Vraag & Antwoord

16 antwoorden

Goedendag,

Ik heb iets vreemds op mn harde schijven en usb sticks staan.

ik had laatst me usb stick in mn computer gedaan en ik dubbelklikte er op in deze computer, er gebeurde echter niets.
Ik kom er wel gewoon op als ik de stationsletter ervan intyp (F
En daar zag ik dat er 2 "onzichtbare" bestandjes op staan die ik er zelf nooit had op gezet. AutoRun.inf en SYSTEM.exe
Als ik ze er van verwijder staan ze er de volgende keer gewoon weer op.

Het staat op mn vaste hardeschijven, mn usb sticks en mn externe harde schijven.

Kan iemand me hier van af helpen?

Grtzz,

Anoniem 13 januari 2009 21:55

Volgens google is het een virus. Scan eens met je virusscanner en/of plaats een hijackthis log.

Anoniem 14 januari 2009 13:26

Stop je usb stick niet meer in ander mans ze computer.
Stop hem nu in je eigen computer en plaats dan een hijackthis log.

Anoniem 14 januari 2009 15:12

ik heb geen virus scanner op mn pc ben ik bang

hier is een hijack this logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:17, on 14-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\calc.exe
C:\program files\internet explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8 .lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Windows_system - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\SYSTEM.exe

–
End of file - 7658 bytes

Anoniem 14 januari 2009 17:20

Start hijackthis en kies voor 'do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:b1a25cf334]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:b1a25cf334]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Ga nu naar Start -> Uitvoeren
Typ hier dit commando in: [b:b1a25cf334]sc stop Windows_system[/b:b1a25cf334] en druk op OK.
Herhaal dit met dit commando:[b:b1a25cf334]sc delete Windows_system[/b:b1a25cf334].

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

* Download Java Runtime Environment (JRE) 6u11 (mirror) en bewaar het naar je Bureaublad.
* Sluit alle programma's die eventueel open zijn - Zeker je web browser!
* Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
* Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
* Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
* Herhaal dit tot alle oudere versies verdwenen zijn.
* Na het verwijderen van alle oudere versies, herstart je pc.
* Dubbelklik vervolgens op jre-6u11-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download [b:b1a25cf334] en sla het op je bureaublad op.
Dubbelklik op [b:b1a25cf334]mbam-setup.exe[/b:b1a25cf334] om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:[list:b1a25cf334]
[*:b1a25cf334]Update MalwareBytes' Anti-Malware
[*:b1a25cf334]Start MalwareBytes' Anti-Malware
[/list:u:b1a25cf334]Klik daarna op "[b:b1a25cf334]Voltooien[/b:b1a25cf334]".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:b1a25cf334]
[*:b1a25cf334]Zodra het programma gestart is, ga dan naar het tabblad "[b:b1a25cf334]Instellingen[/b:b1a25cf334]".
[*:b1a25cf334]Vink hier aan: "[b:b1a25cf334]Sluit Internet Explorer tijdens verwijdering van malware[/b:b1a25cf334]".
[*:b1a25cf334]Ga daarna naar het tabblad "[b:b1a25cf334]Scanner[/b:b1a25cf334]", kies hier voor "[b:b1a25cf334]Snelle Scan[/b:b1a25cf334]".
[*:b1a25cf334]Druk vervolgens op "[b:b1a25cf334]Scannen[/b:b1a25cf334]" om de scan te starten.
[*:b1a25cf334]Het scannen kan een tijdje duren, dus wees geduldig.

[*:b1a25cf334]Wanneer de scan voltooid is, klik op [b:b1a25cf334]OK[/b:b1a25cf334], daarna "[b:b1a25cf334]Bekijk Resultaten[/b:b1a25cf334]" om de resultaten te zien.
[*:b1a25cf334]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:b1a25cf334]Verwijder geselecteerde[/b:b1a25cf334]".
[*:b1a25cf334]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[/list:u:b1a25cf334]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:b1a25cf334]Logs[/b:b1a25cf334]" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis

Anoniem 14 januari 2009 17:36

heb voor de gein maar een volledige scan gedaan
hier het log filetje:

Malwarebytes' Anti-Malware 1.32
Database versie: 1653
Windows 5.1.2600 Service Pack 3

14-1-2009 20:55:01
mbam-log-2009-01-14 (20-55-01).txt

Scan type: Volledige Scan (C:\|D:\|F:\|)
Objecten gescand: 97188
Verstreken tijd: 22 minute(s), 25 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

en die van hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:13, on 14-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\calc.exe
C:\program files\internet explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8 .lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Windows_system - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\SYSTEM.exe

–
End of file - 7844 bytes

ik had me usbstick er in zitten tijdens het scannen, de 2 bestandjes staan er nog wel op, kan ik die er nu van af halen?
en ik heb nog 3 andere xp installaties waar het op staat, hoe kan ik die weer cleanen? of moet ik per installatie ff een logfile maken?

