Vraag & Antwoord

Beveiliging & privacy

laptop doet vreemd;virus??

Anoniem
None
19 antwoorden
  • Vrienden, eerverleden week gedwongen al 2 PC's opnieuw te instaleren omdat ze plat gingen.
    Sinds eergisteren op laptop oa. inloggegevens MSN kwijt en kan deze niet opnieuw oprakelen.
    Net een HJT log gedraaid en dat gaf een vreemde melding maar die verdween direct weer ( ik \moest iets in dos typen???
    bijgevoegd log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:19:43, on 9-2-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Apoint2K\Apoint.exe
    D:\programs\MCAffee\shstat.exe
    D:\programs\Common Framework\UdaterUI.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    D:\Program Files\ClamWin\bin\ClamTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    D:\programs\Common Framework\McTray.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    D:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    D:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\conime.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    d:\programs\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\programs\MCAffee\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [ShStatEXE] "D:\programs\MCAffee\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\programs\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ClamWin] "d:\Program Files\ClamWin\bin\ClamTray.exe" –logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 2.4.lnk = D:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O13 - Gopher Prefix:
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\programs\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\programs\MCAffee\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\programs\MCAffee\VsTskMgr.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: ManageEngine NetFlow Analyzer 6 (netflowanalyzer) - Unknown owner - D:\programs\NetFlow\bin\wrapper.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 9138 bytes
  • In aanvulling op log, ik kan GEEN enkele online scan doen :cry:
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:8b9ce430b5]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:8b9ce430b5]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:8b9ce430b5] en sla het op je bureaublad op.
    Dubbelklik op [b:8b9ce430b5]mbam-setup.exe[/b:8b9ce430b5] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:8b9ce430b5]
    [*:8b9ce430b5]Update MalwareBytes' Anti-Malware
    [*:8b9ce430b5]Start MalwareBytes' Anti-Malware
    [/list:u:8b9ce430b5]Klik daarna op "[b:8b9ce430b5]Voltooien[/b:8b9ce430b5]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:8b9ce430b5]
    [*:8b9ce430b5]Zodra het programma gestart is, ga dan naar het tabblad "[b:8b9ce430b5]Instellingen[/b:8b9ce430b5]".
    [*:8b9ce430b5]Vink hier aan: "[b:8b9ce430b5]Sluit Internet Explorer tijdens verwijdering van malware[/b:8b9ce430b5]".
    [*:8b9ce430b5]Ga daarna naar het tabblad "[b:8b9ce430b5]Scanner[/b:8b9ce430b5]", kies hier voor "[b:8b9ce430b5]Snelle Scan[/b:8b9ce430b5]".
    [*:8b9ce430b5]Druk vervolgens op "[b:8b9ce430b5]Scannen[/b:8b9ce430b5]" om de scan te starten.
    [*:8b9ce430b5]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:8b9ce430b5]Wanneer de scan voltooid is, klik op [b:8b9ce430b5]OK[/b:8b9ce430b5], daarna "[b:8b9ce430b5]Bekijk Resultaten[/b:8b9ce430b5]" om de resultaten te zien.
    [*:8b9ce430b5]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:8b9ce430b5]Verwijder geselecteerde[/b:8b9ce430b5]".
    [*:8b9ce430b5]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:8b9ce430b5]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:8b9ce430b5]Logs[/b:8b9ce430b5]" tab te klikken in het programma.

    Plaats dit logje.


    Download Dial-a-fix-2006
    en pak beide bestanden in hun eigen map uit naar je Bureaublad.

    In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
    In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
    Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
    Sluit dit venster na afloop door onderaan op "Close" te klikken.



    Download [b:8b9ce430b5] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:8b9ce430b5]
  • had intussen al op forum gespit en MBAM gevonden…
    log:

    Malwarebytes' Anti-Malware 1.33
    Database versie: 1741
    Windows 6.0.6001 Service Pack 1

    9-2-2009 17:55:12
    mbam-log-2009-02-09 (17-55-12).txt

    Scan type: Snelle Scan
    Objecten gescand: 48784
    Verstreken tijd: 9 minute(s), 14 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 2
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden


    Ga nu dat andere doen.
    BTW alvast bedankt voor de hulp :wink:
  • Dial-a-fix geeft aan dat t niet onder Vista werkt..
    Log combofix :

    ComboFix 09-02-08.02 - ria 2009-02-09 18:19:25.1 - NTFSx86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1043.18.1013.194 [GMT 1:00]
    Gestart vanuit: d:\downloads\ComboFix.exe
    AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\x64

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-09 to 2009-02-09 ))))))))))))))))))))))))))))))
    .

