\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\ARPPRODUCTICON.exe
    + 2009-02-07 16:03:03 22,486 —-a-r c:\windows\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\NewShortcut1.73D5A293_D496_4B44_B535_AA8F98088895.exe
    + 2009-02-08 10:53:50 7,424,000 —-a-r c:\windows\Installer\{A7E1477E-810A-4185-BD9E-1A803498EFB3}\soffice.exe
    - 2009-01-24 19:40:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-02-13 16:02:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-01-24 19:40:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-02-13 16:02:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2008-06-02 12:55:42 120,136 —-a-w c:\windows\system32\drivers\Mpfp.sys
    + 2008-10-23 12:08:54 120,136 —-a-w c:\windows\system32\drivers\Mpfp.sys
    - 2008-10-17 16:23:19 175,464 —-a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-02-09 17:34:11 192,184 —-a-w c:\windows\system32\FNTCACHE.DAT
    - 2009-01-24 14:42:26 1,191,544 -c–a-w c:\windows\system32\Restore\rstrlog.dat
    + 2009-02-12 20:08:04 168,932 -c–a-w c:\windows\system32\Restore\rstrlog.dat
    + 2009-02-13 19:34:19 16,384 —-atw c:\windows\temp\Perflib_Perfdata_6fc.dat
    + 2009-02-07 15:45:42 1,233,920 —-a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
    + 2009-01-09 19:43:10 224,768 —-a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
    + 2009-01-09 19:43:10 568,832 —-a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
    + 2009-01-09 19:43:10 655,872 —-a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 1111040]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 155648]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
    "NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-01-21 16712]
    "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32
    wiz.exe]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Mijzelf\Menu Start\Programma's\Opstarten\
    OpenOffice.org 3.0 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-07 113664]
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-03 156160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^iPodder.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^Ubisoft register.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-10 203280]
    R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-10-03 14095]
    S2 0173171234201561mcinstcleanup;McAfee Application Installer Cleanup (0173171234201561);c:\windows\TEMP\[u:f43e037702]0[/u:f43e037702]17317~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service –> c:\windows\TEMP\[u:f43e037702]0[/u:f43e037702]17317~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
    S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys –> c:\program files\Foxie Suite\firewall.sys [?]
    S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2003-10-06 15104]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2b43be1-a639-11db-956a-0002447183a0}]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a
    .
    Inhoud van de 'Gedeelde Taken' map

    2007-07-14 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

    2009-01-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Google Search
    IE: Alle links in deze pagina openen…
    IE: Backward &Links
    IE: Blokkeer alle plaatjes afkomstig van dezelfde server
    IE: Cac&hed Snapshot of Page
    IE: Markeren
    IE: Si&milar Pages
    IE: Toevoegen aan Reclame Black List
    IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Zoeken
    Trusted Zone: europeesche.nl\eol
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    FF - ProfilePath - c:\documents and settings\Mijzelf\Application Data\Mozilla\Firefox\Profiles\default.xhe\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.railsim.nl/forum/index.php
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    ppl3260.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    prjplug.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    prpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-13 20:57:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2009-02-13 21:05:04
    ComboFix-quarantined-files.txt 2009-02-13 20:05:00
    ComboFix2.txt 2009-01-25 11:57:33
    ComboFix3.txt 2009-01-24 21:21:04
    ComboFix4.txt 2009-01-23 18:42:16
    ComboFix5.txt 2009-02-13 19:48:46

    Pre-Run: 505.473.536 bytes beschikbaar
    Post-Run: 494,385,152 bytes beschikbaar

    197 — E O F — 2009-01-14 16:17:54
  • Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.



    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

    [b:d556398ce3]
    File::
    C:\documents and settings\All Users\Application Data\4224C0C611.sys
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2b43be1-a639-11db-956a-0002447183a0}]
    [/b:d556398ce3][/color:d556398ce3]

    Sla het kladblokbestand op als CFScript.txt

    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder:

    [img:d556398ce3]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:d556398ce3]

    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van de logfile.
  • McAfee ziet de FlashDisinfector als een Trojan; dat is bekend neem ik aan?