Anoniem 14 januari 2009 19:58

ik heb trouwens geprobeerd om er een oude usb stick in te doen die ik al in geen maanden meer gebruikt heb en waar die bestandjes dus zeker niet op kunnen staan, alleen zet de computer de bestandjes daar ook op dus er zit toch nogsteeds iets niet helemaal lekker

Anoniem 14 januari 2009 22:22

Dat klopt sound, die oude usb stick cleanen we later wel.
Volg gewoon nauwkeurig mijn instructies, zo worden en de usb-sticks en deze xp installatie geschoond.

Daarna gaan we de andere installaties af, ik verzeker je dat ik bekend ben met jouw probleem en dat ik weet hoe ik het kan oplossen :wink:

Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje.

Anoniem 15 januari 2009 13:30

hierbij het logje:

ComboFix 09-01-13.04 - Marc 2009-01-15 19:48:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.684 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

——-\Legacy_WINDOWS_SYSTEM
——-\Service_Windows_system

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-15 to 2009-01-15 ))))))))))))))))))))))))))))))
.

2009-01-14 20:24 . 2009-01-14 20:24 <DIR> d——– c:\documents and settings\Marc\Application Data\Malwarebytes
2008-12-26 10:58 . 2009-01-04 16:45 <DIR> d——– c:\documents and settings\Marc\Application Data\dvdcss

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 08:59 ——— d—–w c:\program files\Eee Storage
2009-07-08 08:56 ——— d—–w c:\program files\InterVideo
2009-07-08 08:42 ——— d—–w c:\program files\Common Files\InterVideo
2009-07-08 08:37 ——— d—–w c:\program files\Skype
2009-07-08 08:37 ——— d—–w c:\program files\Common Files\Skype
2009-07-08 08:37 ——— d—–w c:\documents and settings\All Users\Application Data\Skype
2009-07-08 08:32 ——— d—–w c:\program files\Sun
2009-07-08 08:30 ——— d—–w c:\program files\Asus
2009-07-08 08:27 ——— d—–w c:\program files\WIDCOMM
2009-07-08 08:26 ——— d—–w c:\program files\RALINK
2009-07-08 08:26 ——— d—–w c:\program files\EeePC
2009-07-08 08:25 ——— d—–w c:\program files\Elantech
2009-07-08 08:25 ——— d—–w c:\documents and settings\Marc\Application Data\InstallShield
2009-07-08 08:24 ——— d—–w c:\program files\Intel
2009-07-08 08:23 ——— d—–w c:\program files\Realtek
2009-07-08 08:22 315,392 —-a-w c:\windows\HideWin.exe
2009-07-08 08:08 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
2009-07-08 08:06 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-08 08:03 ——— d—–w c:\program files\Microsoft SQL Server Compact Edition
2009-07-08 07:46 ——— d—–w c:\program files\microsoft frontpage
2009-01-15 18:15 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-15 18:14 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-15 18:14 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 21:02 ——— d—–w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-14 21:00 ——— d—–w c:\program files\Lavasoft
2009-01-14 20:59 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
2009-01-14 19:24 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 19:24 ——— d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 19:19 ——— d—–w c:\program files\Java
2009-01-14 17:19 ——— d—–w c:\program files\Trend Micro
2009-01-14 17:16 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-07 16:39 ——— d—–w c:\program files\IrfanView
2009-01-04 17:38 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:38 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-01-03 17:26 ——— d—–w c:\program files\DAEMON Tools Lite
2008-12-25 13:14 ——— d—–w c:\program files\Google
2008-12-15 21:41 ——— d–h–w c:\program files\InstallShield Installation Information
2008-12-15 21:41 ——— d—–w c:\program files\Compulite
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2008-12-09 15:11 ——— d—–w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-09-03 18:21 46 —-a-w c:\documents and settings\Marc\Application Data\wklnhst.dat
2008-09-01 15:51 32 —-a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-05-07 14:34 15,523,560 —-a-w c:\program files\U1 Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-06-25 335872]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2005-03-31 180224]
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-07-08 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi4"= xgusb.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
–a—— 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Compulite\\Vector Pc\\Bin\\GcConsole.exe"=
"c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RT\\RTOffline.exe"=
"c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RT\\RTInt.exe"=
"c:\\Program Files\\Compulite\\Vector Pc\\Bin\\VectorPanel.exe"=
"c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RemotePanel.exe"=