    2009-02-09 17:42 . 2009-02-09 17:42 <DIR> d——– c:\users\ria\AppData\Roaming\Malwarebytes
    2009-02-09 17:42 . 2009-02-09 17:42 <DIR> d——– c:\users\All Users\Malwarebytes
    2009-02-09 17:42 . 2009-02-09 17:42 <DIR> d——– c:\programdata\Malwarebytes
    2009-02-09 17:42 . 2009-01-14 16:11 38,496 –a—— c:\windows\System32\drivers\mbamswissarmy.sys
    2009-02-09 17:42 . 2009-01-14 16:11 15,504 –a—— c:\windows\System32\drivers\mbam.sys
    2009-02-08 16:29 . 2008-12-16 03:42 288,768 –a—— c:\windows\System32\drivers\srv.sys
    2009-02-08 16:23 . 2009-02-08 16:23 10,520 –a—— c:\windows\System32\avgrsstx.dll
    2009-02-08 16:22 . 2009-02-09 17:04 <DIR> d——– c:\windows\System32\drivers\Avg
    2009-02-08 16:22 . 2009-02-08 16:22 325,128 –a—— c:\windows\System32\drivers\avgldx86.sys
    2009-02-08 16:22 . 2009-02-08 16:22 107,272 –a—— c:\windows\System32\drivers\avgtdix.sys
    2009-02-08 16:22 . 2009-02-08 16:23 12,552 –a—— c:\windows\System32\drivers\avgrkx86.sys
    2009-02-08 16:21 . 2009-02-08 16:21 <DIR> d——– c:\users\All Users\avg8
    2009-02-08 16:21 . 2009-02-08 16:21 <DIR> d——– c:\programdata\avg8
    2009-02-08 16:21 . 2009-02-08 16:21 <DIR> d——– c:\program files\AVG
    2009-02-06 14:48 . 2009-02-06 14:48 <DIR> d——– c:\program files\Panda Security
    2009-02-01 18:04 . 2009-02-01 18:04 <DIR> d——– C:\CanonMP
    2009-01-21 18:22 . 2009-01-21 18:22 <DIR> d——– C:\VanDale_Nederlands(2)
    2009-01-21 09:45 . 2009-01-21 09:45 <DIR> d——– c:\windows\Sun
    2009-01-21 09:45 . 2009-01-21 09:49 <DIR> d——– c:\users\ria\AppData\Roaming\HouseCall 6.6
    2009-01-21 09:21 . 2009-02-06 14:46 <DIR> d——– c:\users\ria\.housecall6.6
    2009-01-17 18:30 . 2009-01-17 18:30 126,060,813 –a—— c:\windows\MEMORY.DMP

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-09 15:58 ——— d—–w c:\users\ria\AppData\Roaming\OpenOffice.org2
    2009-02-08 15:33 ——— d—–w c:\program files\Windows Mail
    2009-01-17 11:16 ——— d—–w c:\program files\Google
    2009-01-10 10:42 ——— d—–w c:\program files\Java
    2009-01-08 16:50 ——— d—–w c:\users\ria\AppData\Roaming\gourmet
    2009-01-05 07:32 ——— d—–w c:\users\ria\AppData\Roaming\.clamwin
    2008-12-16 15:46 ——— d–h–w c:\programdata\CanonBJ
    2008-12-15 15:16 0 —-a-w c:\users\ria\AppData\Roaming\wklnhst.dat
    2008-12-15 15:16 ——— d—–w c:\users\ria\AppData\Roaming\Template
    2008-06-12 13:58 13,783,040 —-a-w c:\users\ria\SetupHome08.exe
    2008-05-18 12:44 174 –sha-w c:\program files\desktop.ini
    2008-07-06 11:01 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    2008-07-06 11:01 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    2008-07-05 18:35 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008070520080706\index.dat
    2008-07-06 06:33 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008070620080707\index.dat
    2008-07-16 23:09 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008071720080718\index.dat
    2008-10-06 07:12 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008092920081006\index.dat
    2008-10-18 09:17 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008100620081013\index.dat
    2008-10-21 12:37 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008101320081020\index.dat
    2008-10-27 14:33 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008102020081027\index.dat
    2008-10-27 14:33 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008102720081028\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
    "PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 155648]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
    "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
    "ShStatEXE"="d:\programs\MCAffee\SHSTAT.EXE" [2006-11-30 112216]
    "McAfeeUpdaterUI"="d:\programs\Common Framework\UdaterUI.exe" [2006-11-17 136768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 154136]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "ClamWin"="d:\program files\ClamWin\bin\ClamTray.exe" [2007-08-21 73728]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-08 1601304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

    c:\users\ria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - d:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-08-17 535336]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-03 91440]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll eNetHook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{9506CF54-2C21-427B-9BD6-6A2F38305DB4}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
    "{A508CF61-5C0E-4DE3-971F-E991FF87FFFA}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
    "{6047DC5D-FC09-41DF-8CFA-E340F93E855D}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{E7D88DEA-DC26-42B1-9F42-2BB6199610CF}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{A2CB42B9-06E9-4E5F-9B48-8A527EAB161A}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia
    "{1C2F2824-488C-48ED-84C7-E1767587870A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{127B168B-A7B8-44B1-AF51-7DFEBBB3F178}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{CBE92B78-4E6F-4D58-BB97-469E337B6E99}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{80051E04-7AEA-4C7D-9167-CA5518AF623E}"= UDP:d:\programs\Common Framework\FrameworkService.exe:McAfee Framework Service
    "{A2BEF093-CFAE-43F8-B4DF-AD8DFFD7C0B5}"= TCP:d:\programs\Common Framework\FrameworkService.exe:McAfee Framework Service
    "TCP Query User{163E9BC2-5533-4F14-ACFF-DB31579E851F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{9D157561-B996-477B-A557-F8892FA7F559}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{D6BC432B-A048-4213-A5E3-D43A940F6CA2}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
    "UDP Query User{AFEEDBE8-457B-466D-9349-C128E14B8347}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
    "{DD45B9B4-EAA9-4401-AB9B-B421D1F2EFFA}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{4B554A5A-F418-435C-B7C5-33F5349D6490}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{BB5DECAF-D51C-46E2-9C65-0E8BE2721FE2}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{88D9D565-F938-46A7-9CE6-46843A081DE0}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "TCP Query User{7E31AECA-D1EF-45FF-851B-61AC4D444837}c:\\program files\\common files\\installshield\\engine\\6\\intel 32\\ikernel.exe"= UDP:c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe:InstallShield (R) Setup Engine
    "UDP Query User{D3FCA4EA-345F-4552-8613-5753F9DBD013}c:\\program files\\common files\\installshield\\engine\\6\\intel 32\\ikernel.exe"= TCP:c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe:InstallShield (R) Setup Engine
    "{0F2A282D-B902-4A6E-96DF-9A165C4D167D}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
    "{852318DC-CBBF-4719-A216-2184D113C74C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
    "{313E54B0-659E-403F-BA98-9E3126FA62F8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
    "{1D7066D0-E6F0-4786-9B9B-E177B95D6ED8}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