    Moet er wel bij zeggen dat komende week mijn nieuwe pc geleverd zal worden en deze er uit gaat. Misschien dat je denkt, laat het de laatste dagen dan maar zo.
    Wel kreeg ik van ziggo de melding dat mijn aansluiting wordt afgesloten als die relay service niet verwijderd is. Hoe ik dan verder hulp moet zoeken zal ze daar een zorg zijn, zeker. Ze gaan er vanuit dat iedereen een expert is wat betreft virussen en malware.

    In ieder geval weer bedankt tot nu toe.

    Log volgt zsm.
  • Het is bekend dat McAfee flash disinfector (onterecht) als virus ziet.

    Ik neem echter aan dat je McAfee hebt uitgeschakeld en Flash Disinfector hebt uitgevoerd?
  • Mmm, zelfs als ik McAfee uitschakel krijg ik toch een melding dat McAfee dit bestand als een trojan heeft verwijderd. Hoe nu verder?

    EDIT:Downloaden met Opera gaat niet, met Firefox blijkbaar wel.
  • Na het gebruik van Disinfector startte de pc niet opnieuw op. Wel kwam er een melding dat de disinfection gereed was.

    Hier de log van Combofix:

    ComboFix 09-02-12.03 - Mijzelf 2009-02-14 11:58:01.5 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.767.410 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Mijzelf\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Mijzelf\Bureaublad\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *enabled*

    FILE ::
    c:\documents and settings\All Users\Application Data\4224C0C611.sys
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\4224C0C611.sys

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))
    .

    2009-02-14 08:55 . 2009-02-14 08:55 <DIR> d——– c:\windows\LastGood
    2009-02-13 23:08 . 2009-02-14 11:54 <DIR> dr-h—– c:\documents and settings\Mijzelf\Onlangs geopend
    2009-02-13 19:48 . 2009-02-13 19:48 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-13 19:48 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-13 19:48 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-08 12:05 . 2009-02-08 12:05 <DIR> d——– c:\documents and settings\Mijzelf\Application Data\OpenOffice.org
    2009-02-08 11:39 . 2009-02-08 11:40 <DIR> d——– c:\program files\OpenOffice.org 3
    2009-02-07 17:14 . 2009-02-08 15:14 2,828 –ahs—- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2009-02-07 16:45 . 2009-02-07 16:45 <DIR> d——– c:\program files\Common Files\Protexis
    2009-02-07 16:45 . 2009-02-07 17:00 <DIR> d——– c:\program files\Common Files\Corel
    2009-02-07 16:45 . 2009-02-07 17:07 <DIR> d——– c:\documents and settings\All Users\Application Data\Corel
    2009-02-07 16:25 . 2009-02-07 16:45 <DIR> d——– c:\program files\Corel
    2009-02-07 16:25 . 2009-02-07 16:25 <DIR> d——– c:\documents and settings\Mijzelf\Application Data\InstallShield
    2009-02-05 19:25 . 2009-02-05 19:25 <DIR> d——– C:\Nieuwe map (2)
    2009-01-24 16:06 . 2003-12-17 09:50 19,968 ——— c:\windows\LOGI_MWX.EXE
    2009-01-24 14:19 . 2009-01-24 14:19 <DIR> d——– c:\program files\MUSICMATCH
    2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d——– c:\windows\Java
    2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d——– c:\program files\PC Wizard 2008
    2009-01-23 22:48 . 2007-09-15 15:11 27,136 –a—— c:\windows\system32\PCWizard.cpl

