Vraag & Antwoord

11 antwoorden

Hallo

Hieronder een hijackthis logje van een besmette computer. Ik heb zelf spybot s&d en malwarebytes antimalware gedraaid, en ook ATF cleaner. Logje is daarna gemaakt.

Alvast bedankt voor de hulp!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:05, on 29/01/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Norman\Nvc\bin
vcoas.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\PROGRA~1\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Administrator\Bureaublad\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0413/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0413/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0413/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Xerox\EReg\EReg.exe" /Startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224160698828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224160772109
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E620B5B-F66E-419E-9380-1BA45E194EF4}: NameServer = 194.7.1.4
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin
vcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

–
End of file - 9405 bytes

Anoniem 30 januari 2009 11:51

Zou je de nieuwste updates van windowsupdate.com willen ophalen?
Je hebt internet explorer 6 en service pack 1, dat is niet echt veilig.

Start hijackthis en kies voor 'do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:0f4bf6ee71]O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Xerox\EReg\EReg.exe"/Startup [/b:0f4bf6ee71]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

[b:0f4bf6ee71]@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Xerox\EReg\EReg.exe) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
ECHO.
ECHO Deleting folders>>log.txt
FOR %%I in (
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Xerox" DO (
IF EXIST %%I (
RD /S /Q %%I
IF EXIST %%I (
ECHO %%I not deleted>>log.txt
) ELSE (
ECHO %%I deleted>>log.txt)
) ELSE (
ECHO %%I not found>>log.txt))
START NOTEPAD.EXE log.txt[/b:0f4bf6ee71]

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[b:0f4bf6ee71]

Anoniem 30 januari 2009 15:53

Ok, alles gedaan zoals gezegd, ziehier de logbestandjes.

[b:ea80d0bb63]Del.bat log[/b:ea80d0bb63]
———————————————————————————
Deleting files
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Xerox\EReg\EReg.exe not found
Deleting folders
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Xerox" deleted
———————————————————————————

[b:ea80d0bb63]Combofix log[/b:ea80d0bb63]
———————————————————————————
ComboFix 09-02-03.01 - Administrator 2009-02-03 11:53:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.187 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning disabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\comrepl.exe
c:\windows\system32\winspool.dll
e:\recycler\.DS_Store

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))))
.

