Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

autorun en system op al mn schijven?

Anoniem
Othuroyo
16 antwoorden
  • Goedendag,

    Ik heb iets vreemds op mn harde schijven en usb sticks staan.

    ik had laatst me usb stick in mn computer gedaan en ik dubbelklikte er op in deze computer, er gebeurde echter niets.
    Ik kom er wel gewoon op als ik de stationsletter ervan intyp (F:)
    En daar zag ik dat er 2 "onzichtbare" bestandjes op staan die ik er zelf nooit had op gezet. AutoRun.inf en SYSTEM.exe
    Als ik ze er van verwijder staan ze er de volgende keer gewoon weer op.

    Het staat op mn vaste hardeschijven, mn usb sticks en mn externe harde schijven.

    Kan iemand me hier van af helpen?

    Grtzz,
  • Volgens google is het een virus. Scan eens met je virusscanner en/of plaats een hijackthis log.
  • Stop je usb stick niet meer in ander mans ze computer.
    Stop hem nu in je eigen computer en plaats dan een hijackthis log.
  • ik heb geen virus scanner op mn pc ben ik bang

    hier is een hijack this logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:19:17, on 14-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\NDAS\System
    dasmgmt.exe
    C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\NDAS\System
    dassvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\calc.exe
    C:\program files\internet explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
    O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
    O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: StarOffice 8 .lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System
    dasmgmt.exe
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3
    esources/MSNPUpld.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O23 - Service: Windows_system - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\SYSTEM.exe


    End of file - 7658 bytes




  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:b1a25cf334]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:b1a25cf334]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Ga nu naar Start -> Uitvoeren
    Typ hier dit commando in: [b:b1a25cf334]sc stop Windows_system[/b:b1a25cf334] en druk op OK.
    Herhaal dit met dit commando:[b:b1a25cf334]sc delete Windows_system[/b:b1a25cf334].


    Je Java software is verouderd.
    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

    * Download Java Runtime Environment (JRE) 6u11(mirror) en bewaar het naar je Bureaublad.
    * Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    * Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
    * Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    * Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
    * Herhaal dit tot alle oudere versies verdwenen zijn.
    * Na het verwijderen van alle oudere versies, herstart je pc.
    * Dubbelklik vervolgens op jre-6u11-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


    Download [b:b1a25cf334] en sla het op je bureaublad op.
    Dubbelklik op [b:b1a25cf334]mbam-setup.exe[/b:b1a25cf334] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:b1a25cf334]
    [*:b1a25cf334]Update MalwareBytes' Anti-Malware
    [*:b1a25cf334]Start MalwareBytes' Anti-Malware
    [/list:u:b1a25cf334]Klik daarna op "[b:b1a25cf334]Voltooien[/b:b1a25cf334]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:b1a25cf334]
    [*:b1a25cf334]Zodra het programma gestart is, ga dan naar het tabblad "[b:b1a25cf334]Instellingen[/b:b1a25cf334]".
    [*:b1a25cf334]Vink hier aan: "[b:b1a25cf334]Sluit Internet Explorer tijdens verwijdering van malware[/b:b1a25cf334]".
    [*:b1a25cf334]Ga daarna naar het tabblad "[b:b1a25cf334]Scanner[/b:b1a25cf334]", kies hier voor "[b:b1a25cf334]Snelle Scan[/b:b1a25cf334]".
    [*:b1a25cf334]Druk vervolgens op "[b:b1a25cf334]Scannen[/b:b1a25cf334]" om de scan te starten.
    [*:b1a25cf334]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:b1a25cf334]Wanneer de scan voltooid is, klik op [b:b1a25cf334]OK[/b:b1a25cf334], daarna "[b:b1a25cf334]Bekijk Resultaten[/b:b1a25cf334]" om de resultaten te zien.
    [*:b1a25cf334]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:b1a25cf334]Verwijder geselecteerde[/b:b1a25cf334]".
    [*:b1a25cf334]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:b1a25cf334]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:b1a25cf334]Logs[/b:b1a25cf334]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis

  • heb voor de gein maar een volledige scan gedaan
    hier het log filetje:

    Malwarebytes' Anti-Malware 1.32
    Database versie: 1653
    Windows 5.1.2600 Service Pack 3

