Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Update problem met PC Tools Firewall Plus 5.0.0.38

Anoniem
Othuroyo
36 antwoorden
  • Ik heb het volgende probleempje. Ik gebruik PC Tools Firewall Plus die sinds de update van begin van de week is aangeland bij versie 5.0.0.38. Na de update kreeg ik van het beveiligingscentrum de melding dat er geen firewall was ingeschakeld. De Windows firewall liet zich wel inschakelen maar die van PCTools niet. Als ik op inschakelen klikte leek het of dit inderdaad gebeurde, niet dus. Ik heb toen een herstelpunt van een paar dagen oud teruggezet en het werkte weer. Wat mij opviel was dat er in de PCTools map wel bestanden van de betreffende dag aanwezig waren. Ik heb er toen verder geen aandacht aan geschonken omdat ik dacht dat het een incidenteel geval betrof. Tot er zich vanmorgen weer een update aandiende. Weer geïnstalleerd en weer het zelfde probleem. Opnieuw herstelpunt terug gezet en het was weer gefikst. Ik heb toen de 'Smartupdate' van PCTools gedraaid en kwam tot de ontdekking dat de volgende file voor update beschikbaar was. "Firewall Network Plugin Driver". Deze is dus weer verwijdert door het herstelpunt terug te zetten en blijkt de boosdoener te zijn. Herkent iemand dit probleem of heeft eenzelfde ervaring opgedaan? Graag wil ik weten of er iemand is die hier een oplossing voor weet. En dan bedoel ik niet het aandragen van allerlei alternatieve firewalls. Bedankt alvast.
  • [quote:08dd8d3826="gerardb"]Ik heb het volgende probleempje. Ik gebruik PC Tools Firewall Plus die sinds de update van begin van de week is aangeland bij versie 5.0.0.38. Na de update kreeg ik van het beveiligingscentrum de melding dat er geen firewall was ingeschakeld. De Windows firewall liet zich wel inschakelen maar die van PCTools niet. Als ik op inschakelen klikte leek het of dit inderdaad gebeurde, niet dus. Ik heb toen een herstelpunt van een paar dagen oud teruggezet en het werkte weer. Wat mij opviel was dat er in de PCTools map wel bestanden van de betreffende dag aanwezig waren. Ik heb er toen verder geen aandacht aan geschonken omdat ik dacht dat het een incidenteel geval betrof. Tot er zich vanmorgen weer een update aandiende. Weer geïnstalleerd en weer het zelfde probleem. Opnieuw herstelpunt terug gezet en het was weer gefikst. Ik heb toen de 'Smartupdate' van PCTools gedraaid en kwam tot de ontdekking dat de volgende file voor update beschikbaar was. "Firewall Network Plugin Driver". Deze is dus weer verwijdert door het herstelpunt terug te zetten en blijkt de boosdoener te zijn. Herkent iemand dit probleem of heeft eenzelfde ervaring opgedaan? Graag wil ik weten of er iemand is die hier een oplossing voor weet. En dan bedoel ik niet het aandragen van allerlei alternatieve firewalls. Bedankt alvast.[/quote:08dd8d3826]
    PS. Het besturingsysteem is Vista Home Premium.
  • Is de firewall van PCTOOLs gratis/betaald?
    Als die betaald is zou ik zeker eerst daar aan de bel trekken.
    perloc
  • Freeware: http://www.pctools.com/firewall/
  • Bedankt voor jullie reactie. Perloc: het is de freeware versie, dus reclameren zal weinig helpen. Gerben: wat bedoel je met de link? Daar kun je het programma downloaden maar ik kan er niets vinden over update problemen.
  • Feedback daar geven kan toch helpen… ook bij freeware… lijkt me.
  • Plaats is een HijackThis log.
  • Mijn post was voor/nav perloc, verder niet.
  • Je hebt gelijk André, ik heb op hun site het probleem kenbaar gemaakt. De reactie van Gerben was dus niet nutteloos hoewel hij het kennelijk niet zo bedoelde. Wat Othuroyo betreft: hierbij en HJack logje.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:40:16, on 1-3-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Utilities\Totalcmd\TOTALCMD.EXE
    D:\Utilities\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [00PCTFW] "D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Cleaner - {CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - C:\Program Files\ClickClean\ClickClean.exe
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs:
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe


    End of file - 6640 bytes
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:4de8c234f6]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O20 - AppInit_DLLs: [/b:4de8c234f6]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.




    Download [b:4de8c234f6] en sla het op je bureaublad op.
    Dubbelklik op [b:4de8c234f6]mbam-setup.exe[/b:4de8c234f6] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:4de8c234f6]
    [*:4de8c234f6]Update MalwareBytes' Anti-Malware
    [*:4de8c234f6]Start MalwareBytes' Anti-Malware
    [/list:u:4de8c234f6]Klik daarna op "[b:4de8c234f6]Voltooien[/b:4de8c234f6]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:4de8c234f6]
    [*:4de8c234f6]Zodra het programma gestart is, ga dan naar het tabblad "[b:4de8c234f6]Instellingen[/b:4de8c234f6]".
    [*:4de8c234f6]Vink hier aan: "[b:4de8c234f6]Sluit Internet Explorer tijdens verwijdering van malware[/b:4de8c234f6]".
    [*:4de8c234f6]Ga daarna naar het tabblad "[b:4de8c234f6]Scanner[/b:4de8c234f6]", kies hier voor "[b:4de8c234f6]Snelle Scan[/b:4de8c234f6]".
    [*:4de8c234f6]Druk vervolgens op "[b:4de8c234f6]Scannen[/b:4de8c234f6]" om de scan te starten.
    [*:4de8c234f6]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:4de8c234f6]Wanneer de scan voltooid is, klik op [b:4de8c234f6]OK[/b:4de8c234f6], daarna "[b:4de8c234f6]Bekijk Resultaten[/b:4de8c234f6]" om de resultaten te zien.
    [*:4de8c234f6]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:4de8c234f6]Verwijder geselecteerde[/b:4de8c234f6]".
    [*:4de8c234f6]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:4de8c234f6]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:4de8c234f6]Logs[/b:4de8c234f6]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis




    Download [b:4de8c234f6] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:4de8c234f6]
  • Het eerste gedeelte van de opdracht uitgevoerd. Malwarebytes gebruik ik overigens zeker 2 x per week en vindt nooit iets! Ook deze keer niet. Combofix geeft problemen. Als ik het bestand heb gedownload kreeg ik eerst de melding dat ik NOD moest uitschakelen. Heb zowel de Firewall als NOD uitgeschakeld, Combofix opnieuw gedownload, opgestart en vervolgens gebeurt er niets. Na Combofix opnieuw opgestart te hebben krijg ik de volgende melding: Some files could not be ceated. Please close all applicatons, reboot Windows and restart this installation. Dit geft geen resultaat. Hier volgen de nieuwe logs.
    Malwarebytes' Anti-Malware 1.34
    Database versie: 1813
    Windows 6.0.6001 Service Pack 1

    1-3-2009 20:55:31
    mbam-log-2009-03-01 (20-55-31).txt

    Scan type: Snelle Scan
    Objecten gescand: 55978
    Verstreken tijd: 1 minute(s), 39 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:27:24, on 1-3-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Utilities\Totalcmd\TOTALCMD.EXE
    D:\Utilities\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [00PCTFW] "D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Cleaner - {CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - C:\Program Files\ClickClean\ClickClean.exe
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe


    End of file - 6260 bytes
  • Ik was kennelijk te ongeduldig. Nogmaals geprobeerd en uiteindelijk, na lang wachten, is het toch gelukt. Hierbij de log.
    ComboFix 09-02-28.01 - Gerard van Huffelen 2009-03-01 22:05:50.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3070.2050 [GMT 1:00]
    Gestart vanuit: c:\users\Gerard van Huffelen\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\acovcnt.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-01 to 2009-03-01 ))))))))))))))))))))))))))))))
    .

