Vraag & Antwoord

Beveiliging & privacy

Rbot.gen

18 antwoorden
  • Hallo, Ik krijg bij het opstarten van mijn PC de melding van windows dat er een bestand Rbot.gen is gevonden in win32. Wanneer ik mijn virusscanner (Avira) laat scannen vindt hij niets. Ik merk zelf niets van het virus, behalve dan dat ik die melding krijg bij het opstarten van mijn PC. Omdat ik nog nooit een virus heb gehad, heb ik er ook niet zo veel verstand van hoe ik het eraf krijg, dus al iemand het wel weet hoor ik het graag !. Besturingssysteem: Windows 7 Home Premium. Virusscanner: Avira Anti-Vir Personal. Misschien heeft iemand er wat aan als ik er een logfile van Hijack this bij plaats: Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 16:20:50, on 19-2-2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\vsnpstd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\AltBinz\altbinz.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\WerFault.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HKLM] C:\Windows\System32\spynet\server.exe O4 - HKLM\..\Run: [WindowsNT Service] C:\Users\Tim\AppData\Roaming\WindowsNT Service.exe O4 - HKLM\..\RunServices: [WindowsNT Service] C:\Users\Tim\AppData\Roaming\WindowsNT Service.exe O4 - HKCU\..\Run: [HKCU] C:\Windows\System32\spynet\server.exe O4 - HKCU\..\Run: [WindowsNT Service] C:\Users\Tim\AppData\Roaming\WindowsNT Service.exe O4 - HKLM\..\Policies\Explorer\Run: [Critical Service Manager] C:\Program Files\Windows NT\csrss.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\spynet\server.exe O4 - HKCU\..\Policies\Explorer\Run: [Critical Service Manager] C:\Program Files\Windows NT\csrss.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\spynet\server.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 10204 bytes Ik hoop dat iemand kan helpen. Alvast bedankt !
  • Download Superantispyware eens: [url]http://www.superantispyware.com/[/url]
  • MBAM is beter!
  • Bedankt voor de snelle reactie's. Ik heb gescand met superantispyware. Hij vond alleen 5 cookies van Internet Explorer, en heeft deze dus verwijderd, maar hij heeft niets gevonden wat te maken heeft met Rbot.gen. Dus zal ik MBAM maar eens proberen.
  • Hallo Tim, ik weet niet of je MBAM al hebt laten scannen, maar post het log. Doe ook het volgende: download [url=http://download.bleepingcomputer.com/sUBs/dds.scr][b:0ec5c1496b][color=darkblue:0ec5c1496b]DDS.scr[/b:0ec5c1496b] (klik)[/color:0ec5c1496b][/url] naar je bureaublad. - dds.scr dubbelklikken - wacht tot de scan klaar is. - Na de scan worden twee tekstdocumnenten geopend - post het DDS-log!