2009-02-02 17:19 . 2009-02-02 17:19 <DIR> d——– c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-02 17:14 . 2009-02-02 17:14 <DIR> d——– c:\program files\MSXML 4.0
2009-02-02 17:06 . 2008-10-16 21:33 6,066,176 ——— c:\windows\system32\dllcache\ieframe.dll
2009-02-02 17:06 . 2007-04-17 10:32 2,455,488 ——— c:\windows\system32\dllcache\ieapfltr.dat
2009-02-02 17:06 . 2007-03-08 06:11 1,032,192 ——— c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-02 17:06 . 2008-10-16 21:33 459,264 ——— c:\windows\system32\dllcache\msfeeds.dll
2009-02-02 17:06 . 2008-10-16 21:33 383,488 ——— c:\windows\system32\dllcache\ieapfltr.dll
2009-02-02 17:06 . 2008-10-16 21:33 267,776 ——— c:\windows\system32\dllcache\iertutil.dll
2009-02-02 17:06 . 2008-10-16 21:33 63,488 ——— c:\windows\system32\dllcache\icardie.dll
2009-02-02 17:06 . 2008-10-16 21:33 52,224 ——— c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-02 17:06 . 2008-10-16 14:11 13,824 ——— c:\windows\system32\dllcache\ieudinit.exe
2009-02-02 16:06 . 2009-02-02 17:06 <DIR> d——– c:\windows\system32
l-nl
2009-02-02 16:06 . 2009-02-02 16:06 <DIR> d——– c:\windows\system32
l
2009-02-02 16:06 . 2009-02-02 16:06 <DIR> d——– c:\windows\l2schemas
2009-02-02 15:46 . 2008-09-10 02:16 1,307,648 –a—— c:\windows\system32\msxml6.dll
2009-02-02 15:45 . 2008-04-14 18:03 695,808 ——— c:\windows\system32\dllcache\drmv2clt.dll
2009-02-02 15:20 . 2008-06-14 18:36 272,640 ——— c:\windows\system32\dllcache\bthport.sys
2009-02-02 15:19 . 2008-08-14 14:27 2,193,536 ——— c:\windows\system32\dllcache
toskrnl.exe
2009-02-02 15:19 . 2008-08-14 14:27 2,149,888 ——— c:\windows\system32\dllcache
tkrnlmp.exe
2009-02-02 15:19 . 2008-08-14 14:27 2,070,400 ——— c:\windows\system32\dllcache
tkrnlpa.exe
2009-02-02 15:19 . 2008-08-14 14:27 2,028,544 ——— c:\windows\system32\dllcache
tkrpamp.exe
2009-02-02 15:19 . 2008-09-15 16:28 1,846,528 ——— c:\windows\system32\dllcache\win32k.sys
2009-02-02 15:18 . 2008-04-11 20:06 691,712 ——— c:\windows\system32\dllcache\inetcomm.dll
2009-02-02 15:18 . 2008-10-24 12:21 455,296 ——— c:\windows\system32\dllcache\mrxsmb.sys
2009-02-02 15:18 . 2008-12-11 11:57 333,952 ——— c:\windows\system32\dllcache\srv.sys
2009-02-02 15:18 . 2008-05-01 15:37 331,776 ——— c:\windows\system32\dllcache\msadce.dll
2009-02-02 15:18 . 2008-05-08 15:02 203,136 ——— c:\windows\system32\dllcache\rmcast.sys
2009-02-02 15:17 . 2008-09-04 18:17 1,106,944 ——— c:\windows\system32\dllcache\msxml3.dll
2009-02-02 15:17 . 2008-10-15 17:37 337,408 ——— c:\windows\system32\dllcache
etapi32.dll
2009-02-02 15:05 . 2009-02-02 15:05 <DIR> d——– c:\documents and settings\LocalService\Menu Start
2009-02-02 15:05 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
2009-02-02 15:05 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
2009-02-02 14:28 . 2008-04-14 18:02 221,184 –a—— c:\windows\system32\wmpns.dll
2009-02-02 14:27 . 2009-02-02 16:40 316,640 –a—— c:\windows\WMSysPr9.prx
2009-02-02 14:26 . 2009-02-02 14:26 <DIR> d——– c:\windows\provisioning
2009-02-02 14:26 . 2009-02-02 16:06 <DIR> d——– c:\windows\peernet
2009-02-02 14:22 . 2009-02-02 16:07 <DIR> d——– c:\windows\ServicePackFiles
2009-02-02 14:11 . 2009-02-02 16:07 <DIR> d——– c:\windows\EHome
2009-02-02 13:27 . 2002-04-15 21:11 67,866 ——— c:\windows\system32\drivers
etwlan5.img
2009-02-02 13:27 . 2008-04-14 22:33 11,264 ——— c:\windows\system32\spnpinst.exe
2009-02-02 13:27 . 2004-08-02 14:20 7,208 ——— c:\windows\system32\secupd.sig
2009-02-02 13:27 . 2004-08-02 14:20 4,569 ——— c:\windows\system32\secupd.dat
2009-02-02 12:41 . 2007-08-10 20:52 26,488 –a—— c:\windows\system32\spupdsvc.exe
2009-02-02 12:40 . 2009-02-02 16:06 <DIR> d——– c:\windows\system32\bits
2009-02-02 12:40 . 2009-02-03 10:15 <DIR> d–h—– c:\windows\$hf_mig$
2009-02-02 12:39 . 2008-04-14 18:02 354,304 –a—— c:\windows\system32\winhttp.dll
2009-02-02 12:39 . 2008-04-14 18:02 18,944 –a—— c:\windows\system32\qmgrprxy.dll
2009-02-02 12:39 . 2008-04-14 18:02 8,192 ——— c:\windows\system32\bitsprx2.dll
2009-02-02 12:39 . 2008-04-14 18:02 7,168 ——— c:\windows\system32\bitsprx3.dll
2009-02-02 12:33 . 2008-10-16 14:08 27,672 –a—— c:\windows\system32\wuapi.dll.mui
2009-01-29 12:21 . 2007-01-13 09:49 188,416 –a—— c:\windows\system32\igfxres.dll
2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\program files\Spybot - Search & Destroy
2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2009-01-28 17:12 . 2009-01-29 08:51 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-28 17:12 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-28 17:12 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2009-01-28 17:10 . 2009-01-28 17:10 64,160 –a—— c:\windows\system32\drivers\Lbd.sys
2009-01-28 17:09 . 2009-01-28 17:09 <DIR> d——– c:\program files\Lavasoft
2009-01-28 17:09 . 2009-01-28 17:09 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-28 17:09 . 2009-01-29 12:26 <DIR> d–h-c— c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-28 15:48 . 2009-01-28 15:48 <DIR> d——– c:\program files\Alwil Software
2009-01-28 13:57 . 2009-01-28 13:57 <DIR> d——– c:\program files\MonInfo
2009-01-28 10:49 . 2009-02-03 11:22 <DIR> d——– c:\program files\Mozilla Thunderbird
2009-01-28 10:49 . 2009-01-28 10:49 <DIR> d——– c:\documents and settings\Administrator\Application Data\Thunderbird
2009-01-28 10:49 . 2009-01-28 10:49 <DIR> d——– c:\documents and settings\Administrator\Application Data\Talkback
2009-01-28 10:49 . 2009-01-28 10:49 0 –a—— c:\windows
sreg.dat
2009-01-21 14:28 . 2009-01-21 14:28 <DIR> d——– c:\documents and settings\Administrator\Application Data\Xerox
2009-01-21 10:06 . 2009-01-21 10:06 <DIR> d——– c:\documents and settings\Administrator\Application Data\Thinstall