    2009-02-24 17:17 . 2009-02-24 17:17 <DIR> d——– c:\programdata\Elsevier
    2009-02-24 16:43 . 2009-02-24 16:43 <DIR> d——– c:\program files\Elsevier
    2009-02-17 11:29 . 2009-02-17 11:29 144,310 –a—— C:\Prettige dag.gif
    2009-02-16 13:12 . 2008-06-24 12:45 1,414,440 –a—— c:\windows\System32\ShellManager310E2D762.dll
    2009-02-16 13:12 . 2008-06-23 16:36 773,120 –a—— c:\windows\System32\NEROINSTAEC43759.DB
    2009-02-13 20:21 . 2009-02-13 20:21 <DIR> d——– c:\program files\Microsoft Office Word 2007 Aan de slag tabblad
    2009-02-13 20:18 . 2009-02-13 20:18 <DIR> d——– c:\program files\Microsoft Office Excel 2007 Aan de slag tabblad
    2009-02-13 13:07 . 2009-02-13 13:07 <DIR> d——– c:\programdata\Hitman Pro
    2009-02-11 16:39 . 2008-06-20 02:14 781,344 –a—— c:\windows\System32\PresentationNative_v0300.dll
    2009-02-11 16:39 . 2008-06-20 02:14 622,080 –a—— c:\windows\System32\icardagt.exe
    2009-02-11 16:39 . 2008-06-20 02:14 326,160 –a—— c:\windows\System32\PresentationHost.exe
    2009-02-11 16:39 . 2008-06-20 02:14 105,016 –a—— c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2009-02-11 16:39 . 2008-06-20 02:14 97,800 –a—— c:\windows\System32\infocardapi.dll
    2009-02-11 16:39 . 2008-06-20 02:14 43,544 –a—— c:\windows\System32\PresentationHostProxy.dll
    2009-02-11 16:39 . 2008-06-20 02:14 37,384 –a—— c:\windows\System32\infocardcpl.cpl
    2009-02-11 16:39 . 2008-06-20 02:14 11,264 –a—— c:\windows\System32\icardres.dll
    2009-02-11 16:35 . 2008-07-27 19:03 282,112 –a—— c:\windows\System32\mscoree.dll
    2009-02-11 16:35 . 2008-07-27 19:03 158,720 –a—— c:\windows\System32\mscorier.dll
    2009-02-11 16:35 . 2008-07-27 19:03 96,760 –a—— c:\windows\System32\dfshim.dll
    2009-02-11 16:35 . 2008-07-27 19:03 83,968 –a—— c:\windows\System32\mscories.dll
    2009-02-11 16:35 . 2008-07-27 19:03 41,984 –a—— c:\windows\System32
    etfxperf.dll
    2009-02-11 16:33 . 2008-12-05 05:32 428,544 –a—— c:\windows\System32\EncDec.dll
    2009-02-11 16:33 . 2008-12-05 05:32 293,376 –a—— c:\windows\System32\psisdecd.dll
    2009-02-11 16:33 . 2008-12-05 05:31 217,088 –a—— c:\windows\System32\psisrndr.ax
    2009-02-11 16:33 . 2008-12-05 05:31 177,664 –a—— c:\windows\System32\mpg2splt.ax
    2009-02-11 16:33 . 2008-12-05 05:31 80,896 –a—— c:\windows\System32\MSNP.ax
    2009-02-11 16:32 . 2009-01-15 04:36 1,383,424 –a—— c:\windows\System32\mshtml.tlb
    2009-02-11 16:32 . 2009-01-15 07:11 827,392 –a—— c:\windows\System32\wininet.dll
    2009-02-08 13:52 . 2009-02-08 13:52 <DIR> d——– c:\program files\Windows Live SkyDrive
    2009-02-08 13:52 . 2009-02-08 13:52 <DIR> d——– c:\program files\Windows Live
    2009-02-08 13:52 . 2009-02-08 13:52 <DIR> d——– c:\program files\Microsoft
    2009-02-08 13:47 . 2009-02-08 13:47 <DIR> d——– c:\program files\Common Files\Windows Live

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-01 21:32 ——— d—a-w c:\programdata\TEMP
    2009-03-01 11:12 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\Belastingdienst
    2009-03-01 10:57 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\GHISLER
    2009-03-01 10:57 ——— d—–w c:\programdata\P4G
    2009-02-23 21:29 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\FrostWire
    2009-02-20 21:53 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\uTorrent
    2009-02-16 12:15 ——— d—–w c:\program files\Common Files\Nero
    2009-02-16 12:14 ——— d—–w c:\programdata\Nero
    2009-02-13 12:17 ——— d—–w c:\program files\HP
    2009-02-11 15:44 ——— d—–w c:\program files\Windows Mail
    2009-02-11 09:19 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 09:19 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-02-10 13:11 ——— d—–w c:\programdata\SiteAdvisor
    2009-02-04 12:17 ——— d—–w c:\program files\Google
    2009-02-03 20:00 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\U3
    2009-01-31 13:04 ——— d—–w c:\program files\TomTom DesktopSuite
    2009-01-30 15:12 ——— d—–w c:\programdata\Apple Computer
    2009-01-30 15:12 ——— d—–w c:\program files\QuickTime
    2009-01-18 15:54 ——— d—–w c:\program files\Common Files\PC Tools
    2009-01-18 15:43 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\Comodo
    2009-01-15 20:40 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\TomTom
    2009-01-14 16:00 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\TuneUp Software
    2009-01-14 16:00 ——— d—–w c:\programdata\TuneUp Software
    2009-01-14 15:58 ——— d-sh–w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-01-08 19:21 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\NwDocx
    2009-01-01 19:26 ——— d—–w c:\program files\Belarc
    2009-01-01 13:29 ——— d—–w c:\program files\Mozilla Thunderbird
    2008-12-25 12:26 29,169 —-a-w c:\users\Gerard van Huffelen\AppData\Roaming
    vModes.dat
    2008-12-12 07:32 972,072 —-a-w c:\windows\UNNeroMediaHome.exe
    2008-01-21 02:43 174 –sha-w c:\program files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
    "00PCTFW"="d:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-11 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3codecp"= l3codecp.acm
    "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
    "msacm.divxa32"= msaud32_divx.acm