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-14 09:13 ——— d—–w c:\program files\Mozilla Thunderbird
    2009-02-13 15:45 ——— d—–w c:\documents and settings\LocalService\Application Data\SACore
    2009-02-11 17:12 ——— d—–w c:\program files\McAfee
    2009-02-10 20:01 ——— d—–w c:\program files\Conbuilder
    2009-02-07 16:15 ——— d—–w c:\documents and settings\Mijzelf\Application Data\Corel
    2009-02-05 18:24 ——— d—–w c:\program files\SlimBrowser
    2009-01-25 12:22 ——— d—–w c:\program files\Shape Viewer
    2009-01-22 15:26 ——— d—–w c:\documents and settings\Mijzelf\Application Data\Apple Computer
    2009-01-11 12:37 ——— d—–w c:\program files\Route_Riter
    2009-01-09 11:03 79,304 —-a-w c:\windows\system32\drivers\mfeavfk.sys
    2009-01-09 11:03 40,552 —-a-w c:\windows\system32\drivers\mfesmfk.sys
    2009-01-09 11:03 35,272 —-a-w c:\windows\system32\drivers\mfebopk.sys
    2009-01-09 11:03 34,216 —-a-w c:\windows\system32\drivers\mferkdk.sys
    2009-01-09 11:03 213,640 —-a-w c:\windows\system32\drivers\mfehidk.sys
    2008-12-20 08:53 ——— d—–w c:\program files\Java
    2008-10-12 09:18 41,791 —-a-w c:\documents and settings\Mijzelf\Application Data\mdb.bin
    2005-09-27 11:22 313,283 -c–a-w c:\program files\cwshredder.zip
    2004-10-20 09:42 328,488 -c–a-w c:\program files\CWSInstall.exe
    2004-04-14 15:38 186,368 -c–a-w c:\program files\LSPFix.exe
    2004-04-13 17:23 3,662,787 -c–a-w c:\program files\spybotsd12.exe
    2008-06-21 16:54 15,646 –sha-w c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2009-01-24_22.15.30.43 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-02-08 10:46:01 64,000 —-a-w c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.15.0__ce2cb7e279207b9e\cli_cppuhelper.dll
    + 2009-02-08 10:48:16 3,072 —-a-w c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\15.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
    + 2009-02-08 10:40:37 11,264 —-a-w c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.12.0__ce2cb7e279207b9e\cli_basetypes.dll
    + 2009-02-08 10:46:04 823,296 —-a-w c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.1.0__ce2cb7e279207b9e\cli_oootypes.dll
    + 2009-02-08 10:40:38 7,680 —-a-w c:\windows\assembly\GAC_MSIL\cli_ure\1.0.15.0__ce2cb7e279207b9e\cli_ure.dll
    + 2009-02-08 10:40:39 114,688 —-a-w c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.1.0__ce2cb7e279207b9e\cli_uretypes.dll
    + 2009-02-08 10:40:41 3,072 —-a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\12.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
    + 2009-02-08 10:48:17 3,072 —-a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\1.1.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
    + 2009-02-08 10:40:42 3,072 —-a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\15.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
    + 2009-02-08 10:40:43 3,072 —-a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\1.1.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
    + 2009-02-07 16:03:04 394,534 —-a-r c:\windows\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\ARPPRODUCTICON.exe
    + 2009-02-07 16:03:03 22,486 —-a-r c:\windows\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\NewShortcut1.73D5A293_D496_4B44_B535_AA8F98088895.exe
    + 2009-02-08 10:53:50 7,424,000 —-a-r c:\windows\Installer\{A7E1477E-810A-4185-BD9E-1A803498EFB3}\soffice.exe
    - 2009-01-24 19:40:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-02-14 07:50:41 32,768 -c–a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-01-24 19:40:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-02-14 07:50:41 32,768 -c–a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2008-06-02 12:55:42 120,136 —-a-w c:\windows\system32\drivers\Mpfp.sys
    + 2008-10-23 12:08:54 120,136 —-a-w c:\windows\system32\drivers\Mpfp.sys
    - 2008-10-17 16:23:19 175,464 —-a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-02-09 17:34:11 192,184 —-a-w c:\windows\system32\FNTCACHE.DAT
    - 2009-01-09 16:35:30 20,853,704 —-a-w c:\windows\system32\MRT.exe
    + 2009-02-12 04:56:17 21,244,872 —-a-w c:\windows\system32\MRT.exe
    - 2009-01-24 14:42:26 1,191,544 -c–a-w c:\windows\system32\Restore\rstrlog.dat
    + 2009-02-12 20:08:04 168,932 -c–a-w c:\windows\system32\Restore\rstrlog.dat
    - 2007-11-30 12:39:46 18,808 ——w c:\windows\system32\spmsg.dll
    + 2008-07-09 07:44:08 18,808 ——w c:\windows\system32\spmsg.dll
    + 2009-02-07 15:45:42 1,233,920 —-a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
    + 2009-01-09 19:43:10 224,768 —-a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
    + 2009-01-09 19:43:10 568,832 —-a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
    + 2009-01-09 19:43:10 655,872 —-a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
    .
    – Snapshot teruggezet naar huidige datum –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 1111040]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 155648]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
    "NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-01-21 16712]
    "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32
    wiz.exe]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Mijzelf\Menu Start\Programma's\Opstarten\
    OpenOffice.org 3.0 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-07 113664]
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-03 156160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^iPodder.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^Ubisoft register.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-10 203280]
    R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-10-03 14095]
    S2 0173171234201561mcinstcleanup;McAfee Application Installer Cleanup (0173171234201561);c:\windows\TEMP\[u:c5b2a60e3b]0[/u:c5b2a60e3b]17317~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service –> c:\windows\TEMP\[u:c5b2a60e3b]0[/u:c5b2a60e3b]17317~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
    S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys –> c:\program files\Foxie Suite\firewall.sys [?]
    S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2003-10-06 15104]
    .
    Inhoud van de 'Gedeelde Taken' map