    R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2009-02-08 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-02-08 325128]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-08 107272]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-08 903960]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-08 298264]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-10-23 212992]
    S2 netflowanalyzer;ManageEngine NetFlow Analyzer 6;d:\programs\NetFlow\bin\wrapper.exe -s d:\programs\NetFlow\bin\\..\server\default\conf\wrapper.conf –> d:\programs\NetFlow\bin\wrapper.exe -s d:\programs\NetFlow\bin\\..\server\default\conf\wrapper.conf [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{856f9e56-1238-11dd-9450-806e6f6e6963}]
    \shell\AutoRun\command - E:\Autorun.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-09 c:\windows\Tasks\RegCure Program Check.job
    - d:\program files\RegCure\RegCure.exe []

    2008-06-20 c:\windows\Tasks\RegCure.job
    - d:\program files\RegCure\RegCure.exe []
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKCU-Run-Acer Tour Reminder - (no file)
    HKLM-Run-Acer Tour - (no file)
    HKLM-Run-eRecoveryService - (no file)


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://startpagina.nl/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://nl.intl.acer.yahoo.com
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-09 18:25:09
    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(576)
    c:\windows\system32\eNetHook.dll

    - - - - - - - > 'lsass.exe'(644)
    c:\windows\system32\eNetHook.dll

    - - - - - - - > 'Explorer.exe'(4728)
    c:\windows\system32\MsnChatHook.dll
    c:\windows\system32\ShowErrMsg.dll
    c:\windows\system32\sysenv.dll
    c:\windows\system32\BatchCrypto.dll
    c:\windows\system32\CryptoAPI.dll
    c:\windows\system32\keyManager.dll
    c:\acer\Empowering Technology\EPOWER\SysHook.dll
    .
    Voltooingstijd: 2009-02-09 18:29:31
    ComboFix-quarantined-files.txt 2009-02-09 17:29:20

    Pre-Run: 16.384.827.392 bytes beschikbaar
    Post-Run: 16,183,992,320 bytes beschikbaar

    194 — E O F — 2009-02-09 16:10:20
  • McAffee krijg ik niet uit, AVG en Clamwin geen geen echte troubles.
    Dientengevolge kreeg ik dat "NirCMD "niet in beeld :(
    Moet ik evt alle virusscanners de-instaleren en iets opnieuw doen??
  • 2 van de 3 virusscanners moet je verwijderen.
    Het is namelijk niet aangeraden meerdere virusscanners te hebben.

    Ik geloof dat McAfee ComboFix niet gestoord heeft.



    Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.


    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • ComboFix 09-02-08.02 - ria 2009-02-09 20:54:17.2 - NTFSx86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1043.18.1013.185 [GMT 1:00]
    Gestart vanuit: d:\downloads\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\ria\Desktop\Cfscript.txt
    AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-09 to 2009-02-09 ))))))))))))))))))))))))))))))
    .

    2009-02-09 17:42 . 2009-02-09 17:42 <DIR> d——– c:\users\ria\AppData\Roaming\Malwarebytes
    2009-02-09 17:42 . 2009-02-09 17:42 <DIR> d——– c:\users\All Users\Malwarebytes
    2009-02-09 17:42 . 2009-02-09 17:42 <DIR> d——– c:\programdata\Malwarebytes
    2009-02-09 17:42 . 2009-01-14 16:11 38,496 –a—— c:\windows\System32\drivers\mbamswissarmy.sys
    2009-02-09 17:42 . 2009-01-14 16:11 15,504 –a—— c:\windows\System32\drivers\mbam.sys
    2009-02-08 16:29 . 2008-12-16 03:42 288,768 –a—— c:\windows\System32\drivers\srv.sys
    2009-02-08 16:21 . 2009-02-09 20:30 <DIR> d——– c:\users\All Users\avg8
    2009-02-08 16:21 . 2009-02-09 20:30 <DIR> d——– c:\programdata\avg8
    2009-02-08 16:21 . 2009-02-08 16:21 <DIR> d——– c:\program files\AVG
    2009-02-06 14:48 . 2009-02-06 14:48 <DIR> d——– c:\program files\Panda Security
    2009-02-01 18:04 . 2009-02-01 18:04 <DIR> d——– C:\CanonMP
    2009-01-21 18:22 . 2009-01-21 18:22 <DIR> d——– C:\VanDale_Nederlands(2)
    2009-01-21 09:45 . 2009-01-21 09:45 <DIR> d——– c:\windows\Sun
    2009-01-21 09:45 . 2009-01-21 09:49 <DIR> d——– c:\users\ria\AppData\Roaming\HouseCall 6.6
    2009-01-21 09:21 . 2009-02-06 14:46 <DIR> d——– c:\users\ria\.housecall6.6
    2009-01-17 18:30 . 2009-01-17 18:30 126,060,813 –a—— c:\windows\MEMORY.DMP