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Gerard van Huffelen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
    path=c:\users\Gerard van Huffelen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
    backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    –a—— 2007-02-16 17:49 149024 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
    –a—— 2007-02-17 17:35 1966960 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
    –a—— 2008-06-20 07:24 37232 c:\windows\ASScrProlog.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
    –a—— 2008-06-20 07:24 33136 c:\windows\ASScrPro.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
    –a—— 2006-11-02 16:27 61440 c:\program files\ASUS\ATK Media\DMedia.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    –a—— 2008-12-12 08:30 132392 c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    –a—— 2008-01-21 03:25 125952 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    –a—— 2007-12-05 11:17 8534560 c:\windows\System32
    vcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    –a—— 2007-12-05 11:17 81920 c:\windows\System32
    vmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    –a—— 2007-12-05 11:17 86016 c:\windows\System32
    vsvc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a—— 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    –a—— 2006-11-24 18:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    –a—— 2007-12-06 11:12 1029416 c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    –a—— 2008-12-09 11:12 234856 d:\program files\TomTom HOME 2\HOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
    –a—— 2007-02-17 17:30 1191608 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    –a—— 2008-05-02 05:15 15872 d:\utilities\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    –a—— 2007-08-27 06:10 4702208 c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    –a—— 2007-08-03 06:22 1826816 c:\windows\SkyTel.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1855685173-4277460765-2080080378-1000]
    "EnableNotifications"=dword:00000001
    "EnableNotificationsRef"=dword:00000006

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{FF101D67-52C9-4849-8633-C503260894DE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{F5CF9BA1-0A23-4DD5-B836-937826B37B77}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{2DDF1FE5-6FBC-44B9-A827-3EC82891015C}f:\\bin\\ia\\core\\mdm_util.exe"= UDP:f:\bin\ia\core\mdm_util.exe:MDM_Util
    "UDP Query User{2D583235-873D-4962-83FE-40AE6648776E}f:\\bin\\ia\\core\\mdm_util.exe"= TCP:f:\bin\ia\core\mdm_util.exe:MDM_Util
    "TCP Query User{D51E2529-5C7C-49A2-AA51-E582EF0AE8A1}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{3AD0D0A2-FC5A-4627-B0E0-9C7B1CC4592B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{DF5DB745-109F-48DA-98E0-EE21E46B02B5}c:\\program files\\common files\
    ero\
    ero web\\setupx.exe"= UDP:c:\program files\common files
    ero
    ero web\setupx.exe:MSI starter
    "UDP Query User{609F8DCE-C1C9-4E5A-AFF0-0BCEB4BAB528}c:\\program files\\common files\
    ero\
    ero web\\setupx.exe"= TCP:c:\program files\common files
    ero
    ero web\setupx.exe:MSI starter
    "{907D4AF4-9425-4882-98B2-86C8173D2D73}"= UDP:G:\utorrent.exe:µTorrent (TCP-In)
    "{A7E19779-BAB5-4979-B032-E5BB6EAACAC4}"= TCP:G:\utorrent.exe:µTorrent (UDP-In)
    "{563760C2-93AC-4D20-962C-F225002BF4EB}"= UDP:h:\utilities\P2P\Utorrent\utorrent.exe:µTorrent (TCP-In)
    "{4B5CDFA9-E975-4C31-9931-0BD8E3060BBF}"= TCP:h:\utilities\P2P\Utorrent\utorrent.exe:µTorrent (UDP-In)
    "{5D81ECCE-060B-4CA4-817B-7A6583E7E648}"= UDP:d:\program files\FrostWire\FrostWire.exe:FrostWire
    "{C1C8BAD7-64FF-4E19-ADA2-C78DD761B11F}"= TCP:d:\program files\FrostWire\FrostWire.exe:FrostWire
    "{AAF06024-6A4B-4ABD-BCA0-F702D7E63766}"= UDP:g:\utilities\P2P\Utorrent\utorrent.exe:µTorrent (TCP-In)
    "{90965399-6781-4D77-8D3D-53E58502BEB8}"= TCP:g:\utilities\P2P\Utorrent\utorrent.exe:µTorrent (UDP-In)
    "{8BE788DE-3583-42BF-9C66-AEE4076C4CD7}"= UDP:d:\program files\BankingTools\C@shflow V3.2\C@shflowApp.exe:C@shFlowApp
    "{8FE600F5-A46D-405F-BB9F-CF596E93265A}"= TCP:d:\program files\BankingTools\C@shflow V3.2\C@shflowApp.exe:C@shFlowApp
    "{5B33E791-3F4A-472E-9301-9A98282845DF}"= UDP:d:\utilities\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{9BECF2AA-6C30-4BBB-B573-6D53240068A7}"= TCP:d:\utilities\uTorrent\uTorrent.exe:µTorrent (UDP-In)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2008-10-09 28544]
    R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-08-18 34312]
    R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2009-01-19 159600]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-26 206096]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [2009-01-19 73840]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-14 603904]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [2007-10-31 46592]
    R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\System32\drivers\etDevice.sys [2007-09-06 474624]
    R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\System32\drivers\etFilter.sys [2008-02-05 206464]
    R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2009-01-18 95640]
    R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\System32\drivers\etScan.sys [2008-01-31 6528]
    S3 MBAMDrvService;MBAMDrvService;c:\windows\System32\drivers\mbam.sys [2008-10-10 15504]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f49dfe1-cf75-11dd-8244-001fc626e09d}]
    \shell\AutoRun\command - H:\InstallTomTomHOME.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-03-01 c:\windows\Tasks\1-klik Onderhoud.job
    - d:\utilities\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:12]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    MSConfigStartUp-COMODO Internet Security - d:\program files\Comodo\Firewall\cfp.exe
    MSConfigStartUp-COMODO SafeSurf - c:\program files\COMODO\SafeSurf\cssurf.exe
    MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    MSConfigStartUp-NBKeyScan - d:\program files\Nero 8\Nero BackItUp\NBKeyScan.exe


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - c:\program files\ClickClean\ClickClean.exe
    FF - ProfilePath - c:\users\Gerard van Huffelen\AppData\Roaming\Mozilla\Firefox\Profiles\f9rh3w0m.default\
    FF - prefs.js: browser.search.selectedEngine - Marktplaats.nl
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Google\Picasa3
    pPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    p-mswmp.dll

    —- FIREFOX POLICIES —-
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-01 22:35:40
    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'lsass.exe'(876)
    c:\windows\system32\relog_ap.dll

    - - - - - - - > 'Explorer.exe'(1268)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\System32\audiodg.exe
    c:\program files\ATK Hotkey\ASLDRSrv.exe
    c:\program files\ATKGFNEX\GFNEXSrv.exe
    c:\windows\System32\wlanext.exe
    c:\program files\ASUS\SmartLogon\smartlogon.exe
    c:\program files\ASUS\SmartLogon\sensorsrv.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
    c:\windows\System32\rundll32.exe
    d:\program files\PC Tools Firewall Plus\FWService.exe
    c:\windows\System32\conime.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\ASUS\NB Probe\SPM\spmgr.exe
    c:\program files\ATK Hotkey\HControl.exe
    c:\program files\ATKOSD2\ATKOSD2.exe
    c:\program files\ASUS\ASUS CopyProtect\ASPG.exe
    c:\program files\P4G\BatteryLife.exe
    c:\program files\ASUS\Splendid\ACMON.exe
    c:\windows\System32\ACEngSvr.exe
    c:\program files\ATK Hotkey\ATKOSD.exe
    c:\program files\ATK Hotkey\KBFiltr.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-03-01 22:41:54 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-03-01 21:41:44