  • Ik heb gescand met MBAM. De Logfile: Malwarebytes' Anti-Malware 1.44 Database versie: 3766 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 20-2-2010 14:01:22 mbam-log-2010-02-20 (14-01-16).txt Scan type: Volledige Scan (C:\|D:\|) Objecten gescand: 363324 Verstreken tijd: 1 hour(s), 32 minute(s), 33 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 2 Registerwaarden geïnfecteerd: 6 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 4 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Generic.Bot.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{872273i2-l65w-75a5-16x5-5xxj70c8lobv} (Generic.Bot.H) -> No action taken. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Downloader) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\critical service manager (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\critical service manager (Trojan.Agent) -> No action taken. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\Windows\System32\spynet\server.exe (Generic.Bot.H) -> No action taken. C:\Users\Tim\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken. C:\Users\Tim\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken. C:\Users\Tim\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken. Het programma gaf de optie om deze bestanden/registersleutels die geinfecteerd waren met het virus te verwijderen. Dit heb ik gedaan. Ik moest mijn pc hiervoor opnieuw opstarten om dat sommige onderdelen alleen konden worden verwijderd wanneer de pc opnieuw werd opgestart. Na het opstarten kreeg ik verder geen bericht meer van MBAM, wel nog steeds van windows met het bericht dat er mogelijke schadelijke software gevonden was. Ik zal nu die andere scan laten draaien, ik plaats de log zodra hij klaar is! EDIT: Blijkbaar duurt deze scan kort, dus hierbij ook de logfile van DDS: DDS (Ver_09-12-01.01) - NTFSx86 Run by Tim at 14:08:56,93 on za 20-02-2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.2047.1244 [GMT 1:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\vsnpstd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\alg.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Tim\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.msn.nl/ uDefault_Page_URL = hxxp://www.asus.com uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [WindowsNT Service] c:\users\tim\appdata\roaming\WindowsNT Service.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [snpstd] c:\windows\vsnpstd.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [WindowsNT Service] c:\users\tim\appdata\roaming\WindowsNT Service.exe mRunServices: [WindowsNT Service] c:\users\tim\appdata\roaming\WindowsNT Service.exe StartupFolder: c:\users\tim\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: LocalAccountTokenFilterPolicy = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: han.nl DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-27 11608] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-27 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-27 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-27 56816] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-11-20 240232] R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 311808] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392] S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-28 135664] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2009-6-10 48128] S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920] =============== Created Last 30 ================ 2010-02-20 11:26:58 0 d-----w- c:\users\tim\appdata\roaming\Malwarebytes 2010-02-20 11:26:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-20 11:26:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-20 11:26:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-19 15:43:40 0 d-----w- c:\programdata\SUPERAntiSpyware.com 2010-02-19 15:43:35 0 d-----w- c:\users\tim\appdata\roaming\SUPERAntiSpyware.com 2010-02-19 15:43:35 0 d-----w- c:\program files\SUPERAntiSpyware 2010-02-19 15:25:21 0 d-----w- c:\users\tim\appdata\roaming\GrabIt 2010-02-19 15:24:10 0 d-----w- c:\program files\GrabIt 2010-02-19 12:54:05 0 d-----w- c:\program files\TrendMicro 2010-02-18 10:15:51 23208 ----a-w- c:\windows\hpqins15.dat 