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 10:04 ——— d—–w c:\program files\Google
2009-01-21 09:05 ——— d—–w c:\program files\Common Files\Adobe
2008-12-31 16:04 691,560 —-a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 —-a-w c:\windows\system32\OGAVerify.exe
2008-12-31 16:04 502,120 —-a-w c:\windows\system32\OGAAddin.dll
2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2008-11-07 15:45 2,174,976 ——w c:\windows\system32\dllcache\WMVCore.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"MaxtorOneTouch"="c:\progra~1\Utils\OneTouch.exe" [2003-05-21 45056]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-28 509784]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-01-13 135168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2008-04-20 25214]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-08-29 6824264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-28 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-28 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-02 20560]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-08 33752]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sys [2007-04-24 227584]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
S3 X-Rite;X-Rite USB Service;c:\windows\system32\DRIVERS\XrUsb.sys –> c:\windows\system32\DRIVERS\XrUsb.sys [?]
.
Inhoud van de 'Gedeelde Taken' map

2009-02-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-02-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-01-30 c:\windows\Tasks\Schijfopruiming.job
- c:\windows\system32\cleanmgr.exe [2008-04-14 18:02]
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
SafeBoot-Lavasoft Ad-Aware Service

.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0413/bl8.asp
uInternet Connection Wizard,ShellNext = hxxp://go.compaq.com/1Q00CDT/0413/bl7.asp
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {8E620B5B-F66E-419E-9380-1BA45E194EF4} = 194.7.1.4
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 11:54:09
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-02-03 11:55:35
ComboFix-quarantined-files.txt 2009-02-03 10:55:32

Pre-Run: 12.703.260.672 bytes beschikbaar
Post-Run: 12,781,088,768 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
194
———————————————————————————

Anoniem 4 februari 2009 11:24

Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.

Anoniem 4 februari 2009 14:17

Gebeurd, hier de nieuwe log:

ComboFix 09-02-03.01 - Administrator 2009-02-03 15:07:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.194 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning disabled* (Updated)
* Nieuw herstelpunt werd aangemaakt

FILE ::
c:\windows
sreg.dat
c:\windows\system32\OGAAddin.dll
c:\windows\system32\OGACheckControl.dll
c:\windows\system32\OGAVerify.exe
c:\windows\WMSysPr9.prx
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\Xerox
c:\windows
sreg.dat
c:\windows\system32\OGAAddin.dll
c:\windows\system32\OGACheckControl.dll
c:\windows\system32\OGAVerify.exe
c:\windows\WMSysPr9.prx

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))))
.