    Pre-Run: 50.702.749.696 bytes beschikbaar
    Post-Run: 49,486,221,312 bytes beschikbaar

    289 — E O F — 2009-02-24 15:51:18














  • Ik kom nu tot de ontdekking dat na het draaien van Combofix de HijackThis log ook is verandert. In mijn vorige log waren de twee R0 nog aanwezig en nu zijn ze weg. Zie log.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:59:18, on 1-3-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\Explorer.exe
    D:\Utilities\Totalcmd\TOTALCMD.EXE
    D:\Utilities\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [00PCTFW] "D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Cleaner - {CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - C:\Program Files\ClickClean\ClickClean.exe
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe


    End of file - 5487 bytes
  • Ik hoop niet dat Othuroyo mij vergeet???
  • Oh, die heeft het razend druk op computeridee…. ;-)
  • Tja, dat zou kunnen. Ik begrijp ook best dat het vrijwilligerswerk is maar naar aanleiding van mijn vraag was zijn reactie om een logje te plaatsen dus ging ik er een beetje uit van uit dat hij tijd en gelegenheid had. Ik hoop maar dat hij, of iemand anders het vervolg op zich neemt.
  • Sorry Gerardb voor de afwezigheid.

    Zou je een nieuw ComboFix logje willen plaatsen?



    @gerben, hoe druk ik het daar ook heb dan nog heb ik tijd genoeg vrij(of die maak ik desnoods) om hier logs te lezen, ik deze alleen over het hoofd gezien.
  • Kan gebeuren, maar je bent er weer. Ik begrijp nu ook dat het in eerste instantie mis ging. Het duurde exact 7 minuten voor er -zichtbare- beweging in Combofix kwam. Toen pas kwam de disclaimer in beeld. In totaal duurde het maken van dit logje ruim een half uur. Is dit normaal voor een laptop met een Duo T8100 processor?

    ComboFix 09-03-04.01 - Gerard van Huffelen 2009-03-06 11:47:10.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3070.2109 [GMT 1:00]
    Gestart vanuit: c:\users\Gerard van Huffelen\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\acovcnt.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-06 to 2009-03-06 ))))))))))))))))))))))))))))))
    .

    2009-03-03 17:40 . 2009-03-03 17:40 270,336 –a—— c:\windows\System32\msvcp71c.dll
    2009-02-24 17:17 . 2009-02-24 17:17 <DIR> d——– c:\programdata\Elsevier
    2009-02-24 16:43 . 2009-02-24 16:43 <DIR> d——– c:\program files\Elsevier
    2009-02-17 11:29 . 2009-02-17 11:29 144,310 –a—— C:\Prettige dag.gif
    2009-02-16 13:12 . 2008-06-24 12:45 1,414,440 –a—— c:\windows\System32\ShellManager310E2D762.dll
    2009-02-16 13:12 . 2008-06-23 16:36 773,120 –a—— c:\windows\System32\NEROINSTAEC43759.DB
    2009-02-13 20:21 . 2009-02-13 20:21 <DIR> d——– c:\program files\Microsoft Office Word 2007 Aan de slag tabblad
    2009-02-13 20:18 . 2009-02-13 20:18 <DIR> d——– c:\program files\Microsoft Office Excel 2007 Aan de slag tabblad
    2009-02-13 13:07 . 2009-02-13 13:07 <DIR> d——– c:\programdata\Hitman Pro
    2009-02-11 16:39 . 2008-06-20 02:14 781,344 –a—— c:\windows\System32\PresentationNative_v0300.dll
    2009-02-11 16:39 . 2008-06-20 02:14 622,080 –a—— c:\windows\System32\icardagt.exe
    2009-02-11 16:39 . 2008-06-20 02:14 326,160 –a—— c:\windows\System32\PresentationHost.exe
    2009-02-11 16:39 . 2008-06-20 02:14 105,016 –a—— c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2009-02-11 16:39 . 2008-06-20 02:14 97,800 –a—— c:\windows\System32\infocardapi.dll
    2009-02-11 16:39 . 2008-06-20 02:14 43,544 –a—— c:\windows\System32\PresentationHostProxy.dll
    2009-02-11 16:39 . 2008-06-20 02:14 37,384 –a—— c:\windows\System32\infocardcpl.cpl
    2009-02-11 16:39 . 2008-06-20 02:14 11,264 –a—— c:\windows\System32\icardres.dll
    2009-02-11 16:35 . 2008-07-27 19:03 282,112 –a—— c:\windows\System32\mscoree.dll
    2009-02-11 16:35 . 2008-07-27 19:03 158,720 –a—— c:\windows\System32\mscorier.dll
    2009-02-11 16:35 . 2008-07-27 19:03 96,760 –a—— c:\windows\System32\dfshim.dll
    2009-02-11 16:35 . 2008-07-27 19:03 83,968 –a—— c:\windows\System32\mscories.dll
    2009-02-11 16:35 . 2008-07-27 19:03 41,984 –a—— c:\windows\System32
    etfxperf.dll
    2009-02-11 16:33 . 2008-12-05 05:32 428,544 –a—— c:\windows\System32\EncDec.dll
    2009-02-11 16:33 . 2008-12-05 05:32 293,376 –a—— c:\windows\System32\psisdecd.dll
    2009-02-11 16:33 . 2008-12-05 05:31 217,088 –a—— c:\windows\System32\psisrndr.ax
    2009-02-11 16:33 . 2008-12-05 05:31 177,664 –a—— c:\windows\System32\mpg2splt.ax
    2009-02-11 16:33 . 2008-12-05 05:31 80,896 –a—— c:\windows\System32\MSNP.ax
    2009-02-11 16:32 . 2009-01-15 04:36 1,383,424 –a—— c:\windows\System32\mshtml.tlb
    2009-02-11 16:32 . 2009-01-15 07:11 827,392 –a—— c:\windows\System32\wininet.dll
    2009-02-08 13:52 . 2009-02-08 13:52 <DIR> d——– c:\program files\Windows Live SkyDrive
    2009-02-08 13:52 . 2009-02-08 13:52 <DIR> d——– c:\program files\Windows Live
    2009-02-08 13:52 . 2009-02-08 13:52 <DIR> d——– c:\program files\Microsoft
    2009-02-08 13:47 . 2009-02-08 13:47 <DIR> d——– c:\program files\Common Files\Windows Live