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-09 19:36 ——— d—–w c:\users\ria\AppData\Roaming\OpenOffice.org2
    2009-02-08 15:33 ——— d—–w c:\program files\Windows Mail
    2009-01-17 11:16 ——— d—–w c:\program files\Google
    2009-01-10 10:42 ——— d—–w c:\program files\Java
    2009-01-08 16:50 ——— d—–w c:\users\ria\AppData\Roaming\gourmet
    2008-12-16 15:46 ——— d–h–w c:\programdata\CanonBJ
    2008-12-15 15:16 0 —-a-w c:\users\ria\AppData\Roaming\wklnhst.dat
    2008-12-15 15:16 ——— d—–w c:\users\ria\AppData\Roaming\Template
    2008-06-12 13:58 13,783,040 —-a-w c:\users\ria\SetupHome08.exe
    2008-05-18 12:44 174 –sha-w c:\program files\desktop.ini
    2008-07-06 11:01 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    2008-07-06 11:01 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    2008-07-05 18:35 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008070520080706\index.dat
    2008-07-06 06:33 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008070620080707\index.dat
    2008-07-16 23:09 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008071720080718\index.dat
    2008-10-06 07:12 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008092920081006\index.dat
    2008-10-18 09:17 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008100620081013\index.dat
    2008-10-21 12:37 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008101320081020\index.dat
    2008-10-27 14:33 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008102020081027\index.dat
    2008-10-27 14:33 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008102720081028\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-09_18.27.10,39 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-09 15:53:33 262,144 –sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-02-09 19:35:18 262,144 –sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    - 2009-02-09 17:25:01 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-02-09 19:35:07 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2009-02-09 15:49:28 65,536 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-09 19:41:48 65,536 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-09 18:25:58 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020220090209\index.dat
    + 2009-02-09 19:36:40 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020920090210\index.dat
    - 2009-02-09 15:49:28 65,536 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-09 19:41:48 65,536 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-02-09 15:49:28 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-02-09 19:41:48 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-02-09 16:16:03 6,291,456 —-a-w c:\windows\System32\SMI\Store\Machine\schema.dat
    + 2009-02-09 18:19:50 6,291,456 —-a-w c:\windows\System32\SMI\Store\Machine\schema.dat
    - 2009-02-09 15:55:14 10,672 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2163111863-232474085-3126442356-1000_UserData.bin
    + 2009-02-09 19:35:08 10,696 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2163111863-232474085-3126442356-1000_UserData.bin
    - 2009-02-09 15:55:11 69,738 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-02-09 19:35:07 69,968 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-02-09 15:53:20 63,758 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-02-09 19:35:05 64,792 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Acer Tour Reminder"="" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
    "PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 155648]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
    "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
    "ShStatEXE"="d:\programs\MCAffee\SHSTAT.EXE" [2006-11-30 112216]
    "McAfeeUpdaterUI"="d:\programs\Common Framework\UdaterUI.exe" [2006-11-17 136768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 154136]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

    c:\users\ria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - d:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-08-17 535336]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-03 91440]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=eNetHook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{9506CF54-2C21-427B-9BD6-6A2F38305DB4}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
    "{A508CF61-5C0E-4DE3-971F-E991FF87FFFA}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
    "{6047DC5D-FC09-41DF-8CFA-E340F93E855D}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{E7D88DEA-DC26-42B1-9F42-2BB6199610CF}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{A2CB42B9-06E9-4E5F-9B48-8A527EAB161A}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia
    "{1C2F2824-488C-48ED-84C7-E1767587870A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{127B168B-A7B8-44B1-AF51-7DFEBBB3F178}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{CBE92B78-4E6F-4D58-BB97-469E337B6E99}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{80051E04-7AEA-4C7D-9167-CA5518AF623E}"= UDP:d:\programs\Common Framework\FrameworkService.exe:McAfee Framework Service
    "{A2BEF093-CFAE-43F8-B4DF-AD8DFFD7C0B5}"= TCP:d:\programs\Common Framework\FrameworkService.exe:McAfee Framework Service
    "TCP Query User{163E9BC2-5533-4F14-ACFF-DB31579E851F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{9D157561-B996-477B-A557-F8892FA7F559}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{D6BC432B-A048-4213-A5E3-D43A940F6CA2}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
    "UDP Query User{AFEEDBE8-457B-466D-9349-C128E14B8347}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
    "{DD45B9B4-EAA9-4401-AB9B-B421D1F2EFFA}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{4B554A5A-F418-435C-B7C5-33F5349D6490}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{BB5DECAF-D51C-46E2-9C65-0E8BE2721FE2}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{88D9D565-F938-46A7-9CE6-46843A081DE0}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "TCP Query User{7E31AECA-D1EF-45FF-851B-61AC4D444837}c:\\program files\\common files\\installshield\\engine\\6\\intel 32\\ikernel.exe"= UDP:c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe:InstallShield (R) Setup Engine
    "UDP Query User{D3FCA4EA-345F-4552-8613-5753F9DBD013}c:\\program files\\common files\\installshield\\engine\\6\\intel 32\\ikernel.exe"= TCP:c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe:InstallShield (R) Setup Engine

    R2 netflowanalyzer;ManageEngine NetFlow Analyzer 6;d:\programs\NetFlow\bin\wrapper.exe -s d:\programs\NetFlow\bin\\..\server\default\conf\wrapper.conf –> d:\programs\NetFlow\bin\wrapper.exe -s d:\programs\NetFlow\bin\\..\server\default\conf\wrapper.conf [?]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-10-23 212992]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{856f9e56-1238-11dd-9450-806e6f6e6963}]
    \shell\AutoRun\command - E:\Autorun.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-09 c:\windows\Tasks\RegCure Program Check.job
    - d:\program files\RegCure\RegCure.exe []