2009-02-02 17:19 . 2009-02-02 17:19 <DIR> d——– c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-02 17:14 . 2009-02-02 17:14 <DIR> d——– c:\program files\MSXML 4.0
2009-02-02 17:06 . 2008-10-16 21:33 6,066,176 ——— c:\windows\system32\dllcache\ieframe.dll
2009-02-02 17:06 . 2007-04-17 10:32 2,455,488 ——— c:\windows\system32\dllcache\ieapfltr.dat
2009-02-02 17:06 . 2007-03-08 06:11 1,032,192 ——— c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-02 17:06 . 2008-10-16 21:33 459,264 ——— c:\windows\system32\dllcache\msfeeds.dll
2009-02-02 17:06 . 2008-10-16 21:33 383,488 ——— c:\windows\system32\dllcache\ieapfltr.dll
2009-02-02 17:06 . 2008-10-16 21:33 267,776 ——— c:\windows\system32\dllcache\iertutil.dll
2009-02-02 17:06 . 2008-10-16 21:33 63,488 ——— c:\windows\system32\dllcache\icardie.dll
2009-02-02 17:06 . 2008-10-16 21:33 52,224 ——— c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-02 17:06 . 2008-10-16 14:11 13,824 ——— c:\windows\system32\dllcache\ieudinit.exe
2009-02-02 16:06 . 2009-02-02 17:06 <DIR> d——– c:\windows\system32
l-nl
2009-02-02 16:06 . 2009-02-02 16:06 <DIR> d——– c:\windows\system32
l
2009-02-02 16:06 . 2009-02-02 16:06 <DIR> d——– c:\windows\l2schemas
2009-02-02 15:46 . 2008-09-10 02:16 1,307,648 –a—— c:\windows\system32\msxml6.dll
2009-02-02 15:45 . 2008-04-14 18:03 695,808 ——— c:\windows\system32\dllcache\drmv2clt.dll
2009-02-02 15:20 . 2008-06-14 18:36 272,640 ——— c:\windows\system32\dllcache\bthport.sys
2009-02-02 15:19 . 2008-08-14 14:27 2,193,536 ——— c:\windows\system32\dllcache
toskrnl.exe
2009-02-02 15:19 . 2008-08-14 14:27 2,149,888 ——— c:\windows\system32\dllcache
tkrnlmp.exe
2009-02-02 15:19 . 2008-08-14 14:27 2,070,400 ——— c:\windows\system32\dllcache
tkrnlpa.exe
2009-02-02 15:19 . 2008-08-14 14:27 2,028,544 ——— c:\windows\system32\dllcache
tkrpamp.exe
2009-02-02 15:19 . 2008-09-15 16:28 1,846,528 ——— c:\windows\system32\dllcache\win32k.sys
2009-02-02 15:18 . 2008-04-11 20:06 691,712 ——— c:\windows\system32\dllcache\inetcomm.dll
2009-02-02 15:18 . 2008-10-24 12:21 455,296 ——— c:\windows\system32\dllcache\mrxsmb.sys
2009-02-02 15:18 . 2008-12-11 11:57 333,952 ——— c:\windows\system32\dllcache\srv.sys
2009-02-02 15:18 . 2008-05-01 15:37 331,776 ——— c:\windows\system32\dllcache\msadce.dll
2009-02-02 15:18 . 2008-05-08 15:02 203,136 ——— c:\windows\system32\dllcache\rmcast.sys
2009-02-02 15:17 . 2008-09-04 18:17 1,106,944 ——— c:\windows\system32\dllcache\msxml3.dll
2009-02-02 15:17 . 2008-10-15 17:37 337,408 ——— c:\windows\system32\dllcache
etapi32.dll
2009-02-02 15:05 . 2009-02-02 15:05 <DIR> d——– c:\documents and settings\LocalService\Menu Start
2009-02-02 15:05 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
2009-02-02 15:05 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
2009-02-02 14:28 . 2008-04-14 18:02 221,184 –a—— c:\windows\system32\wmpns.dll
2009-02-02 14:26 . 2009-02-02 14:26 <DIR> d——– c:\windows\provisioning
2009-02-02 14:26 . 2009-02-02 16:06 <DIR> d——– c:\windows\peernet
2009-02-02 14:22 . 2009-02-02 16:07 <DIR> d——– c:\windows\ServicePackFiles
2009-02-02 14:11 . 2009-02-02 16:07 <DIR> d——– c:\windows\EHome
2009-02-02 13:27 . 2002-04-15 21:11 67,866 ——— c:\windows\system32\drivers
etwlan5.img
2009-02-02 13:27 . 2008-04-14 22:33 11,264 ——— c:\windows\system32\spnpinst.exe
2009-02-02 13:27 . 2004-08-02 14:20 7,208 ——— c:\windows\system32\secupd.sig
2009-02-02 13:27 . 2004-08-02 14:20 4,569 ——— c:\windows\system32\secupd.dat
2009-02-02 12:41 . 2007-08-10 20:52 26,488 –a—— c:\windows\system32\spupdsvc.exe
2009-02-02 12:40 . 2009-02-02 16:06 <DIR> d——– c:\windows\system32\bits
2009-02-02 12:40 . 2009-02-03 10:15 <DIR> d–h—– c:\windows\$hf_mig$
2009-02-02 12:39 . 2008-04-14 18:02 354,304 –a—— c:\windows\system32\winhttp.dll
2009-02-02 12:39 . 2008-04-14 18:02 18,944 –a—— c:\windows\system32\qmgrprxy.dll
2009-02-02 12:39 . 2008-04-14 18:02 8,192 ——— c:\windows\system32\bitsprx2.dll
2009-02-02 12:39 . 2008-04-14 18:02 7,168 ——— c:\windows\system32\bitsprx3.dll
2009-02-02 12:33 . 2008-10-16 14:08 27,672 –a—— c:\windows\system32\wuapi.dll.mui
2009-01-29 12:21 . 2007-01-13 09:49 188,416 –a—— c:\windows\system32\igfxres.dll
2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\program files\Spybot - Search & Destroy
2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2009-01-28 17:12 . 2009-01-29 08:51 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-28 17:12 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-28 17:12 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2009-01-28 17:09 . 2009-02-03 12:49 <DIR> d——– c:\program files\Lavasoft
2009-01-28 17:09 . 2009-02-03 12:49 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-28 15:48 . 2009-01-28 15:48 <DIR> d——– c:\program files\Alwil Software
2009-01-28 13:57 . 2009-01-28 13:57 <DIR> d——– c:\program files\MonInfo
2009-01-28 10:49 . 2009-02-03 15:04 <DIR> d——– c:\program files\Mozilla Thunderbird
2009-01-28 10:49 . 2009-01-28 10:49 <DIR> d——– c:\documents and settings\Administrator\Application Data\Thunderbird
2009-01-28 10:49 . 2009-01-28 10:49 <DIR> d——– c:\documents and settings\Administrator\Application Data\Talkback
2009-01-21 10:06 . 2009-01-21 10:06 <DIR> d——– c:\documents and settings\Administrator\Application Data\Thinstall