R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-03-31 109184]
R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2008-09-02 120704]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2009-07-08 11264]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-05-21 25088]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-05-17 36864]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2005-03-31 39168]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-07-08 625024]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-18 33752]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2005-03-31 91392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{010af56c-7565-11dd-ac18-0015afeeb0f1}]
\Shell\Auto\command - F:\SYSTEM.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d5a4902-b7ec-11dd-ac82-0015afeeb0f1}]
\Shell\Auto\command - F:\
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa6936e9-7929-11dd-ac26-0015aff617aa}]
\Shell\Auto\command - H:\SYSTEM.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e40a4e32-d9aa-11dd-acbb-00221591f751}]
\Shell\Auto\command - F:\SYSTEM.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec5e01ce-e270-11dd-acd9-0015afeeb0f1}]
\Shell\Auto\command - G:\SYSTEM.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe
.
Inhoud van de 'Gedeelde Taken' map

2009-01-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 14:12]
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

.
——- Bijkomende Scan ——-
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\jnlb9vbz.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 19:53:02
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
———————— Andere Aktieve Processen ————————
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NDAS\System\ndassvc.exe
.
**************************************************************************
.
Voltooingstijd: 2009-01-15 19:55:19 - machine werd herstart
ComboFix-quarantined-files.txt 2009-01-15 18:55:16

Pre-Run: 33.099.788.288 bytes beschikbaar
Post-Run: 33,341,067,264 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

194 — E O F — 2009-01-14 17:16:43

Anoniem 15 januari 2009 18:56

ik heb me laptop gisteren moeten gebruiken met een externe schijf er aan en ditkeer zette hij die bestandjes er niet meer op dus iig tot zo ver super bedankt

Anoniem 17 januari 2009 17:37

Dat zou goed kunnen, maar de kans is nog groter dat het terugkomt als je er niet snel iets aan doet.

Doet dit:

Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.

Anoniem 17 januari 2009 18:24

ik heb gedaan wat je zei alleen toen hij opende stond er dat er een nieuwere versie beschikbaar was en die heb ik gedownload, maar heeft ie nu dat txt bestandje wel goed gedaan? hier iig het logje:

ComboFix 09-01-19.03 - Marc 2009-01-19 22:31:55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1015.660 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-19 to 2009-01-19 ))))))))))))))))))))))))))))))
.

2009-01-14 20:24 . 2009-01-14 20:24 <DIR> d——– c:\documents and settings\Marc\Application Data\Malwarebytes
2008-12-26 10:58 . 2009-01-04 16:45 <DIR> d——– c:\documents and settings\Marc\Application Data\dvdcss