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-06 11:10 ——— d—a-w c:\programdata\TEMP
    2009-03-06 11:09 45,056 —-a-w c:\windows\System32\acovcnt.exe
    2009-03-04 14:22 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\Belastingdienst
    2009-03-01 10:57 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\GHISLER
    2009-03-01 10:57 ——— d—–w c:\programdata\P4G
    2009-02-23 21:29 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\FrostWire
    2009-02-20 21:53 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\uTorrent
    2009-02-16 12:15 ——— d—–w c:\program files\Common Files\Nero
    2009-02-16 12:14 ——— d—–w c:\programdata\Nero
    2009-02-13 12:17 ——— d—–w c:\program files\HP
    2009-02-11 15:44 ——— d—–w c:\program files\Windows Mail
    2009-02-11 09:19 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 09:19 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-02-10 13:11 ——— d—–w c:\programdata\SiteAdvisor
    2009-02-04 12:17 ——— d—–w c:\program files\Google
    2009-02-03 20:00 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\U3
    2009-01-31 13:04 ——— d—–w c:\program files\TomTom DesktopSuite
    2009-01-30 15:12 ——— d—–w c:\programdata\Apple Computer
    2009-01-30 15:12 ——— d—–w c:\program files\QuickTime
    2009-01-18 15:54 ——— d—–w c:\program files\Common Files\PC Tools
    2009-01-18 15:43 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\Comodo
    2009-01-15 20:40 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\TomTom
    2009-01-14 16:01 603,904 —-a-w c:\windows\System32\TUProgSt.exe
    2009-01-14 16:00 360,192 —-a-w c:\windows\System32\TuneUpDefragService.exe
    2009-01-14 16:00 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\TuneUp Software
    2009-01-14 16:00 ——— d—–w c:\programdata\TuneUp Software
    2009-01-14 15:58 ——— d-sh–w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-01-08 19:21 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\NwDocx
    2009-01-05 22:33 3,751,995 —-a-w c:\windows\System32\GPhotos.scr
    2008-12-25 12:26 29,169 —-a-w c:\users\Gerard van Huffelen\AppData\Roaming
    vModes.dat
    2008-12-12 07:32 972,072 —-a-w c:\windows\UNNeroMediaHome.exe
    2008-12-11 12:31 27,904 —-a-w c:\windows\System32\uxtuneup.dll
    2008-12-11 12:31 17,152 —-a-w c:\windows\System32\authuitu.dll
    2008-01-21 02:43 174 –sha-w c:\program files\desktop.ini
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-01_22.40.28.00 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-03-01 21:31:43 159,744 —-a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-03-06 11:09:57 159,744 —-a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    - 2009-03-01 21:31:43 155,648 —-a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-03-06 11:09:57 155,648 —-a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2009-03-01 20:08:08 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-03-04 19:47:07 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-03-01 20:08:08 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-03-04 19:47:07 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-09-17 14:29:12 20,040 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    - 2009-03-01 20:08:08 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-03-04 19:47:07 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-03-01 19:56:10 6,022 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
    + 2009-03-06 10:13:24 6,098 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
    - 2009-03-01 19:49:13 5,844 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3C6349F48554276033C4C72868D3426117914DD6\3C6349F48554276033C4C72868D3426117914DD6\Data.dat
    + 2009-03-06 09:52:15 5,912 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3C6349F48554276033C4C72868D3426117914DD6\3C6349F48554276033C4C72868D3426117914DD6\Data.dat
    + 2009-03-06 09:54:09 5,788 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\47A37E21F1E25EB35EF19A1DCF3D159E9D4EC8FE\47A37E21F1E25EB35EF19A1DCF3D159E9D4EC8FE\Data.dat
    + 2009-03-06 10:15:44 6,460 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AFA0228517D559C72225EDC64521ED7E04459E89\AFA0228517D559C72225EDC64521ED7E04459E89\Data.dat
    - 2009-03-01 19:52:19 5,908 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\FAB6E1F06D907E0EE3CA0B5F77752457622A59C9\FAB6E1F06D907E0EE3CA0B5F77752457622A59C9\Data.dat
    + 2009-03-06 09:53:46 5,968 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\FAB6E1F06D907E0EE3CA0B5F77752457622A59C9\FAB6E1F06D907E0EE3CA0B5F77752457622A59C9\Data.dat
    - 2009-03-01 21:05:44 262,144 —-a-w c:\windows\System32\config\systemprofile
    tuser.dat
    + 2009-03-06 10:47:04 262,144 —-a-w c:\windows\System32\config\systemprofile
    tuser.dat
    - 2009-02-25 19:26:38 84,661 —-a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
    + 2009-03-03 16:52:49 84,661 —-a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
    - 2009-03-01 21:33:10 12,262 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1855685173-4277460765-2080080378-1000_UserData.bin
    + 2009-03-06 10:38:31 12,326 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1855685173-4277460765-2080080378-1000_UserData.bin
    - 2009-03-01 21:33:10 101,550 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-03-06 10:38:31 101,678 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-02-26 10:26:22 269,644 —-a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-03-06 10:34:05 273,890 —-a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
    "00PCTFW"="d:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-11 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3codecp"= l3codecp.acm
    "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
    "msacm.divxa32"= msaud32_divx.acm

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Gerard van Huffelen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
    path=c:\users\Gerard van Huffelen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
    backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    –a—— 2007-02-16 17:49 149024 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
    –a—— 2007-02-17 17:35 1966960 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
    –a—— 2008-06-20 07:24 37232 c:\windows\ASScrProlog.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
    –a—— 2008-06-20 07:24 33136 c:\windows\ASScrPro.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
    –a—— 2006-11-02 16:27 61440 c:\program files\ASUS\ATK Media\DMedia.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    –a—— 2008-12-12 08:30 132392 c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    –a—— 2008-01-21 03:25 125952 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    –a—— 2007-12-05 11:17 8534560 c:\windows\System32
    vcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    –a—— 2007-12-05 11:17 81920 c:\windows\System32
    vmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    –a—— 2007-12-05 11:17 86016 c:\windows\System32
    vsvc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a—— 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    –a—— 2006-11-24 18:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    –a—— 2007-12-06 11:12 1029416 c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    –a—— 2008-12-09 11:12 234856 d:\program files\TomTom HOME 2\HOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
    –a—— 2007-02-17 17:30 1191608 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    –a—— 2008-05-02 05:15 15872 d:\utilities\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    –a—— 2007-08-27 06:10 4702208 c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    –a—— 2007-08-03 06:22 1826816 c:\windows\SkyTel.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1855685173-4277460765-2080080378-1000]
    "EnableNotifications"=dword:00000001
    "EnableNotificationsRef"=dword:00000006