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 10:04 ——— d—–w c:\program files\Google
2009-01-21 09:05 ——— d—–w c:\program files\Common Files\Adobe
2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
2008-11-07 15:45 2,174,976 ——w c:\windows\system32\dllcache\WMVCore.dll
.

((((((((((((((((((((((((((((( snapshot@2009-02-03_11.54.43,23 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-03 10:10:55 53,608 —-a-w c:\windows\system32\perfc009.dat
+ 2009-02-03 13:34:03 53,608 —-a-w c:\windows\system32\perfc009.dat
- 2009-02-03 10:10:55 70,426 —-a-w c:\windows\system32\perfc013.dat
+ 2009-02-03 13:34:03 70,426 —-a-w c:\windows\system32\perfc013.dat
- 2009-02-03 10:10:55 383,254 —-a-w c:\windows\system32\perfh009.dat
+ 2009-02-03 13:34:03 383,254 —-a-w c:\windows\system32\perfh009.dat
- 2009-02-03 10:10:55 444,960 —-a-w c:\windows\system32\perfh013.dat
+ 2009-02-03 13:34:03 444,960 —-a-w c:\windows\system32\perfh013.dat
+ 2009-02-03 13:29:54 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_6d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"MaxtorOneTouch"="c:\progra~1\Utils\OneTouch.exe" [2003-05-21 45056]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-01-13 135168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2008-04-20 25214]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-08-29 6824264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-28 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-02 20560]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-08 33752]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sys [2007-04-24 227584]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
S3 X-Rite;X-Rite USB Service;c:\windows\system32\DRIVERS\XrUsb.sys –> c:\windows\system32\DRIVERS\XrUsb.sys [?]
.
Inhoud van de 'Gedeelde Taken' map