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 08:59 ——— d—–w c:\program files\Eee Storage
2009-07-08 08:56 ——— d—–w c:\program files\InterVideo
2009-07-08 08:42 ——— d—–w c:\program files\Common Files\InterVideo
2009-07-08 08:37 ——— d—–w c:\program files\Skype
2009-07-08 08:37 ——— d—–w c:\program files\Common Files\Skype
2009-07-08 08:37 ——— d—–w c:\documents and settings\All Users\Application Data\Skype
2009-07-08 08:32 ——— d—–w c:\program files\Sun
2009-07-08 08:30 ——— d—–w c:\program files\Asus
2009-07-08 08:27 ——— d—–w c:\program files\WIDCOMM
2009-07-08 08:26 ——— d—–w c:\program files\RALINK
2009-07-08 08:26 ——— d—–w c:\program files\EeePC
2009-07-08 08:25 ——— d—–w c:\program files\Elantech
2009-07-08 08:25 ——— d—–w c:\documents and settings\Marc\Application Data\InstallShield
2009-07-08 08:24 ——— d—–w c:\program files\Intel
2009-07-08 08:23 ——— d—–w c:\program files\Realtek
2009-07-08 08:22 315,392 —-a-w c:\windows\HideWin.exe
2009-07-08 08:08 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
2009-07-08 08:06 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-08 08:03 ——— d—–w c:\program files\Microsoft SQL Server Compact Edition
2009-07-08 07:46 ——— d—–w c:\program files\microsoft frontpage
2009-01-19 21:04 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-16 06:18 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-16 06:17 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 21:02 ——— d—–w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-14 21:00 ——— d—–w c:\program files\Lavasoft
2009-01-14 20:59 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
2009-01-14 19:24 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 19:24 ——— d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 19:19 410,984 —-a-w c:\windows\system32\deploytk.dll
2009-01-14 19:19 ——— d—–w c:\program files\Java
2009-01-14 17:19 ——— d—–w c:\program files\Trend Micro
2009-01-14 17:16 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-07 16:39 ——— d—–w c:\program files\IrfanView
2009-01-04 17:38 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:38 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-01-03 17:26 ——— d—–w c:\program files\DAEMON Tools Lite
2008-12-25 13:14 ——— d—–w c:\program files\Google
2008-12-15 21:41 ——— d–h–w c:\program files\InstallShield Installation Information
2008-12-15 21:41 ——— d—–w c:\program files\Compulite
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2008-12-09 15:11 ——— d—–w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll
2008-09-03 18:21 46 —-a-w c:\documents and settings\Marc\Application Data\wklnhst.dat
2008-09-01 15:51 32 —-a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-05-07 14:34 15,523,560 —-a-w c:\program files\U1 Setup.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_19.54.16.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-15 18:46:31 53,098 —-a-w c:\windows\system32\perfc009.dat
+ 2009-01-19 21:07:57 53,098 —-a-w c:\windows\system32\perfc009.dat
- 2009-01-15 18:46:31 69,812 —-a-w c:\windows\system32\perfc013.dat
+ 2009-01-19 21:07:57 69,812 —-a-w c:\windows\system32\perfc013.dat
- 2009-01-15 18:46:31 380,684 —-a-w c:\windows\system32\perfh009.dat
+ 2009-01-19 21:07:57 380,684 —-a-w c:\windows\system32\perfh009.dat
- 2009-01-15 18:46:31 442,556 —-a-w c:\windows\system32\perfh013.dat
+ 2009-01-19 21:07:57 442,556 —-a-w c:\windows\system32\perfh013.dat
+ 2009-01-19 21:03:54 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_20c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-06-25 335872]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2005-03-31 180224]
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-07-08 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi4"= xgusb.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
–a—— 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Compulite\\Vector Pc\\Bin\\GcConsole.exe"=
"c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RT\\RTOffline.exe"=
"c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RT\\RTInt.exe"=
"c:\\Program Files\\Compulite\\Vector Pc\\Bin\\VectorPanel.exe"=
"c:\\Program Files\\Compulite\\Vector Pc\\Bin\\RemotePanel.exe"=

R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-03-31 109184]
R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2008-09-02 120704]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2009-07-08 11264]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-05-21 25088]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-05-17 36864]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2005-03-31 39168]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-18 33752]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2005-03-31 91392]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-07-08 625024]
.
Inhoud van de 'Gedeelde Taken' map

2009-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 14:12]
.
.
——- Bijkomende Scan ——-
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\jnlb9vbz.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 22:33:48
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-01-19 22:35:20
ComboFix-quarantined-files.txt 2009-01-19 21:35:17
ComboFix2.txt 2009-01-15 18:55:21

Pre-Run: 33.302.077.440 bytes beschikbaar
Post-Run: 33,319,723,008 bytes beschikbaar

163 — E O F — 2009-01-14 17:16:43

Anoniem 19 januari 2009 21:38

Hoe staat het met de problemen?

Anoniem 20 januari 2009 15:36

ik was net bezig met bluetooth en wou de instellingen daarvan openen, alleen dat gebeurde niet, toen wou ik de pc op stand-by zetten en ook dat gebeurde niet.
ook normaal afsluiten wou ie niet dus heb ik hem uitgezet door lang op de on-off knop te drukken, en nu hij opnieuw is opgestart kan ik wel gewoon bij de instellingen van bluetooth.

of heeft dat ergens anders mee te maken?

Anoniem 20 januari 2009 17:57

Het lijkt mij niet echt malware gerelateerd…
Het lijkt me het beste om een dagje(of 2) te wachten om te kijken of je weer symptomen van malware tegenkomt.
Als dit het geval is moet je dat hier zeggen.

Anoniem 20 januari 2009 18:01

okej is goed,
iig super bedankt

zal ik voor me andere computer een nieuw nderwerp starten of gaan we die hier achteraan plakken? ik kan echter vrijdag pas met die pc aan de gang omdat ik de komende dagen niet thuis ben.

Anoniem 20 januari 2009 22:31

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Vraag & Antwoord

autorun en system op al mn schijven?

Beantwoord deze vraag

Gerelateerde vragen

Registreren

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Bedankt!

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!