    2008-06-20 c:\windows\Tasks\RegCure.job
    - d:\program files\RegCure\RegCure.exe []
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://startpagina.nl/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://nl.intl.acer.yahoo.com
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-09 20:58:04
    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(604)
    c:\windows\system32\eNetHook.dll

    - - - - - - - > 'lsass.exe'(632)
    c:\windows\system32\eNetHook.dll

    - - - - - - - > 'Explorer.exe'(2788)
    c:\windows\system32\MsnChatHook.dll
    c:\windows\system32\ShowErrMsg.dll
    c:\windows\system32\sysenv.dll
    c:\windows\system32\BatchCrypto.dll
    c:\windows\system32\CryptoAPI.dll
    c:\windows\system32\keyManager.dll
    c:\acer\Empowering Technology\EPOWER\SysHook.dll
    .
    Voltooingstijd: 2009-02-09 21:01:20
    ComboFix-quarantined-files.txt 2009-02-09 20:01:14
    ComboFix2.txt 2009-02-09 17:29:39

    Pre-Run: 14,630,830,080 bytes beschikbaar
    Post-Run: 14,386,974,720 bytes beschikbaar

    194 — E O F — 2009-02-09 16:10:20
  • Open kladblok en plak volgende vetgedrukte tekst in een leeg venster:

    [b:c5eef0fdd7]REGEDIT4

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{856f9e56-1238-11dd-9450-806e6f6e6963}]
    [/b:c5eef0fdd7]

    Sla dit op, op je Bureaublad als regfix.reg, met als type "alle bestanden"
    Dubbelklik op regfix.reg en sta het toevoegen aan het register toe.

    Plaats vervolgens een nieuw ComboFix logje.
  • Sorry ff weggeweest

    Hierlog :

    ComboFix 09-02-10.03 - ria 2009-02-11 15:26:59.3 - NTFSx86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1043.18.1013.134 [GMT 1:00]
    Gestart vanuit: d:\downloads\ComboFix.exe
    AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    * Resident AV is active

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-11 to 2009-02-11 ))))))))))))))))))))))))))))))
    .

    2009-02-11 05:51 . 2009-01-15 04:36 1,383,424 –a—— c:\windows\System32\mshtml.tlb
    2009-02-11 05:51 . 2009-01-15 07:11 827,392 –a—— c:\windows\System32\wininet.dll
    2009-02-10 09:53 . 2009-02-10 21:58 <DIR> d——– c:\users\ria\AppData\Roaming\Folding@home-x86
    2009-02-10 09:53 . 2009-02-10 09:53 <DIR> d——– c:\program files\Folding@home
    2009-02-09 17:42 . 2009-02-09 17:42 <DIR> d——– c:\users\ria\AppData\Roaming\Malwarebytes
    2009-02-09 17:42 . 2009-02-09 17:42 <DIR> d——– c:\users\All Users\Malwarebytes
    2009-02-09 17:42 . 2009-02-09 17:42 <DIR> d——– c:\programdata\Malwarebytes
    2009-02-09 17:42 . 2009-01-14 16:11 38,496 –a—— c:\windows\System32\drivers\mbamswissarmy.sys
    2009-02-09 17:42 . 2009-01-14 16:11 15,504 –a—— c:\windows\System32\drivers\mbam.sys
    2009-02-08 16:29 . 2008-12-16 03:42 288,768 –a—— c:\windows\System32\drivers\srv.sys
    2009-02-08 16:21 . 2009-02-09 20:30 <DIR> d——– c:\users\All Users\avg8
    2009-02-08 16:21 . 2009-02-09 20:30 <DIR> d——– c:\programdata\avg8
    2009-02-08 16:21 . 2009-02-08 16:21 <DIR> d——– c:\program files\AVG
    2009-02-06 14:48 . 2009-02-06 14:48 <DIR> d——– c:\program files\Panda Security
    2009-02-01 18:04 . 2009-02-01 18:04 <DIR> d——– C:\CanonMP
    2009-01-21 18:22 . 2009-01-21 18:22 <DIR> d——– C:\VanDale_Nederlands(2)
    2009-01-21 09:45 . 2009-01-21 09:45 <DIR> d——– c:\windows\Sun
    2009-01-21 09:45 . 2009-01-21 09:49 <DIR> d——– c:\users\ria\AppData\Roaming\HouseCall 6.6
    2009-01-21 09:21 . 2009-02-06 14:46 <DIR> d——– c:\users\ria\.housecall6.6
    2009-01-17 18:30 . 2009-01-17 18:30 126,060,813 –a—— c:\windows\MEMORY.DMP