    14-1-2009 20:55:01
    mbam-log-2009-01-14 (20-55-01).txt

    Scan type: Volledige Scan (C:\|D:\|F:\|)
    Objecten gescand: 97188
    Verstreken tijd: 22 minute(s), 25 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)



    en die van hijack this:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:57:13, on 14-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\NDAS\System
    dasmgmt.exe
    C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\NDAS\System
    dassvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\calc.exe
    C:\program files\internet explorer\IEXPLORE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
    O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
    O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: StarOffice 8 .lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System
    dasmgmt.exe
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3
    esources/MSNPUpld.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O23 - Service: Windows_system - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\SYSTEM.exe


    End of file - 7844 bytes

    ik had me usbstick er in zitten tijdens het scannen, de 2 bestandjes staan er nog wel op, kan ik die er nu van af halen?
    en ik heb nog 3 andere xp installaties waar het op staat, hoe kan ik die weer cleanen? of moet ik per installatie ff een logfile maken?




  • ik heb trouwens geprobeerd om er een oude usb stick in te doen die ik al in geen maanden meer gebruikt heb en waar die bestandjes dus zeker niet op kunnen staan, alleen zet de computer de bestandjes daar ook op dus er zit toch nogsteeds iets niet helemaal lekker
  • Dat klopt sound, die oude usb stick cleanen we later wel.
    Volg gewoon nauwkeurig mijn instructies, zo worden en de usb-sticks en deze xp installatie geschoond.

    Daarna gaan we de andere installaties af, ik verzeker je dat ik bekend ben met jouw probleem en dat ik weet hoe ik het kan oplossen :wink:

    Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
    Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
    Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje.
  • hierbij het logje:

    ComboFix 09-01-13.04 - Marc 2009-01-15 19:48:53.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.684 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_WINDOWS_SYSTEM
    ——-\Service_Windows_system


    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-15 to 2009-01-15 ))))))))))))))))))))))))))))))
    .

    2009-01-14 20:24 . 2009-01-14 20:24 <DIR> d——– c:\documents and settings\Marc\Application Data\Malwarebytes
    2008-12-26 10:58 . 2009-01-04 16:45 <DIR> d——– c:\documents and settings\Marc\Application Data\dvdcss

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-08 08:59 ——— d—–w c:\program files\Eee Storage
    2009-07-08 08:56 ——— d—–w c:\program files\InterVideo
    2009-07-08 08:42 ——— d—–w c:\program files\Common Files\InterVideo
    2009-07-08 08:37 ——— d—–w c:\program files\Skype
    2009-07-08 08:37 ——— d—–w c:\program files\Common Files\Skype
    2009-07-08 08:37 ——— d—–w c:\documents and settings\All Users\Application Data\Skype
    2009-07-08 08:32 ——— d—–w c:\program files\Sun
    2009-07-08 08:30 ——— d—–w c:\program files\Asus
    2009-07-08 08:27 ——— d—–w c:\program files\WIDCOMM
    2009-07-08 08:26 ——— d—–w c:\program files\RALINK
    2009-07-08 08:26 ——— d—–w c:\program files\EeePC
    2009-07-08 08:25 ——— d—–w c:\program files\Elantech
    2009-07-08 08:25 ——— d—–w c:\documents and settings\Marc\Application Data\InstallShield
    2009-07-08 08:24 ——— d—–w c:\program files\Intel
    2009-07-08 08:23 ——— d—–w c:\program files\Realtek
    2009-07-08 08:22 315,392 —-a-w c:\windows\HideWin.exe
    2009-07-08 08:08 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
    2009-07-08 08:06 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
    2009-07-08 08:03 ——— d—–w c:\program files\Microsoft SQL Server Compact Edition
    2009-07-08 07:46 ——— d—–w c:\program files\microsoft frontpage
    2009-01-15 18:15 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
    2009-01-15 18:14 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-15 18:14 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-14 21:02 ——— d—–w c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-14 21:00 ——— d—–w c:\program files\Lavasoft
    2009-01-14 20:59 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-01-14 19:24 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
    2009-01-14 19:24 ——— d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-14 19:19 ——— d—–w c:\program files\Java
    2009-01-14 17:19 ——— d—–w c:\program files\Trend Micro
    2009-01-14 17:16 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-07 16:39 ——— d—–w c:\program files\IrfanView
    2009-01-04 17:38 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-04 17:38 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-01-03 17:26 ——— d—–w c:\program files\DAEMON Tools Lite
    2008-12-25 13:14 ——— d—–w c:\program files\Google
    2008-12-15 21:41 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-15 21:41 ——— d—–w c:\program files\Compulite
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-09 15:11 ——— d—–w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2008-09-03 18:21 46 —-a-w c:\documents and settings\Marc\Application Data\wklnhst.dat
    2008-09-01 15:51 32 —-a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2008-05-07 14:34 15,523,560 —-a-w c:\program files\U1 Setup.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
    "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-06-25 335872]
    "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
    "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
    "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
    "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe]
    "SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584]
    NDAS Device Management.lnk - c:\program files\NDAS\System
    dasmgmt.exe [2005-03-31 180224]
    SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-07-08 303104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "midi4"= xgusb.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    –a—— 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\GcConsole.exe"=
    "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RT\\RTOffline.exe"=
    "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RT\\RTInt.exe"=
    "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\VectorPanel.exe"=
    "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RemotePanel.exe"=