2009-02-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe []

2009-02-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe []

2009-01-30 c:\windows\Tasks\Schijfopruiming.job
- c:\windows\system32\cleanmgr.exe [2008-04-14 18:02]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0413/bl8.asp
uInternet Connection Wizard,ShellNext = hxxp://go.compaq.com/1Q00CDT/0413/bl7.asp
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {8E620B5B-F66E-419E-9380-1BA45E194EF4} = 194.7.1.4
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 15:09:37
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-02-03 15:11:05
ComboFix-quarantined-files.txt 2009-02-03 14:11:03
ComboFix2.txt 2009-02-03 10:55:36

Pre-Run: 12.911.980.544 bytes beschikbaar
Post-Run: 12,900,507,648 bytes beschikbaar

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
196

Anoniem 4 februari 2009 14:32

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op

ATF cleaner om het programma te starten.
Op het tabblad Main, plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:

Klik op tabblad Firefox, plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
(dit haalt het vinkje weer weg bij Firefox saved passwords)
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:

Klik op tabblad Opera, plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
Klik op de knop Empty Selected.
Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.

Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.

Anoniem 4 februari 2009 14:35

Ook gedaan, nieuwe log:

ComboFix 09-02-03.01 - Administrator 2009-02-03 15:54:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.177 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning disabled* (Updated)
* Nieuw herstelpunt werd aangemaakt

FILE ::
c:\windows\Temp\Perflib_Perfdata_6d8.dat
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Temp\Perflib_Perfdata_6d8.dat

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))))
.