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-11 14:21 ——— d—–w c:\users\ria\AppData\Roaming\OpenOffice.org2
    2009-02-11 10:00 ——— d—–w c:\program files\Windows Mail
    2009-01-17 11:16 ——— d—–w c:\program files\Google
    2009-01-10 10:42 ——— d—–w c:\program files\Java
    2009-01-08 16:50 ——— d—–w c:\users\ria\AppData\Roaming\gourmet
    2008-12-16 15:46 ——— d–h–w c:\programdata\CanonBJ
    2008-12-15 15:16 0 —-a-w c:\users\ria\AppData\Roaming\wklnhst.dat
    2008-12-15 15:16 ——— d—–w c:\users\ria\AppData\Roaming\Template
    2008-06-12 13:58 13,783,040 —-a-w c:\users\ria\SetupHome08.exe
    2008-05-18 12:44 174 –sha-w c:\program files\desktop.ini
    2008-07-06 11:01 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    2008-07-06 11:01 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    2008-07-05 18:35 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008070520080706\index.dat
    2008-07-06 06:33 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008070620080707\index.dat
    2008-07-16 23:09 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008071720080718\index.dat
    2008-10-06 07:12 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008092920081006\index.dat
    2008-10-18 09:17 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008100620081013\index.dat
    2008-10-21 12:37 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008101320081020\index.dat
    2008-10-27 14:33 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008102020081027\index.dat
    2008-10-27 14:33 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008102720081028\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-09_18.27.10,39 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-18 10:53:45 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-09 20:02:45 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-01-18 10:53:45 32,768 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-09 20:02:45 32,768 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-01-18 10:53:45 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-02-09 20:02:45 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-02-09 15:53:33 262,144 –sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-02-11 14:15:22 262,144 –sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    - 2009-02-09 17:25:01 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-02-11 14:33:00 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2009-02-09 15:49:28 65,536 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-11 14:21:12 65,536 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-09 18:25:58 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020220090209\index.dat
    + 2009-02-09 21:22:43 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020920090210\index.dat
    + 2009-02-11 14:21:10 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009021120090212\index.dat
    - 2009-02-09 15:49:28 65,536 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-11 14:21:12 65,536 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-02-09 15:49:28 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-02-11 14:21:12 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-02-09 17:18:14 262,144 —-a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2009-02-11 14:25:59 262,144 —-a-w c:\windows\System32\config\systemprofile\ntuser.dat
    - 2008-10-16 04:47:29 6,068,736 —-a-w c:\windows\System32\ieframe.dll
    + 2009-01-15 06:07:53 6,069,248 —-a-w c:\windows\System32\ieframe.dll
    - 2008-10-16 04:47:29 270,336 —-a-w c:\windows\System32\iertutil.dll
    + 2009-01-15 06:07:53 270,336 —-a-w c:\windows\System32\iertutil.dll
    - 2008-10-16 04:47:30 28,160 —-a-w c:\windows\System32\jsproxy.dll
    + 2009-01-15 06:08:05 28,160 —-a-w c:\windows\System32\jsproxy.dll
    - 2009-01-09 16:35:30 20,853,704 —-a-w c:\windows\System32\mrt.exe
    + 2009-02-03 23:21:12 21,244,864 —-a-w c:\windows\System32\mrt.exe
    - 2008-01-19 07:34:58 458,240 —-a-w c:\windows\System32\msfeeds.dll
    + 2009-01-15 06:08:34 458,240 —-a-w c:\windows\System32\msfeeds.dll
    - 2008-12-12 05:52:52 3,578,880 —-a-w c:\windows\System32\mshtml.dll
    + 2009-01-15 06:08:35 3,580,416 —-a-w c:\windows\System32\mshtml.dll
    - 2008-10-16 04:47:32 671,232 —-a-w c:\windows\System32\mstime.dll
    + 2009-01-15 06:08:50 671,232 —-a-w c:\windows\System32\mstime.dll
    - 2009-02-09 16:16:03 6,291,456 —-a-w c:\windows\System32\SMI\Store\Machine\schema.dat
    + 2009-02-11 14:26:26 6,291,456 —-a-w c:\windows\System32\SMI\Store\Machine\schema.dat
    - 2008-10-16 04:47:34 1,166,336 —-a-w c:\windows\System32\urlmon.dll
    + 2009-01-15 06:11:05 1,166,336 —-a-w c:\windows\System32\urlmon.dll
    - 2009-02-09 15:55:14 10,672 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2163111863-232474085-3126442356-1000_UserData.bin
    + 2009-02-11 14:18:43 10,704 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2163111863-232474085-3126442356-1000_UserData.bin
    - 2009-02-09 15:55:11 69,738 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-02-11 14:18:42 69,984 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-02-09 15:44:18 8,752 —-a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
    + 2009-02-11 14:13:06 8,752 —-a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
    - 2009-02-09 15:53:20 63,758 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-02-11 14:17:56 65,206 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-02-11 14:12:46 54,279,060 —-a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2009-01-15 04:15:58 124,928 —-a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16809_none_a9ee2d39f5a1db5c\advpack.dll
    + 2009-01-15 04:14:44 124,928 —-a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20996_none_aa1379db0f0b2a9a\advpack.dll
    + 2009-01-15 04:16:02 44,544 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16809_none_ebe936e9163ac15b\pngfilt.dll
    + 2009-01-15 04:18:35 44,544 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20996_none_ec0e838a2fa41099\pngfilt.dll
    + 2009-01-15 04:16:03 1,160,192 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16809_none_b305df9bd99b38bf\urlmon.dll
    + 2009-01-15 04:19:06 1,163,264 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20996_none_b32b2c3cf30487fd\urlmon.dll
    + 2009-01-15 06:11:05 1,166,336 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\urlmon.dll
    + 2009-01-16 04:59:50 1,166,848 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22355_none_b53baa48f00b8fd3\urlmon.dll
    + 2009-01-15 04:16:01 671,232 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16809_none_dee86e647f43f82e\mstime.dll
    + 2009-01-15 04:17:12 671,232 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20996_none_df0dbb0598ad476c\mstime.dll
    + 2009-01-15 06:08:50 671,232 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18203_none_e0c8ab4e7c6ff115\mstime.dll
    + 2009-01-16 04:57:07 671,232 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22355_none_e11e391195b44f42\mstime.dll
    + 2009-01-15 04:16:00 27,648 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\jsproxy.dll
    + 2009-01-15 04:16:03 826,368 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\wininet.dll
    + 2009-01-15 04:16:03 64,512 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\WininetPlugin.dll
    + 2009-01-15 04:16:04 27,648 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\jsproxy.dll
    + 2009-01-15 04:19:13 827,904 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\wininet.dll
    + 2009-01-15 04:19:13 64,512 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\WininetPlugin.dll
    + 2009-01-15 06:08:05 28,160 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\jsproxy.dll
    + 2009-01-15 06:11:16 827,392 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\wininet.dll