2010-02-17 13:13:51 0 d-----w- c:\program files\FTDv3.8 2010-02-16 19:43:17 87608 ----a-w- c:\users\tim\appdata\roaming\inst.exe 2010-02-16 19:43:17 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-02-16 19:43:17 47360 ----a-w- c:\users\tim\appdata\roaming\pcouffin.sys 2010-02-16 19:43:02 0 d-----w- c:\program files\VSO 2010-02-16 18:51:40 69 ----a-w- c:\windows\NeroDigital.ini 2010-02-14 23:39:03 0 d-----w- c:\program files\PowerISO 2010-02-14 23:27:46 0 d-----w- c:\program files\VirtualCloneDrive 2010-02-14 23:09:19 175104 ----a-w- c:\users\tim\appdata\roaming\SQLite3.dll 2010-02-14 23:07:35 0 d-----w- c:\users\tim\Tracing 2010-02-14 21:21:54 0 d-----w- c:\program files\Nero 2010-02-14 21:21:25 0 d-----w- c:\programdata\Nero 2010-02-14 20:49:37 0 d-----w- c:\users\tim\appdata\roaming\Canneverbe Limited 2010-02-14 20:49:36 0 d-----w- c:\programdata\Canneverbe Limited 2010-02-14 11:55:33 0 d-----w- c:\users\tim\appdata\roaming\DAEMON Tools Pro 2010-02-14 11:55:33 0 d-----w- c:\programdata\DAEMON Tools Pro 2010-02-14 11:43:34 0 d-----w- c:\program files\Your Uninstaller 2010 2010-02-10 09:08:59 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-02-10 09:08:59 85504 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-02-10 09:08:59 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-02-10 09:08:59 320512 ----a-w- c:\windows\system32\RMActivate.exe 2010-02-10 09:08:59 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-02-10 09:08:59 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-02-02 19:07:50 0 d-----w- c:\program files\iPod 2010-02-02 19:07:49 0 d-----w- c:\program files\iTunes 2010-01-29 00:17:05 0 d-----w- c:\program files\MSXML 4.0 2010-01-27 23:14:20 0 d-----w- c:\programdata\WEBREG 2010-01-27 23:10:35 1843 ------w- c:\windows\hpwmdl23.dat.temp 2010-01-27 22:59:19 0 d-----w- c:\program files\VDOWNLOADER 2010-01-27 22:59:19 0 d-----w- c:\program files\common files\eBay 2010-01-27 22:47:18 0 d-----w- c:\programdata\HP Product Assistant 2010-01-27 22:45:35 0 d-----w- c:\program files\common files\HP 2010-01-27 22:45:33 0 d-----w- c:\program files\common files\Hewlett-Packard 2010-01-27 22:45:19 0 d-----w- c:\windows\hpoj6500e709 2010-01-27 22:44:38 118272 ----a-w- c:\windows\system32\hpf3l082.dll 2010-01-27 22:44:31 0 d-----w- c:\program files\HP 2010-01-27 22:43:37 250099 ----a-w- c:\windows\hpwins23.dat 2010-01-27 22:43:37 1843 ------w- c:\windows\hpwmdl23.dat 2010-01-27 22:43:17 966656 ----a-w- c:\windows\system32\hpwtiop4.dll 2010-01-27 22:43:17 741376 ----a-w- c:\windows\system32\hpwwiax5.dll 2010-01-27 22:43:17 271704 ----a-w- c:\windows\system32\hpzids01.dll 2010-01-27 22:43:16 364544 ----a-w- c:\windows\system32\hppldcoi.dll 2010-01-27 22:43:16 294912 ----a-w- c:\windows\system32\hpovst11.dll 2010-01-27 22:27:49 0 d-----w- c:\program files\QuickPar 2010-01-27 22:18:12 0 d-----w- c:\programdata\HP 2010-01-27 21:30:30 0 d-----w- c:\programdata\Office Genuine Advantage 2010-01-27 11:01:01 331776 --sh--r- c:\users\tim\appdata\roaming\ServiceNT.exe 2010-01-27 11:01:01 285696 ----a-w- c:\windows\system32\winlogon.exe 2010-01-27 11:01:01 2614272 ----a-w- c:\windows\explorer.exe 2010-01-27 11:01:01 188416 --sh--r- c:\users\tim\appdata\roaming\WindowsNT Service.exe 2010-01-22 07:29:59 977920 ----a-w- c:\windows\system32\wininet.dll ==================== Find3M ==================== 2010-02-20 12:20:24 691490 ----a-w- c:\windows\system32\perfh013.dat 2010-02-20 12:20:24 130026 ----a-w- c:\windows\system32\perfc013.dat 2010-02-16 19:03:59 142504 ---ha-w- c:\windows\system32\mlfcache.dat 2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll 2010-01-14 10:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-08 03:18:02 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-01-08 03:17:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-23 14:57:11 248 ----a-w- c:\programdata\nvUnsupRes.dat 2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll 2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll 2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll 2009-12-10 18:31:10 1539104 ----a-w- c:\windows\system32\RtkPgExt.dll 2009-12-10 18:31:04 56864 ----a-w- c:\windows\system32\RtkCoInst.dll 2009-12-10 18:31:04 