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{FF101D67-52C9-4849-8633-C503260894DE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{F5CF9BA1-0A23-4DD5-B836-937826B37B77}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{2DDF1FE5-6FBC-44B9-A827-3EC82891015C}f:\\bin\\ia\\core\\mdm_util.exe"= UDP:f:\bin\ia\core\mdm_util.exe:MDM_Util
    "UDP Query User{2D583235-873D-4962-83FE-40AE6648776E}f:\\bin\\ia\\core\\mdm_util.exe"= TCP:f:\bin\ia\core\mdm_util.exe:MDM_Util
    "TCP Query User{D51E2529-5C7C-49A2-AA51-E582EF0AE8A1}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{3AD0D0A2-FC5A-4627-B0E0-9C7B1CC4592B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{DF5DB745-109F-48DA-98E0-EE21E46B02B5}c:\\program files\\common files\
    ero\
    ero web\\setupx.exe"= UDP:c:\program files\common files
    ero
    ero web\setupx.exe:MSI starter
    "UDP Query User{609F8DCE-C1C9-4E5A-AFF0-0BCEB4BAB528}c:\\program files\\common files\
    ero\
    ero web\\setupx.exe"= TCP:c:\program files\common files
    ero
    ero web\setupx.exe:MSI starter
    "{907D4AF4-9425-4882-98B2-86C8173D2D73}"= UDP:G:\utorrent.exe:µTorrent (TCP-In)
    "{A7E19779-BAB5-4979-B032-E5BB6EAACAC4}"= TCP:G:\utorrent.exe:µTorrent (UDP-In)
    "{563760C2-93AC-4D20-962C-F225002BF4EB}"= UDP:h:\utilities\P2P\Utorrent\utorrent.exe:µTorrent (TCP-In)
    "{4B5CDFA9-E975-4C31-9931-0BD8E3060BBF}"= TCP:h:\utilities\P2P\Utorrent\utorrent.exe:µTorrent (UDP-In)
    "{5D81ECCE-060B-4CA4-817B-7A6583E7E648}"= UDP:d:\program files\FrostWire\FrostWire.exe:FrostWire
    "{C1C8BAD7-64FF-4E19-ADA2-C78DD761B11F}"= TCP:d:\program files\FrostWire\FrostWire.exe:FrostWire
    "{AAF06024-6A4B-4ABD-BCA0-F702D7E63766}"= UDP:g:\utilities\P2P\Utorrent\utorrent.exe:µTorrent (TCP-In)
    "{90965399-6781-4D77-8D3D-53E58502BEB8}"= TCP:g:\utilities\P2P\Utorrent\utorrent.exe:µTorrent (UDP-In)
    "{5B33E791-3F4A-472E-9301-9A98282845DF}"= UDP:d:\utilities\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{9BECF2AA-6C30-4BBB-B573-6D53240068A7}"= TCP:d:\utilities\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{32D944AC-3E78-4FB2-926D-6B5A143AD2CC}"= UDP:d:\program files\BankingTools\C@shflow V3.2\C@shflowApp.exe:C@shFlowApp
    "{814D5FC0-975E-40B9-98D8-CCB51A89FE17}"= TCP:d:\program files\BankingTools\C@shflow V3.2\C@shflowApp.exe:C@shFlowApp

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2008-10-09 28544]
    R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-08-18 34312]
    R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2009-01-19 159600]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-26 206096]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [2009-01-19 73840]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-14 603904]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [2007-10-31 46592]
    R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\System32\drivers\etDevice.sys [2007-09-06 474624]
    R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\System32\drivers\etFilter.sys [2008-02-05 206464]
    R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2009-01-18 95640]
    R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\System32\drivers\etScan.sys [2008-01-31 6528]
    S3 MBAMDrvService;MBAMDrvService;c:\windows\System32\drivers\mbam.sys [2008-10-10 15504]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f49dfe1-cf75-11dd-8244-001fc626e09d}]
    \shell\AutoRun\command - H:\InstallTomTomHOME.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-03-06 c:\windows\Tasks\1-klik Onderhoud.job
    - d:\utilities\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:12]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - c:\program files\ClickClean\ClickClean.exe
    FF - ProfilePath - c:\users\Gerard van Huffelen\AppData\Roaming\Mozilla\Firefox\Profiles\f9rh3w0m.default\
    FF - prefs.js: browser.search.selectedEngine - Marktplaats.nl
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Google\Picasa3
    pPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    p-mswmp.dll

    —- FIREFOX POLICIES —-
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-06 12:11:02
    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'lsass.exe'(876)
    c:\windows\system32\relog_ap.dll

    - - - - - - - > 'Explorer.exe'(3640)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\System32\audiodg.exe
    c:\program files\ATK Hotkey\ASLDRSrv.exe
    c:\program files\ATKGFNEX\GFNEXSrv.exe
    c:\windows\System32\wlanext.exe
    c:\program files\ASUS\SmartLogon\sensorsrv.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
    c:\windows\System32\rundll32.exe
    d:\program files\PC Tools Firewall Plus\FWService.exe
    c:\windows\System32\conime.exe
    c:\program files\ATK Hotkey\HControl.exe
    c:\program files\ATKOSD2\ATKOSD2.exe
    c:\program files\ASUS\ASUS CopyProtect\ASPG.exe
    c:\program files\P4G\BatteryLife.exe
    c:\program files\ASUS\Splendid\ACMON.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\ASUS\NB Probe\SPM\spmgr.exe
    c:\windows\System32\ACEngSvr.exe
    c:\program files\ATK Hotkey\ATKOSD.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\program files\ATK Hotkey\KBFiltr.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    c:\windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-03-06 12:13:45 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-03-06 11:13:41
    ComboFix2.txt 2009-03-01 21:41:55

    Pre-Run: 50.338.254.848 bytes beschikbaar
    Post-Run: 49,668,993,024 bytes beschikbaar

    323 — E O F — 2009-03-06 09:53:56
















  • Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.




    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • Hier de nieuwe log. De computer starte overigens niet opnieuw op na het draaien van Flash Disinfector, maar gaf de melding"'Done'.

    ComboFix 09-03-04.01 - Gerard van Huffelen 2009-03-06 18:23:39.3 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3070.2108 [GMT 1:00]
    Gestart vanuit: c:\users\Gerard van Huffelen\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Gerard van Huffelen\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-06 to 2009-03-06 ))))))))))))))))))))))))))))))
    .