2009-02-02 17:19 . 2009-02-02 17:19 <DIR> d——– c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-02 17:14 . 2009-02-02 17:14 <DIR> d——– c:\program files\MSXML 4.0
2009-02-02 17:06 . 2008-10-16 21:33 6,066,176 ——— c:\windows\system32\dllcache\ieframe.dll
2009-02-02 17:06 . 2007-04-17 10:32 2,455,488 ——— c:\windows\system32\dllcache\ieapfltr.dat
2009-02-02 17:06 . 2007-03-08 06:11 1,032,192 ——— c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-02 17:06 . 2008-10-16 21:33 459,264 ——— c:\windows\system32\dllcache\msfeeds.dll
2009-02-02 17:06 . 2008-10-16 21:33 383,488 ——— c:\windows\system32\dllcache\ieapfltr.dll
2009-02-02 17:06 . 2008-10-16 21:33 267,776 ——— c:\windows\system32\dllcache\iertutil.dll
2009-02-02 17:06 . 2008-10-16 21:33 63,488 ——— c:\windows\system32\dllcache\icardie.dll
2009-02-02 17:06 . 2008-10-16 21:33 52,224 ——— c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-02 17:06 . 2008-10-16 14:11 13,824 ——— c:\windows\system32\dllcache\ieudinit.exe
2009-02-02 16:06 . 2009-02-02 17:06 <DIR> d——– c:\windows\system32
l-nl
2009-02-02 16:06 . 2009-02-02 16:06 <DIR> d——– c:\windows\system32
l
2009-02-02 16:06 . 2009-02-02 16:06 <DIR> d——– c:\windows\l2schemas
2009-02-02 15:46 . 2008-09-10 02:16 1,307,648 –a—— c:\windows\system32\msxml6.dll
2009-02-02 15:45 . 2008-04-14 18:03 695,808 ——— c:\windows\system32\dllcache\drmv2clt.dll
2009-02-02 15:20 . 2008-06-14 18:36 272,640 ——— c:\windows\system32\dllcache\bthport.sys
2009-02-02 15:19 . 2008-08-14 14:27 2,193,536 ——— c:\windows\system32\dllcache
toskrnl.exe
2009-02-02 15:19 . 2008-08-14 14:27 2,149,888 ——— c:\windows\system32\dllcache
tkrnlmp.exe
2009-02-02 15:19 . 2008-08-14 14:27 2,070,400 ——— c:\windows\system32\dllcache
tkrnlpa.exe
2009-02-02 15:19 . 2008-08-14 14:27 2,028,544 ——— c:\windows\system32\dllcache
tkrpamp.exe
2009-02-02 15:19 . 2008-09-15 16:28 1,846,528 ——— c:\windows\system32\dllcache\win32k.sys
2009-02-02 15:18 . 2008-04-11 20:06 691,712 ——— c:\windows\system32\dllcache\inetcomm.dll
2009-02-02 15:18 . 2008-10-24 12:21 455,296 ——— c:\windows\system32\dllcache\mrxsmb.sys
2009-02-02 15:18 . 2008-12-11 11:57 333,952 ——— c:\windows\system32\dllcache\srv.sys
2009-02-02 15:18 . 2008-05-01 15:37 331,776 ——— c:\windows\system32\dllcache\msadce.dll
2009-02-02 15:18 . 2008-05-08 15:02 203,136 ——— c:\windows\system32\dllcache\rmcast.sys
2009-02-02 15:17 . 2008-09-04 18:17 1,106,944 ——— c:\windows\system32\dllcache\msxml3.dll
2009-02-02 15:17 . 2008-10-15 17:37 337,408 ——— c:\windows\system32\dllcache
etapi32.dll
2009-02-02 15:05 . 2009-02-02 15:05 <DIR> d——– c:\documents and settings\LocalService\Menu Start
2009-02-02 15:05 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
2009-02-02 15:05 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
2009-02-02 14:28 . 2008-04-14 18:02 221,184 –a—— c:\windows\system32\wmpns.dll
2009-02-02 14:26 . 2009-02-02 14:26 <DIR> d——– c:\windows\provisioning
2009-02-02 14:26 . 2009-02-02 16:06 <DIR> d——– c:\windows\peernet
2009-02-02 14:22 . 2009-02-02 16:07 <DIR> d——– c:\windows\ServicePackFiles
2009-02-02 14:11 . 2009-02-02 16:07 <DIR> d——– c:\windows\EHome
2009-02-02 13:27 . 2002-04-15 21:11 67,866 ——— c:\windows\system32\drivers
etwlan5.img
2009-02-02 13:27 . 2008-04-14 22:33 11,264 ——— c:\windows\system32\spnpinst.exe
2009-02-02 13:27 . 2004-08-02 14:20 7,208 ——— c:\windows\system32\secupd.sig
2009-02-02 13:27 . 2004-08-02 14:20 4,569 ——— c:\windows\system32\secupd.dat
2009-02-02 12:41 . 2007-08-10 20:52 26,488 –a—— c:\windows\system32\spupdsvc.exe
2009-02-02 12:40 . 2009-02-02 16:06 <DIR> d——– c:\windows\system32\bits
2009-02-02 12:40 . 2009-02-03 10:15 <DIR> d–h—– c:\windows\$hf_mig$
2009-02-02 12:39 . 2008-04-14 18:02 354,304 –a—— c:\windows\system32\winhttp.dll
2009-02-02 12:39 . 2008-04-14 18:02 18,944 –a—— c:\windows\system32\qmgrprxy.dll
2009-02-02 12:39 . 2008-04-14 18:02 8,192 ——— c:\windows\system32\bitsprx2.dll
2009-02-02 12:39 . 2008-04-14 18:02 7,168 ——— c:\windows\system32\bitsprx3.dll
2009-02-02 12:33 . 2008-10-16 14:08 27,672 –a—— c:\windows\system32\wuapi.dll.mui
2009-01-29 12:21 . 2007-01-13 09:49 188,416 –a—— c:\windows\system32\igfxres.dll
2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\program files\Spybot - Search & Destroy
2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2009-01-28 17:12 . 2009-01-29 08:51 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-28 17:12 . 2009-01-28 17:12 <DIR> d——– c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-28 17:12 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-28 17:12 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2009-01-28 17:09 . 2009-02-03 12:49 <DIR> d——– c:\program files\Lavasoft
2009-01-28 17:09 . 2009-02-03 12:49 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-28 15:48 . 2009-01-28 15:48 <DIR> d——– c:\program files\Alwil Software
2009-01-28 13:57 . 2009-01-28 13:57 <DIR> d——– c:\program files\MonInfo
2009-01-28 10:49 . 2009-02-03 15:51 <DIR> d——– c:\program files\Mozilla Thunderbird
2009-01-28 10:49 . 2009-01-28 10:49 <DIR> d——– c:\documents and settings\Administrator\Application Data\Thunderbird
2009-01-28 10:49 . 2009-01-28 10:49 <DIR> d——– c:\documents and settings\Administrator\Application Data\Talkback
2009-01-21 10:06 . 2009-01-21 10:06 <DIR> d——– c:\documents and settings\Administrator\Application Data\Thinstall