    R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-03-31 109184]
    R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2008-09-02 120704]
    R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2009-07-08 11264]
    R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-05-21 25088]
    R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-05-17 36864]
    R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers
    dasbus.sys [2005-03-31 39168]
    R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-07-08 625024]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-18 33752]
    S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers
    dasscsi.sys [2005-03-31 91392]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{010af56c-7565-11dd-ac18-0015afeeb0f1}]
    \Shell\Auto\command - F:\SYSTEM.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d5a4902-b7ec-11dd-ac82-0015afeeb0f1}]
    \Shell\Auto\command - F:\
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa6936e9-7929-11dd-ac26-0015aff617aa}]
    \Shell\Auto\command - H:\SYSTEM.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e40a4e32-d9aa-11dd-acbb-00221591f751}]
    \Shell\Auto\command - F:\SYSTEM.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec5e01ce-e270-11dd-acd9-0015afeeb0f1}]
    \Shell\Auto\command - G:\SYSTEM.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-15 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 14:12]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\jnlb9vbz.default\
    FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352
    pCIDetect13.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-15 19:53:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\igfxext.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\NDAS\System
    dassvc.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-01-15 19:55:19 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-01-15 18:55:16

    Pre-Run: 33.099.788.288 bytes beschikbaar
    Post-Run: 33,341,067,264 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    194 — E O F — 2009-01-14 17:16:43




  • ik heb me laptop gisteren moeten gebruiken met een externe schijf er aan en ditkeer zette hij die bestandjes er niet meer op dus iig tot zo ver super bedankt :)
  • Dat zou goed kunnen, maar de kans is nog groter dat het terugkomt als je er niet snel iets aan doet.

    Doet dit:

    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • ik heb gedaan wat je zei alleen toen hij opende stond er dat er een nieuwere versie beschikbaar was en die heb ik gedownload, maar heeft ie nu dat txt bestandje wel goed gedaan? hier iig het logje:


    ComboFix 09-01-19.03 - Marc 2009-01-19 22:31:55.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1015.660 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-19 to 2009-01-19 ))))))))))))))))))))))))))))))
    .

    2009-01-14 20:24 . 2009-01-14 20:24 <DIR> d——– c:\documents and settings\Marc\Application Data\Malwarebytes
    2008-12-26 10:58 . 2009-01-04 16:45 <DIR> d——– c:\documents and settings\Marc\Application Data\dvdcss