    2007-07-14 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

    2009-01-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Google Search
    IE: Alle links in deze pagina openen…
    IE: Backward &Links
    IE: Blokkeer alle plaatjes afkomstig van dezelfde server
    IE: Cac&hed Snapshot of Page
    IE: Markeren
    IE: Si&milar Pages
    IE: Toevoegen aan Reclame Black List
    IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Zoeken
    Trusted Zone: europeesche.nl\eol
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    FF - ProfilePath - c:\documents and settings\Mijzelf\Application Data\Mozilla\Firefox\Profiles\default.xhe\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.railsim.nl/forum/index.php
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    ppl3260.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    prjplug.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    prpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-14 12:01:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2009-02-14 12:05:34
    ComboFix-quarantined-files.txt 2009-02-14 11:05:19
    ComboFix2.txt 2009-02-13 20:05:14
    ComboFix3.txt 2009-01-25 11:57:33
    ComboFix4.txt 2009-01-24 21:21:04
    ComboFix5.txt 2009-02-14 10:55:27

    Pre-Run: 567.337.472 bytes beschikbaar
    Post-Run: 559,520,256 bytes beschikbaar

    207 — E O F — 2009-02-14 08:12:08
  • Zijn er nog problemen?
  • Zelf had ik geen problemen, maar van ziggo ontving ik onderstaande mail:

    [b:84c39bfcbb]
    Wij hebben de laatste dagen klachten ontvangen die er op wijzen dat uw aansluiting wordt misbruikt om grote hoeveelheden commerciele en/of pornografische e-mail (spam) te versturen.

    U heeft hoogstwaarschijnlijk - en zonder dat u hiervan op de hoogte bent - een zogeheten 'relay service' op uw computer draaien.
    Deze relay service werkt als doorgeefluik voor anderen. Zo kunnen zij via uw computer spam versturen.

    Het is belangrijk dat u snel de relay service van uw computer verwijdert. Instructies hoe u dit doet, vindt u op
    www.ziggo.nl/klantenservice

    Als het probleem niet binnen drie dagen is opgelost, dan zijn wij genoodzaakt uw verbinding tijdelijk af te sluiten. Dit is nodig om
    overlast bij andere internetgebruikers te voorkomen

    Met vriendelijke groet

    Ziggo

    Afdeling Abuse[/b:84c39bfcbb]

    Stel dat ze je na drie dagen afsluiten, dan kun je toch nergens mee om hulp vragen? Op de link van ziggo in de mail is verder weinig te vinden over maatregelen om dit op te lossen.
  • Eigenlijk had ik het over, ná mijn laatste instrcuties.

    Ik heb geen sporen van Relay Service in jouw log kunnen zijn, maar het andere malware is nu wel verwijdert.
    Het handigst lijkt me om voor de zekerheid de klantenservice te bellen en te vragen om hulp.
  • Bedankt voor je hulp. Ik ga er achteraan.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.