    2009-03-06 18:50 . 2009-03-06 18:50 45,056 –a—— c:\windows\System32\acovcnt.exe
    2009-03-06 18:49 . 2009-03-06 18:50 309,537,888 –a—— c:\windows\MEMORY.DMP
    2009-03-03 17:40 . 2009-03-03 17:40 270,336 –a—— c:\windows\System32\msvcp71c.dll
    2009-02-24 17:17 . 2009-02-24 17:17 <DIR> d——– c:\programdata\Elsevier
    2009-02-24 16:43 . 2009-02-24 16:43 <DIR> d——– c:\program files\Elsevier
    2009-02-17 11:29 . 2009-02-17 11:29 144,310 –a—— C:\Prettige dag.gif
    2009-02-16 13:12 . 2008-06-24 12:45 1,414,440 –a—— c:\windows\System32\ShellManager310E2D762.dll
    2009-02-16 13:12 . 2008-06-23 16:36 773,120 –a—— c:\windows\System32\NEROINSTAEC43759.DB
    2009-02-13 20:21 . 2009-02-13 20:21 <DIR> d——– c:\program files\Microsoft Office Word 2007 Aan de slag tabblad
    2009-02-13 20:18 . 2009-02-13 20:18 <DIR> d——– c:\program files\Microsoft Office Excel 2007 Aan de slag tabblad
    2009-02-13 13:07 . 2009-02-13 13:07 <DIR> d——– c:\programdata\Hitman Pro
    2009-02-11 16:39 . 2008-06-20 02:14 781,344 –a—— c:\windows\System32\PresentationNative_v0300.dll
    2009-02-11 16:39 . 2008-06-20 02:14 622,080 –a—— c:\windows\System32\icardagt.exe
    2009-02-11 16:39 . 2008-06-20 02:14 326,160 –a—— c:\windows\System32\PresentationHost.exe
    2009-02-11 16:39 . 2008-06-20 02:14 105,016 –a—— c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2009-02-11 16:39 . 2008-06-20 02:14 97,800 –a—— c:\windows\System32\infocardapi.dll
    2009-02-11 16:39 . 2008-06-20 02:14 43,544 –a—— c:\windows\System32\PresentationHostProxy.dll
    2009-02-11 16:39 . 2008-06-20 02:14 37,384 –a—— c:\windows\System32\infocardcpl.cpl
    2009-02-11 16:39 . 2008-06-20 02:14 11,264 –a—— c:\windows\System32\icardres.dll
    2009-02-11 16:35 . 2008-07-27 19:03 282,112 –a—— c:\windows\System32\mscoree.dll
    2009-02-11 16:35 . 2008-07-27 19:03 158,720 –a—— c:\windows\System32\mscorier.dll
    2009-02-11 16:35 . 2008-07-27 19:03 96,760 –a—— c:\windows\System32\dfshim.dll
    2009-02-11 16:35 . 2008-07-27 19:03 83,968 –a—— c:\windows\System32\mscories.dll
    2009-02-11 16:35 . 2008-07-27 19:03 41,984 –a—— c:\windows\System32
    etfxperf.dll
    2009-02-11 16:33 . 2008-12-05 05:32 428,544 –a—— c:\windows\System32\EncDec.dll
    2009-02-11 16:33 . 2008-12-05 05:32 293,376 –a—— c:\windows\System32\psisdecd.dll
    2009-02-11 16:33 . 2008-12-05 05:31 217,088 –a—— c:\windows\System32\psisrndr.ax
    2009-02-11 16:33 . 2008-12-05 05:31 177,664 –a—— c:\windows\System32\mpg2splt.ax
    2009-02-11 16:33 . 2008-12-05 05:31 80,896 –a—— c:\windows\System32\MSNP.ax
    2009-02-11 16:32 . 2009-01-15 04:36 1,383,424 –a—— c:\windows\System32\mshtml.tlb
    2009-02-11 16:32 . 2009-01-15 07:11 827,392 –a—— c:\windows\System32\wininet.dll
    2009-02-08 13:52 . 2009-02-08 13:52 <DIR> d——– c:\program files\Windows Live SkyDrive
    2009-02-08 13:52 . 2009-02-08 13:52 <DIR> d——– c:\program files\Windows Live
    2009-02-08 13:52 . 2009-02-08 13:52 <DIR> d——– c:\program files\Microsoft
    2009-02-08 13:47 . 2009-02-08 13:47 <DIR> d——– c:\program files\Common Files\Windows Live

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-06 17:50 ——— d—a-w c:\programdata\TEMP
    2009-03-06 15:31 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\Belastingdienst
    2009-03-01 10:57 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\GHISLER
    2009-03-01 10:57 ——— d—–w c:\programdata\P4G
    2009-02-23 21:29 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\FrostWire
    2009-02-20 21:53 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\uTorrent
    2009-02-16 12:15 ——— d—–w c:\program files\Common Files\Nero
    2009-02-16 12:14 ——— d—–w c:\programdata\Nero
    2009-02-13 12:17 ——— d—–w c:\program files\HP
    2009-02-11 15:44 ——— d—–w c:\program files\Windows Mail
    2009-02-11 09:19 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 09:19 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-02-10 13:11 ——— d—–w c:\programdata\SiteAdvisor
    2009-02-04 12:17 ——— d—–w c:\program files\Google
    2009-02-03 20:00 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\U3
    2009-01-31 13:04 ——— d—–w c:\program files\TomTom DesktopSuite
    2009-01-30 15:12 ——— d—–w c:\programdata\Apple Computer
    2009-01-30 15:12 ——— d—–w c:\program files\QuickTime
    2009-01-18 15:54 ——— d—–w c:\program files\Common Files\PC Tools
    2009-01-18 15:43 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\Comodo
    2009-01-15 20:40 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\TomTom
    2009-01-14 16:00 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\TuneUp Software
    2009-01-14 16:00 ——— d—–w c:\programdata\TuneUp Software
    2009-01-14 15:58 ——— d-sh–w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-01-08 19:21 ——— d—–w c:\users\Gerard van Huffelen\AppData\Roaming\NwDocx
    2008-12-25 12:26 29,169 —-a-w c:\users\Gerard van Huffelen\AppData\Roaming
    vModes.dat
    2008-12-12 07:32 972,072 —-a-w c:\windows\UNNeroMediaHome.exe
    2008-01-21 02:43 174 –sha-w c:\program files\desktop.ini
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-01_22.40.28.00 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-03-01 21:31:43 159,744 —-a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-03-06 17:50:40 159,744 —-a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    - 2009-03-01 21:31:43 155,648 —-a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-03-06 17:50:40 155,648 —-a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2009-03-01 20:08:08 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-03-04 19:47:07 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-03-01 20:08:08 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-03-04 19:47:07 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-09-17 14:29:12 20,040 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    - 2009-03-01 20:08:08 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-03-04 19:47:07 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-03-01 19:56:10 6,022 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
    + 2009-03-06 16:35:04 6,022 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
    - 2009-03-01 19:49:13 5,844 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3C6349F48554276033C4C72868D3426117914DD6\3C6349F48554276033C4C72868D3426117914DD6\Data.dat
    + 2009-03-06 16:55:27 5,844 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3C6349F48554276033C4C72868D3426117914DD6\3C6349F48554276033C4C72868D3426117914DD6\Data.dat
    - 2009-03-01 19:52:19 5,908 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\FAB6E1F06D907E0EE3CA0B5F77752457622A59C9\FAB6E1F06D907E0EE3CA0B5F77752457622A59C9\Data.dat
    + 2009-03-06 16:42:57 5,968 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\FAB6E1F06D907E0EE3CA0B5F77752457622A59C9\FAB6E1F06D907E0EE3CA0B5F77752457622A59C9\Data.dat
    - 2009-03-01 21:05:44 262,144 —-a-w c:\windows\System32\config\systemprofile
    tuser.dat
    + 2009-03-06 10:47:04 262,144 —-a-w c:\windows\System32\config\systemprofile
    tuser.dat
    - 2009-02-25 19:26:38 84,661 —-a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
    + 2009-03-06 14:40:11 84,661 —-a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
    - 2009-03-01 21:33:10 12,262 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1855685173-4277460765-2080080378-1000_UserData.bin
    + 2009-03-06 17:15:16 12,358 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1855685173-4277460765-2080080378-1000_UserData.bin
    - 2009-03-01 21:33:10 101,550 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-03-06 17:15:16 101,702 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-03-01 10:54:04 53,688 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-03-06 16:42:06 54,150 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-02-26 10:26:22 269,644 —-a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-03-06 10:34:05 273,890 —-a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
    "00PCTFW"="d:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-11 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3codecp"= l3codecp.acm
    "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
    "msacm.divxa32"= msaud32_divx.acm