367136 ----a-w- c:\windows\system32\RtkApoApi.dll 2009-12-10 18:30:58 2796576 ----a-w- c:\windows\system32\RtkAPO.dll 2009-12-08 11:40:12 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 11:40:12 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 11:32:02 292864 ----a-w- c:\windows\system32\apphelp.dll 2009-12-04 17:26:12 297376 ----a-w- c:\windows\system32\FMAPO.dll 2009-12-04 14:43:54 132368 ----a-w- c:\windows\system32\MaxxAudioAPO.dll 2009-11-28 15:56:18 29480 ----a-w- c:\windows\system32\msxml3a.dll 2009-11-28 15:56:17 505128 ----a-w- c:\windows\system32\msvcp71.dll 2009-11-28 15:56:17 353576 ----a-w- c:\windows\system32\msvcr71.dll 2009-11-28 13:18:33 2853 ----a-w- c:\windows\system32\COMMAND.PIF 2009-11-24 16:40:20 838176 ----a-w- c:\windows\RtlExUpd.dll 2009-11-24 08:55:08 345328 ----a-w- c:\windows\system32\SRSTSXT.dll 2009-11-24 08:55:08 185584 ----a-w- c:\windows\system32\SRSTSHD.dll 2009-11-24 08:55:08 173296 ----a-w- c:\windows\system32\SRSHP360.dll 2009-11-24 08:55:08 140528 ----a-w- c:\windows\system32\SRSWOW.dll 2009-08-26 08:51:37 43068 ----a-w- c:\windows\inf\perflib\0413\perfd.dat 2009-08-26 08:51:37 43068 ----a-w- c:\windows\inf\perflib\0413\perfc.dat 2009-08-26 08:51:37 341322 ----a-w- c:\windows\inf\perflib\0413\perfi.dat 2009-08-26 08:51:37 341322 ----a-w- c:\windows\inf\perflib\0413\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 14:10:26,66 ===============
  • en is de melding weg?
  • Ik heb MBAM nog een keer laten scannen, en heeft kan nu niets meer vinden, echter als ik windows weer opnieuw opstart, geeft het onderhoudscentrum nog steeds de waarschuwing dat er schadelijke software gevonden is. Wanneer ik op deze melding klik en de opdracht geef om Rbot.gen te verwijderen doet hij dit. Hierna krijg ik geen melding meer, maar wanneer ik windows daarna weer opnieuw opstart komt deze melding weer tevoorschijn. Dus is het virus nu van mijn PC af of niet ?
  • Nee, het virus komt na herstart van je pc weer tevoorschijn. Scan anders eens in de veilige modus.
  • Ik heb hem gescand in veilige modus, kon niets vinden. Weet jij of iemand anders nog een programma of tip ?
  • Probeer anders eens met Spybot Seach & Destroy? [url]http://www.safer-networking.org/nl/spybotsd/index.html[/url]
  • Ik heb spybot search en destroy geprobeert, deze vond alleen 6 cookies van internet explorer. Dus iemand nog een ander programma/tip graag !
  • Ok, start Internet Explorer en verwijder je cookies. Download daarna Kaspersky Online Scanner [url]http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html[/url] en ga scannen.
  • Hallo Tim, je hebt ondertussen van een aantal mensen adviezen ter hand genomen! Het hele vreemde van de melding over rbot.gen is, dat deze niet in één van de logs voorkomt - waarschijnlijk ook al verwijderd is! Ergo -doe eerst het volgende (essentieel): deïnstalleer Super Antispyware en Spybot Search and Destroy. Je hebt nu MBAM - dus die andere tools heb je echt niet nodig! Na deïnstallatie start je jouw PC opnieuw op en dan ga je het volgende doen: [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:4f642c140e]Laat Combofix jouw Windows scannen[/b:4f642c140e] (klik)[/url]. [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:4f642c140e]Hoe Combofix goed te gebruiken[/b:4f642c140e] (klik)[/url] [b:4f642c140e]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende: [color=red:4f642c140e]- er mogen geen webbrowsers openstaan - antivirus moet geheel gedeaktiveerd zijn - actieve mal- en spywarescanners moeten gedeaktiveerd zijn.[/b:4f642c140e][/color:4f642c140e] Niet in het actieve Combofixvnster klikken – dit zal Combofix doen bevriezen! Combofix sluit de internet verbinding – probeer deze tussentijds niet te herstellen! [b:4f642c140e]Vistagebruikers starten Combofix op met Administratorrechten! En vergeten niet Windows Defender tijdelijk uit te schakelen: zie daarvoor [url]http://windowshelp.microsoft.com/Windows/nl-NL/help/31d797aa-091d-4d67-a556-dbfaf21bf0dc1043.mspx[/url].[/b:4f642c140e] [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:4f642c140e]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:4f642c140e][/url] Post de inhoud van het Combofix-log in je volgende bericht.