    + 2008-04-24 16:37:35 64,512 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\WininetPlugin.dll
    + 2009-01-16 04:56:01 28,160 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\jsproxy.dll
    + 2009-01-16 05:00:04 827,904 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\wininet.dll
    + 2009-01-16 05:00:04 64,512 —-a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\WininetPlugin.dll
    + 2007-08-17 06:11:23 2,455,488 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16809_none_f9b4de176e8fd9a5\ieapfltr.dat
    + 2009-01-15 04:16:00 383,488 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16809_none_f9b4de176e8fd9a5\ieapfltr.dll
    + 2007-08-17 06:11:23 2,455,488 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20996_none_f9da2ab887f928e3\ieapfltr.dat
    + 2009-01-15 04:15:42 380,928 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20996_none_f9da2ab887f928e3\ieapfltr.dll
    + 2009-01-15 04:15:59 347,136 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16809_none_95e916cf84755fd3\dxtmsft.dll
    + 2009-01-15 04:15:59 214,528 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16809_none_95e916cf84755fd3\dxtrans.dll
    + 2009-01-15 04:15:22 347,136 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20996_none_960e63709ddeaf11\dxtmsft.dll
    + 2009-01-15 04:15:22 214,528 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20996_none_960e63709ddeaf11\dxtrans.dll
    + 2009-01-15 04:16:00 459,264 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16809_none_5e09520c3d47b20a\msfeeds.dll
    + 2009-01-15 04:16:41 459,264 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.20996_none_5e2e9ead56b10148\msfeeds.dll
    + 2009-01-15 06:08:34 458,240 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18203_none_5fe98ef63a73aaf1\msfeeds.dll
    + 2009-01-16 04:56:39 458,240 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22355_none_603f1cb953b8091e\msfeeds.dll
    + 2009-01-15 04:16:00 477,696 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16809_none_464bb12746361260\mshtmled.dll
    + 2009-01-15 04:16:46 477,696 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20996_none_4670fdc85f9f619e\mshtmled.dll
    + 2009-01-15 04:16:00 3,594,752 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16809_none_1165da5c24fac888\mshtml.dll
    + 2009-01-15 04:16:45 3,596,288 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20996_none_118b26fd3e6417c6\mshtml.dll
    + 2009-01-15 06:08:35 3,580,416 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18203_none_134617462226c16f\mshtml.dll
    + 2009-01-16 04:56:43 3,580,928 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22355_none_139ba5093b6b1f9c\mshtml.dll
    + 2009-01-15 04:16:00 63,488 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16809_none_58be4726670f5491\icardie.dll
    + 2009-01-15 04:15:42 63,488 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20996_none_58e393c78078a3cf\icardie.dll
    + 2009-01-15 04:15:30 26,624 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\ieUnatt.exe
    + 2009-01-15 04:14:36 634,024 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
    + 2009-01-15 02:05:46 26,624 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\ieUnatt.exe
    + 2009-01-15 04:18:47 634,024 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
    + 2009-01-15 04:16:00 267,776 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\iertutil.dll
    + 2009-01-15 04:16:02 134,144 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\sqmapi.dll
    + 2009-01-15 04:15:44 267,776 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20996_none_45ebbebaa8becced\iertutil.dll
    + 2009-01-15 04:18:57 134,144 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20996_none_45ebbebaa8becced\sqmapi.dll
    + 2009-01-15 06:07:53 270,336 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\iertutil.dll
    + 2008-01-19 07:36:35 129,536 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\sqmapi.dll
    + 2009-01-16 04:55:51 270,848 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22355_none_47fc3cc6a5c5d4c3\iertutil.dll
    + 2009-01-16 04:59:31 129,536 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22355_none_47fc3cc6a5c5d4c3\sqmapi.dll
    + 2009-01-15 04:15:30 70,656 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\ie4uinit.exe
    + 2009-01-15 04:16:00 44,544 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\iernonce.dll
    + 2009-01-15 04:16:00 56,320 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\iesetup.dll
    + 2009-01-15 02:05:40 70,656 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\ie4uinit.exe
    + 2009-01-15 04:15:44 44,544 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\iernonce.dll
    + 2009-01-15 04:15:44 56,320 —-a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\iesetup.dll
    + 2009-01-15 04:16:00 52,736 —-a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16809_none_2a18935467fa6c37\iebrshim.dll
    + 2009-01-15 04:15:42 52,736 —-a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20996_none_2a3ddff58163bb75\iebrshim.dll
    + 2009-01-15 04:16:00 6,066,688 —-a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16809_none_62c5345fb0f056b5\ieframe.dll
    + 2009-01-15 04:16:00 180,736 —-a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16809_none_62c5345fb0f056b5\ieui.dll
    + 2009-01-15 04:15:44 6,068,736 —-a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20996_none_62ea8100ca59a5f3\ieframe.dll
    + 2009-01-15 04:15:44 180,736 —-a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20996_none_62ea8100ca59a5f3\ieui.dll
    + 2009-01-15 06:07:53 6,069,248 —-a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18203_none_64a57149ae1c4f9c\ieframe.dll
    + 2008-01-19 07:34:31 180,736 —-a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18203_none_64a57149ae1c4f9c\ieui.dll
    + 2009-01-16 04:55:51 6,070,784 —-a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22355_none_64faff0cc760adc9\ieframe.dll
    + 2009-01-16 04:55:51 180,736 —-a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22355_none_64faff0cc760adc9\ieui.dll
    + 2009-01-15 04:15:30 263,168 —-a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16809_none_e6bea0de9473aaed\ieinstal.exe
    + 2009-01-15 02:05:59 263,168 —-a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20996_none_e6e3ed7faddcfa2b\ieinstal.exe
    + 2009-01-15 04:15:30 301,568 —-a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16809_none_0b66d5fad6ee6a9f\ieuser.exe
    + 2009-01-15 02:06:01 301,568 —-a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20996_none_0b8c229bf057b9dd\ieuser.exe
    + 2009-01-09 23:21:31 2,410,800 —-a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16808_none_f0a9e19a6e4c873c\OESpamFilter.dat
    + 2009-01-08 23:21:51 2,410,800 —-a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20995_none_f0cf2e3b87b5d67a\OESpamFilter.dat
    + 2009-01-08 23:21:09 2,410,800 —-a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18202_none_f28a1e846b788023\OESpamFilter.dat
    + 2009-01-08 23:21:04 2,410,800 —-a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22353_none_f2deabfd84bdc4f9\OESpamFilter.dat
    .
    – Snapshot teruggezet naar huidige datum –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Acer Tour Reminder"="" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
    "PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 155648]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
    "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
    "ShStatEXE"="d:\programs\MCAffee\SHSTAT.EXE" [2006-11-30 112216]
    "McAfeeUpdaterUI"="d:\programs\Common Framework\UdaterUI.exe" [2006-11-17 136768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 154136]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