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Gerard van Huffelen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
    path=c:\users\Gerard van Huffelen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
    backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    –a—— 2007-02-16 17:49 149024 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
    –a—— 2007-02-17 17:35 1966960 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
    –a—— 2008-06-20 07:24 37232 c:\windows\ASScrProlog.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
    –a—— 2008-06-20 07:24 33136 c:\windows\ASScrPro.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
    –a—— 2006-11-02 16:27 61440 c:\program files\ASUS\ATK Media\DMedia.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    –a—— 2008-12-12 08:30 132392 c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    –a—— 2008-01-21 03:25 125952 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    –a—— 2007-12-05 11:17 8534560 c:\windows\System32
    vcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    –a—— 2007-12-05 11:17 81920 c:\windows\System32
    vmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    –a—— 2007-12-05 11:17 86016 c:\windows\System32
    vsvc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a—— 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    –a—— 2006-11-24 18:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    –a—— 2007-12-06 11:12 1029416 c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    –a—— 2008-12-09 11:12 234856 d:\program files\TomTom HOME 2\HOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
    –a—— 2007-02-17 17:30 1191608 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    –a—— 2008-05-02 05:15 15872 d:\utilities\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    –a—— 2007-08-27 06:10 4702208 c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    –a—— 2007-08-03 06:22 1826816 c:\windows\SkyTel.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1855685173-4277460765-2080080378-1000]
    "EnableNotifications"=dword:00000001
    "EnableNotificationsRef"=dword:00000006

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{FF101D67-52C9-4849-8633-C503260894DE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{F5CF9BA1-0A23-4DD5-B836-937826B37B77}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{2DDF1FE5-6FBC-44B9-A827-3EC82891015C}f:\\bin\\ia\\core\\mdm_util.exe"= UDP:f:\bin\ia\core\mdm_util.exe:MDM_Util
    "UDP Query User{2D583235-873D-4962-83FE-40AE6648776E}f:\\bin\\ia\\core\\mdm_util.exe"= TCP:f:\bin\ia\core\mdm_util.exe:MDM_Util
    "TCP Query User{D51E2529-5C7C-49A2-AA51-E582EF0AE8A1}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{3AD0D0A2-FC5A-4627-B0E0-9C7B1CC4592B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{DF5DB745-109F-48DA-98E0-EE21E46B02B5}c:\\program files\\common files\
    ero\
    ero web\\setupx.exe"= UDP:c:\program files\common files
    ero
    ero web\setupx.exe:MSI starter
    "UDP Query User{609F8DCE-C1C9-4E5A-AFF0-0BCEB4BAB528}c:\\program files\\common files\
    ero\
    ero web\\setupx.exe"= TCP:c:\program files\common files
    ero
    ero web\setupx.exe:MSI starter
    "{907D4AF4-9425-4882-98B2-86C8173D2D73}"= UDP:G:\utorrent.exe:µTorrent (TCP-In)
    "{A7E19779-BAB5-4979-B032-E5BB6EAACAC4}"= TCP:G:\utorrent.exe:µTorrent (UDP-In)
    "{563760C2-93AC-4D20-962C-F225002BF4EB}"= UDP:h:\utilities\P2P\Utorrent\utorrent.exe:µTorrent (TCP-In)
    "{4B5CDFA9-E975-4C31-9931-0BD8E3060BBF}"= TCP:h:\utilities\P2P\Utorrent\utorrent.exe:µTorrent (UDP-In)
    "{5D81ECCE-060B-4CA4-817B-7A6583E7E648}"= UDP:d:\program files\FrostWire\FrostWire.exe:FrostWire
    "{C1C8BAD7-64FF-4E19-ADA2-C78DD761B11F}"= TCP:d:\program files\FrostWire\FrostWire.exe:FrostWire
    "{AAF06024-6A4B-4ABD-BCA0-F702D7E63766}"= UDP:g:\utilities\P2P\Utorrent\utorrent.exe:µTorrent (TCP-In)
    "{90965399-6781-4D77-8D3D-53E58502BEB8}"= TCP:g:\utilities\P2P\Utorrent\utorrent.exe:µTorrent (UDP-In)
    "{5B33E791-3F4A-472E-9301-9A98282845DF}"= UDP:d:\utilities\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{9BECF2AA-6C30-4BBB-B573-6D53240068A7}"= TCP:d:\utilities\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{32D944AC-3E78-4FB2-926D-6B5A143AD2CC}"= UDP:d:\program files\BankingTools\C@shflow V3.2\C@shflowApp.exe:C@shFlowApp
    "{814D5FC0-975E-40B9-98D8-CCB51A89FE17}"= TCP:d:\program files\BankingTools\C@shflow V3.2\C@shflowApp.exe:C@shFlowApp

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2008-10-09 28544]
    R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-08-18 34312]
    R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2009-01-19 159600]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-26 206096]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [2009-01-19 73840]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-14 603904]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [2007-10-31 46592]
    R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\System32\drivers\etDevice.sys [2007-09-06 474624]
    R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\System32\drivers\etFilter.sys [2008-02-05 206464]
    R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2009-01-18 95640]
    R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\System32\drivers\etScan.sys [2008-01-31 6528]
    S3 MBAMDrvService;MBAMDrvService;c:\windows\System32\drivers\mbam.sys [2008-10-10 15504]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-03-06 c:\windows\Tasks\1-klik Onderhoud.job
    - d:\utilities\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:12]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - c:\program files\ClickClean\ClickClean.exe
    FF - ProfilePath - c:\users\Gerard van Huffelen\AppData\Roaming\Mozilla\Firefox\Profiles\f9rh3w0m.default\
    FF - prefs.js: browser.search.selectedEngine - Marktplaats.nl
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Google\Picasa3
    pPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    p-mswmp.dll

    —- FIREFOX POLICIES —-
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-06 18:51:13
    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'lsass.exe'(900)
    c:\windows\system32\relog_ap.dll

    - - - - - - - > 'Explorer.exe'(1460)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\System32\audiodg.exe
    c:\program files\ASUS\SmartLogon\smartlogon.exe
    c:\program files\ATK Hotkey\ASLDRSrv.exe
    c:\program files\ATKGFNEX\GFNEXSrv.exe
    c:\windows\System32\wlanext.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
    c:\windows\System32\rundll32.exe
    c:\program files\ATK Hotkey\HControl.exe
    c:\program files\ATKOSD2\ATKOSD2.exe
    c:\program files\ASUS\ASUS CopyProtect\ASPG.exe
    c:\program files\P4G\BatteryLife.exe
    c:\program files\ASUS\Splendid\ACMON.exe
    c:\windows\System32\ACEngSvr.exe
    c:\program files\ASUS\SmartLogon\sensorsrv.exe
    d:\program files\PC Tools Firewall Plus\FWService.exe
    c:\program files\ATK Hotkey\ATKOSD.exe
    c:\windows\System32\conime.exe
    c:\program files\ATK Hotkey\KBFiltr.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\ASUS\NB Probe\SPM\spmgr.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    c:\windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-03-06 18:54:20 - machine werd herstart [Gerard van Huffelen]
    ComboFix-quarantined-files.txt 2009-03-06 17:54:17
    ComboFix2.txt 2009-03-01 21:41:55

    Pre-Run: 49.491.042.304 bytes beschikbaar
    Post-Run: 48,299,327,488 bytes beschikbaar

    315 — E O F — 2009-03-06 09:53:56
















Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.