  • Hallo, hierbij de combo-fix log. Ik had de andere 2 programma's al verwijderd, en heb nu dus nog alleen mbam. ComboFix 10-02-20.04 - Tim 21-02-2010 16:50:23.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.2047.1096 [GMT 1:00] Gestart vanuit: c:\users\Tim\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\temp c:\users\Tim\AppData\Roaming\inst.exe c:\users\Tim\AppData\Roaming\ServiceNT.exe c:\users\Tim\AppData\Roaming\SQLite3.dll c:\users\Tim\AppData\Roaming\WindowsNT Service.exe c:\windows\system32\command.pif . (((((((((((((((((((( Bestanden Gemaakt van 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))) . 2010-02-21 15:57 . 2010-02-21 15:57 -------- d-----w- c:\users\Tim\AppData\Local\temp 2010-02-21 15:57 . 2010-02-21 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-21 13:48 . 2010-02-21 13:48 673048 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{1B158E12-E145-E704-3CB6-3A64B875E5FA}-iexplore.exe 2010-02-21 13:37 . 2010-02-21 13:37 -------- d-----w- c:\users\Tim\AppData\Roaming\HPAppData 2010-02-21 10:09 . 2010-02-21 10:09 673048 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{EB80568D-5416-292D-521C-298ADC5DF005}-iexplore.exe 2010-02-20 19:27 . 2010-02-20 19:27 673048 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{7B5DF56B-7974-EB46-E01B-75D246384204}-iexplore.exe 2010-02-20 18:43 . 2010-02-20 18:43 -------- d-----w- c:\users\Tim\AppData\Roaming\NeroDigital(TM) 2010-02-20 18:00 . 2010-02-20 18:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-02-20 17:02 . 2010-02-20 17:02 673048 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{14804A7E-8144-BEE2-E51B-213DFFDEDCD6}-iexplore.exe 2010-02-20 15:25 . 2010-02-20 15:25 673048 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{8875A5C6-7594-2750-848C-5B85C871F5A3}-iexplore.exe 2010-02-20 11:26 . 2010-02-20 11:26 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes 2010-02-20 11:26 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-20 11:26 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-20 11:26 . 2010-02-20 11:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-20 10:47 . 2010-02-20 10:47 673048 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{99A4332B-CE58-E2BF-3A58-B117060D403E}-iexplore.exe 2010-02-20 10:35 . 2010-02-21 13:59 -------- d-----w- c:\users\Tim\AppData\Local\Adobe 2010-02-19 15:43 . 2010-02-19 15:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-02-19 15:43 . 2010-02-19 16:29 -------- d-----w- c:\users\Tim\AppData\Roaming\SUPERAntiSpyware.com 2010-02-19 15:36 . 2010-02-20 19:04 -------- d-----w- c:\users\Tim\AppData\Local\Apple Computer 2010-02-19 15:25 . 2010-02-19 15:29 -------- d-----w- c:\users\Tim\AppData\Roaming\GrabIt 2010-02-19 15:22 . 2010-02-19 15:23 -------- d-----w- c:\users\Tim\AppData\Local\Alt.Binz 2010-02-19 12:54 . 2010-02-19 12:54 388096 ----a-r- c:\users\Tim\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-02-19 12:54 . 2010-02-19 12:54 -------- d-----w- c:\program files\TrendMicro 2010-02-19 12:41 . 2010-02-19 12:41 673048 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{831629CF-3090-4928-3965-D29829C159E9}-iexplore.exe 2010-02-18 10:15 . 2010-02-18 10:16 23208 ----a-w- c:\windows\hpqins15.dat 2010-02-17 13:13 . 2010-02-17 13:15 -------- d-----w- c:\program files\FTDv3.8 2010-02-16 19:43 . 2010-02-16 19:54 47360 ----a-w- c:\users\Tim\AppData\Roaming\pcouffin.sys 2010-02-16 19:43 . 2010-02-16 19:43 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-02-16 19:43 . 