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 10:04 ——— d—–w c:\program files\Google
2009-01-21 09:05 ——— d—–w c:\program files\Common Files\Adobe
2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( snapshot@2009-02-03_11.54.43,23 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-03 10:10:55 53,608 —-a-w c:\windows\system32\perfc009.dat
+ 2009-02-03 13:34:03 53,608 —-a-w c:\windows\system32\perfc009.dat
- 2009-02-03 10:10:55 70,426 —-a-w c:\windows\system32\perfc013.dat
+ 2009-02-03 13:34:03 70,426 —-a-w c:\windows\system32\perfc013.dat
- 2009-02-03 10:10:55 383,254 —-a-w c:\windows\system32\perfh009.dat
+ 2009-02-03 13:34:03 383,254 —-a-w c:\windows\system32\perfh009.dat
- 2009-02-03 10:10:55 444,960 —-a-w c:\windows\system32\perfh013.dat
+ 2009-02-03 13:34:03 444,960 —-a-w c:\windows\system32\perfh013.dat
+ 2009-02-03 14:56:57 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_75c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"MaxtorOneTouch"="c:\progra~1\Utils\OneTouch.exe" [2003-05-21 45056]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-01-13 135168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2008-04-20 25214]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-08-29 6824264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-28 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-02 20560]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-08 33752]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sys [2007-04-24 227584]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
S3 X-Rite;X-Rite USB Service;c:\windows\system32\DRIVERS\XrUsb.sys –> c:\windows\system32\DRIVERS\XrUsb.sys [?]
.
Inhoud van de 'Gedeelde Taken' map

2009-02-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe []

2009-02-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe []

2009-01-30 c:\windows\Tasks\Schijfopruiming.job
- c:\windows\system32\cleanmgr.exe [2008-04-14 18:02]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0413/bl8.asp
uInternet Connection Wizard,ShellNext = hxxp://go.compaq.com/1Q00CDT/0413/bl7.asp
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {8E620B5B-F66E-419E-9380-1BA45E194EF4} = 194.7.1.4
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 15:59:32
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\TechSmith\SnagIt 9\TscHelp.exe
c:\program files\TechSmith\SnagIt 9\SnagPriv.exe
c:\windows\system32\wscntfy.exe
c:\program files\TechSmith\SnagIt 9\SnagItEditor.exe
.
**************************************************************************
.
Voltooingstijd: 2009-02-03 16:02:25 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-03 15:02:21
ComboFix2.txt 2009-02-03 14:11:06
ComboFix3.txt 2009-02-03 10:55:36

Pre-Run: 12.887.597.056 bytes beschikbaar
Post-Run: 12,868,124,672 bytes beschikbaar

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
199

Anoniem 4 februari 2009 15:34

Hoe staat het met de problemen?

Anoniem 4 februari 2009 16:05

Ziet er goed uit, startpagina weer normaal en computer weer snel genoeg.

Bedankt!!!

Anoniem 4 februari 2009 16:32

Mooizo, doe nog even dit:

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op

ATF cleaner om het programma te starten.
Op het tabblad Main, plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:

Klik op tabblad Firefox, plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
(dit haalt het vinkje weer weg bij Firefox saved passwords)
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:

Klik op tabblad Opera, plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
Klik op de knop Empty Selected.
Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren ComboFix /U typen en op enter drukken!!)

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".
- Start de pc opnieuw op
- Er is nu een nieuw schoon herstel punt aangemaakt

Anoniem 4 februari 2009 16:46

Ok ook gedaan

Bedankt!

Anoniem 4 februari 2009 17:37

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Vraag & Antwoord

pc spywarevrij maken aub

Beantwoord deze vraag

Gerelateerde vragen

Inloggen

Registreren

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Bedankt!

Je vraag is geplaatst!

Je antwoord is geplaatst!