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-08 08:59 ——— d—–w c:\program files\Eee Storage
    2009-07-08 08:56 ——— d—–w c:\program files\InterVideo
    2009-07-08 08:42 ——— d—–w c:\program files\Common Files\InterVideo
    2009-07-08 08:37 ——— d—–w c:\program files\Skype
    2009-07-08 08:37 ——— d—–w c:\program files\Common Files\Skype
    2009-07-08 08:37 ——— d—–w c:\documents and settings\All Users\Application Data\Skype
    2009-07-08 08:32 ——— d—–w c:\program files\Sun
    2009-07-08 08:30 ——— d—–w c:\program files\Asus
    2009-07-08 08:27 ——— d—–w c:\program files\WIDCOMM
    2009-07-08 08:26 ——— d—–w c:\program files\RALINK
    2009-07-08 08:26 ——— d—–w c:\program files\EeePC
    2009-07-08 08:25 ——— d—–w c:\program files\Elantech
    2009-07-08 08:25 ——— d—–w c:\documents and settings\Marc\Application Data\InstallShield
    2009-07-08 08:24 ——— d—–w c:\program files\Intel
    2009-07-08 08:23 ——— d—–w c:\program files\Realtek
    2009-07-08 08:22 315,392 —-a-w c:\windows\HideWin.exe
    2009-07-08 08:08 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
    2009-07-08 08:06 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
    2009-07-08 08:03 ——— d—–w c:\program files\Microsoft SQL Server Compact Edition
    2009-07-08 07:46 ——— d—–w c:\program files\microsoft frontpage
    2009-01-19 21:04 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
    2009-01-16 06:18 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-16 06:17 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-14 21:02 ——— d—–w c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-14 21:00 ——— d—–w c:\program files\Lavasoft
    2009-01-14 20:59 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-01-14 19:24 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
    2009-01-14 19:24 ——— d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-14 19:19 410,984 —-a-w c:\windows\system32\deploytk.dll
    2009-01-14 19:19 ——— d—–w c:\program files\Java
    2009-01-14 17:19 ——— d—–w c:\program files\Trend Micro
    2009-01-14 17:16 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-07 16:39 ——— d—–w c:\program files\IrfanView
    2009-01-04 17:38 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-04 17:38 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-01-03 17:26 ——— d—–w c:\program files\DAEMON Tools Lite
    2008-12-25 13:14 ——— d—–w c:\program files\Google
    2008-12-15 21:41 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-15 21:41 ——— d—–w c:\program files\Compulite
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-09 15:11 ——— d—–w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll
    2008-09-03 18:21 46 —-a-w c:\documents and settings\Marc\Application Data\wklnhst.dat
    2008-09-01 15:51 32 —-a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2008-05-07 14:34 15,523,560 —-a-w c:\program files\U1 Setup.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-15_19.54.16.39 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-15 18:46:31 53,098 —-a-w c:\windows\system32\perfc009.dat
    + 2009-01-19 21:07:57 53,098 —-a-w c:\windows\system32\perfc009.dat
    - 2009-01-15 18:46:31 69,812 —-a-w c:\windows\system32\perfc013.dat
    + 2009-01-19 21:07:57 69,812 —-a-w c:\windows\system32\perfc013.dat
    - 2009-01-15 18:46:31 380,684 —-a-w c:\windows\system32\perfh009.dat
    + 2009-01-19 21:07:57 380,684 —-a-w c:\windows\system32\perfh009.dat
    - 2009-01-15 18:46:31 442,556 —-a-w c:\windows\system32\perfh013.dat
    + 2009-01-19 21:07:57 442,556 —-a-w c:\windows\system32\perfh013.dat
    + 2009-01-19 21:03:54 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_20c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
    "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-06-25 335872]
    "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
    "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
    "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
    "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe]
    "SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584]
    NDAS Device Management.lnk - c:\program files\NDAS\System
    dasmgmt.exe [2005-03-31 180224]
    SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-07-08 303104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "midi4"= xgusb.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    –a—— 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\GcConsole.exe"=
    "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RT\\RTOffline.exe"=
    "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RT\\RTInt.exe"=
    "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\VectorPanel.exe"=
    "c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RemotePanel.exe"=

    R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-03-31 109184]
    R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2008-09-02 120704]
    R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2009-07-08 11264]
    R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-05-21 25088]
    R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-05-17 36864]
    R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers
    dasbus.sys [2005-03-31 39168]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-18 33752]
    S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers
    dasscsi.sys [2005-03-31 91392]
    S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-07-08 625024]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-19 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 14:12]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\jnlb9vbz.default\
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-19 22:33:48
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Voltooingstijd: 2009-01-19 22:35:20
    ComboFix-quarantined-files.txt 2009-01-19 21:35:17
    ComboFix2.txt 2009-01-15 18:55:21

    Pre-Run: 33.302.077.440 bytes beschikbaar
    Post-Run: 33,319,723,008 bytes beschikbaar

    163 — E O F — 2009-01-14 17:16:43


  • Hoe staat het met de problemen?
  • ik was net bezig met bluetooth en wou de instellingen daarvan openen, alleen dat gebeurde niet, toen wou ik de pc op stand-by zetten en ook dat gebeurde niet.
    ook normaal afsluiten wou ie niet dus heb ik hem uitgezet door lang op de on-off knop te drukken, en nu hij opnieuw is opgestart kan ik wel gewoon bij de instellingen van bluetooth.

    of heeft dat ergens anders mee te maken?
  • Het lijkt mij niet echt malware gerelateerd…
    Het lijkt me het beste om een dagje(of 2) te wachten om te kijken of je weer symptomen van malware tegenkomt.
    Als dit het geval is moet je dat hier zeggen.
  • okej is goed,
    iig super bedankt

    zal ik voor me andere computer een nieuw nderwerp starten of gaan we die hier achteraan plakken? ik kan echter vrijdag pas met die pc aan de gang omdat ik de komende dagen niet thuis ben.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.