2010-02-16 19:54 -------- d-----w- c:\users\Tim\AppData\Roaming\Vso 2010-02-14 23:39 . 2010-02-14 23:39 -------- d-----w- c:\program files\PowerISO 2010-02-14 23:07 . 2010-02-21 14:24 -------- d-----w- c:\users\Tim\Tracing 2010-02-14 21:26 . 2010-02-14 21:27 -------- d-----w- c:\users\Tim\AppData\Roaming\Nero 2010-02-14 21:21 . 2010-02-14 21:24 -------- d-----w- c:\program files\Nero 2010-02-14 21:21 . 2010-02-14 21:23 -------- d-----w- c:\programdata\Nero 2010-02-14 21:21 . 2010-02-14 21:24 -------- d-----w- c:\program files\Common Files\Nero 2010-02-14 20:49 . 2010-02-14 20:49 -------- d-----w- c:\users\Tim\AppData\Roaming\Canneverbe Limited 2010-02-14 20:49 . 2010-02-14 20:49 -------- d-----w- c:\programdata\Canneverbe Limited 2010-02-14 11:55 . 2010-02-14 12:01 -------- d-----w- c:\users\Tim\AppData\Roaming\DAEMON Tools Pro 2010-02-14 11:55 . 2010-02-14 12:00 -------- d-----w- c:\programdata\DAEMON Tools Pro 2010-02-14 11:43 . 2010-02-14 11:46 -------- d-----w- c:\program files\Your Uninstaller 2010 2010-02-14 10:54 . 2010-02-14 10:54 1955784 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{5339287C-37F4-9D0E-511B-937074C0162C}-FlashPlayerUpdate.exe 2010-02-10 09:08 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-02-10 09:08 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-02-10 09:08 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-02-10 09:08 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-02-10 09:08 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe 2010-02-10 09:08 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-02-09 10:47 . 2010-02-09 10:47 2326901 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{849AA657-ECD3-6F42-E659-0D9278C664E6}-aeheur.dll 2010-02-02 19:07 . 2010-02-02 19:07 -------- d-----w- c:\program files\iPod 2010-02-02 19:07 . 2010-02-02 19:08 -------- d-----w- c:\program files\iTunes 2010-02-02 19:05 . 2010-02-02 19:05 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-01-29 00:17 . 2010-01-29 00:17 -------- d-----w- c:\program files\MSXML 4.0 2010-01-27 23:25 . 2010-01-27 23:25 -------- d-----w- c:\users\Tim\AppData\Local\vdownloader 2010-01-27 22:43 . 2009-11-06 09:17 1843 ------w- c:\windows\hpwmdl23.dat 2010-01-27 22:43 . 2009-10-16 05:56 966656 ----a-w- c:\windows\system32\hpwtiop4.dll 2010-01-27 22:43 . 2009-10-16 05:56 741376 ----a-w- c:\windows\system32\hpwwiax5.dll 2010-01-27 22:43 . 2009-10-16 05:55 271704 ----a-w- c:\windows\system32\hpzids01.dll 2010-01-27 22:43 . 2009-10-16 05:56 364544 ----a-w- c:\windows\system32\hppldcoi.dll 2010-01-27 22:43 . 2009-10-16 05:56 294912 ----a-w- c:\windows\system32\hpovst11.dll 2010-01-27 22:29 . 2010-02-20 13:20 -------- d-----w- c:\users\Tim\AppData\Local\QuickPar 2010-01-27 22:27 . 2010-02-18 13:16 -------- d-----w- c:\program files\QuickPar 2010-01-27 22:18 . 2010-01-27 23:14 -------- d-----w- c:\programdata\HP 2010-01-27 21:30 . 2010-01-27 21:30 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-01-27 11:01 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe 2010-01-27 11:01 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-21 15:49 . 2009-11-28 14:21 -------- d-----w- c:\programdata\NVIDIA 2010-02-20 12:20 . 2009-08-26 08:52 691490 ----a-w- c:\windows\system32\perfh013.dat 2010-02-20 12:20 . 2009-08-26 08:52 130026 ----a-w- c:\windows\system32\perfc013.dat 2010-02-20 12:16 . 2009-11-27 22:08 -------- d-----w- c:\users\Tim\AppData\Roaming\uTorrent 2010-02-19 16:29 . 2009-11-27 15:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-02-18 12:25 . 2010-01-27 22:59 -------- d-----w- c:\program files\Common Files\eBay 2010-02-16 19:03 . 2009-11-28 18:40 142504 ---ha-w- c:\windows\system32\mlfcache.dat 2010-02-14 20:07 . 2009-12-02 18:48 -------- d-----w- c:\programdata\DVD Shrink 2010-02-14 12:13 . 2009-11-27 22:31 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-14 12:11 . 2009-11-28 16:01 -------- d-----w- c:\programdata\CyberLink 2010-02-14 12:07 . 2009-11-27 23:05 -------- d-----w- c:\program files\Teach2000 2010-02-14 12:06 . 2009-11-28 15:57 53319 ----a-w- c:\programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe 2010-02-12 15:21 . 2009-11-28 15:37 319280 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\uTorrent.exe 2010-02-10 10:39 . 2009-11-28 15:19 -------- d-----w- c:\programdata\Microsoft Help 2010-02-04 15:10 . 2009-11-27 23:02 -------- d-----w- c:\program files\Google 2010-02-02 19:07 . 2009-11-27 15:55 -------- d-----w- c:\program files\Common Files\Apple 2010-02-01 11:10 . 2009-11-27 22:17 -------- d-----w- c:\users\Tim\AppData\Roaming\LimeWire 2010-01-27 23:23 . 2010-01-27 23:13 -------- d-----w- c:\users\Tim\AppData\Roaming\HP 2010-01-27 23:14 . 2010-01-27 22:43 250099 ----a-w- c:\windows\hpwins23.dat 2010-01-27 23:14 . 2010-01-27 23:14 -------- d-----w- c:\programdata\WEBREG 2010-01-27 22:59 . 2010-01-27 22:59 -------- d-----w- c:\program files\VDOWNLOADER 2010-01-27 22:51 . 2009-11-27 15:19 110768 ----a-w- c:\users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT 2010-01-27 22:48 . 2010-01-27 22:44 -------- d-----w- c:\program files\HP 2010-01-27 22:47 . 2010-01-27 22:47 -------- d-----w- c:\programdata\HP Product Assistant 2010-01-27 22:45 . 2010-01-27 22:45 -------- d-----w- c:\program files\Common Files\HP 2010-01-27 22:45 . 2010-01-27 22:45 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-01-27 20:14 . 2009-11-27 15:43 -------- d-----w- c:\program files\Microsoft 2010-01-21 09:18 . 2009-11-27 15:44 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-18 23:29 . 2010-02-10 09:09 365568 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-18 23:29 . 2010-02-10 09:09 369152 ----a-w- c:\windows\system32\secproc.dll 2010-01-18 11:05 . 2009-12-23 15:35 -------- d-----w- c:\users\Tim\AppData\Roaming\BSplayer 2010-01-18 11:04 . 2009-12-23 15:35 -------- d-----w- c:\program files\BSplayer 2010-01-14 10:12 . 2009-11-27 15:20 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-08 03:18 . 2010-02-10 09:09 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-01-08 03:17 . 2010-02-10 09:09 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-29 21:36 . 2009-12-01 16:16 -------- d-----w- c:\program files\LimeWire 2009-12-25 19:02 . 2009-11-27 15:41 923456 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-08 11:40 . 2010-02-10 09:09 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 11:40 . 2010-02-10 09:09 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 11:32 . 2010-02-10 09:09 292864 ----a-w- c:\windows\system32\apphelp.dll 2009-12-08 08:05 . 2010-02-10 09:09 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-08 08:05 . 2010-02-10 09:09 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-07 17:42 . 2009-11-27 15:33 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-04 17:26 . 2009-12-23 16:59 297376 ----a-w- c:\windows\system32\FMAPO.dll 2009-12-04 14:43 . 2009-12-23 16:59 132368 ----a-w- c:\windows\system32\MaxxAudioAPO.dll 2009-12-01 18:02 . 2009-12-01 18:02 10134 ----a-r- c:\users\Tim\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-11-28 16:19 . 2009-11-28 16:20 53319 ----a-w- c:\programdata\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe 2009-11-28 15:56 . 2009-11-28 15:58 29480 ----a-w- c:\windows\system32\msxml3a.dll 2009-11-28 15:56 . 2009-11-28 15:58 505128 ----a-w- c:\windows\system32\msvcp71.dll 2009-11-28 15:56 . 2009-11-28 15:58 353576 ----a-w- c:\windows\system32\msvcr71.dll 2009-11-28 13:03 . 2009-11-28 13:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-11-27 15:42 . 2009-11-27 15:42 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2009-11-24 16:40 . 2009-12-23 16:59 838176 ----a-w- c:\windows\RtlExUpd.dll 2009-11-24 08:55 . 2009-12-23 16:59 345328 ----a-w- c:\windows\system32\SRSTSXT.dll 2009-11-24 08:55 . 2009-12-23 16:59 185584 ----a-w- c:\windows\system32\SRSTSHD.dll 2009-11-24 08:55 . 2009-12-23 16:59 173296 ----a-w- c:\windows\system32\SRSHP360.dll 2009-11-24 08:55 . 2009-12-23 16:59 140528 ----a-w- c:\windows\system32\SRSWOW.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-10 8120864] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608] c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-27 813584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "LocalAccountTokenFilterPolicy"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14-7-2009 0:52 48128] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27-11-2009 16:33 108289] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [20-11-2009 19:17 240232] R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;c:\windows\System32\drivers\RTL85n86.sys [10-6-2009 22:18 311808] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [28-9-2009 9:22 315392] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [28-11-2009 14:03 691696] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28-11-2009 0:02 135664] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15-8-2008 5:46 284016] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [10-6-2009 22:18 48128] S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\System32\drivers\WSDPrint.sys [14-7-2009 1:18 17920] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map 2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 23:02] 2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 23:02] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.msn.nl/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 Trusted Zone: han.nl . - - - - ORPHANS VERWIJDERD - - - - Toolbar-Locked - (no file) HKCU-Run-WindowsNT Service - WindowsNT Service.exe HKLM-Run-WindowsNT Service - WindowsNT Service.exe AddRemove-SystemRequirementsLab - c:\program files\SystemRequirementsLab\Uninstall.exe AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2010-02-21 17:00:05 ComboFix-quarantined-files.txt 2010-02-21 16:00 Pre-Run: 58.529.566.720 bytes beschikbaar Post-Run: 58.305.277.952 bytes beschikbaar - - End Of File - - C4E185E50D3BA4167B3948D59B806F15
  • Hallo Tim - Superantispyware heb je ook gedeïnstalleerd? Er is in ieder geval in C:\Program Files nog een map aanwezig! Nu Combofix zijn werk gedaan heeft, krijg je nu nog steeds de melding?
  • Ik krijg nu niet meer de melding. Die map waar jij het over hebt is voor mij niet zichtbaar ?, Wel heb ik een paar mappen erbij gekregen in C:\. Kan ik deze verwijderen? Maar bedankt voor het oplossen van mijn probleem, heel erg bedankt!
  • Die mappen behoren bij Combofix, die mag je verwijderen, ook wat op je bureaublad staat! maar fijn, dat je weer normaal met je PC verder kan en dat graag gedaan.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.