    c:\users\ria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - d:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-08-17 535336]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-03 91440]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=eNetHook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiSpywareOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{9506CF54-2C21-427B-9BD6-6A2F38305DB4}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
    "{A508CF61-5C0E-4DE3-971F-E991FF87FFFA}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
    "{6047DC5D-FC09-41DF-8CFA-E340F93E855D}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{E7D88DEA-DC26-42B1-9F42-2BB6199610CF}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{A2CB42B9-06E9-4E5F-9B48-8A527EAB161A}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia
    "{1C2F2824-488C-48ED-84C7-E1767587870A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{127B168B-A7B8-44B1-AF51-7DFEBBB3F178}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{CBE92B78-4E6F-4D58-BB97-469E337B6E99}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{80051E04-7AEA-4C7D-9167-CA5518AF623E}"= UDP:d:\programs\Common Framework\FrameworkService.exe:McAfee Framework Service
    "{A2BEF093-CFAE-43F8-B4DF-AD8DFFD7C0B5}"= TCP:d:\programs\Common Framework\FrameworkService.exe:McAfee Framework Service
    "TCP Query User{163E9BC2-5533-4F14-ACFF-DB31579E851F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{9D157561-B996-477B-A557-F8892FA7F559}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{D6BC432B-A048-4213-A5E3-D43A940F6CA2}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
    "UDP Query User{AFEEDBE8-457B-466D-9349-C128E14B8347}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
    "{DD45B9B4-EAA9-4401-AB9B-B421D1F2EFFA}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{4B554A5A-F418-435C-B7C5-33F5349D6490}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{BB5DECAF-D51C-46E2-9C65-0E8BE2721FE2}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{88D9D565-F938-46A7-9CE6-46843A081DE0}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "TCP Query User{7E31AECA-D1EF-45FF-851B-61AC4D444837}c:\\program files\\common files\\installshield\\engine\\6\\intel 32\\ikernel.exe"= UDP:c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe:InstallShield (R) Setup Engine
    "UDP Query User{D3FCA4EA-345F-4552-8613-5753F9DBD013}c:\\program files\\common files\\installshield\\engine\\6\\intel 32\\ikernel.exe"= TCP:c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe:InstallShield (R) Setup Engine

    R2 netflowanalyzer;ManageEngine NetFlow Analyzer 6;d:\programs\NetFlow\bin\wrapper.exe -s d:\programs\NetFlow\bin\\..\server\default\conf\wrapper.conf –> d:\programs\NetFlow\bin\wrapper.exe -s d:\programs\NetFlow\bin\\..\server\default\conf\wrapper.conf [?]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-10-23 212992]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-11 c:\windows\Tasks\RegCure Program Check.job
    - d:\program files\RegCure\RegCure.exe []

    2008-06-20 c:\windows\Tasks\RegCure.job
    - d:\program files\RegCure\RegCure.exe []
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://startpagina.nl/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://nl.intl.acer.yahoo.com
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-11 15:32:36
    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'Explorer.exe'(3872)
    c:\windows\system32\MsnChatHook.dll
    c:\windows\system32\ShowErrMsg.dll
    c:\windows\system32\sysenv.dll
    c:\windows\system32\BatchCrypto.dll
    c:\windows\system32\CryptoAPI.dll
    c:\windows\system32\keyManager.dll
    c:\acer\Empowering Technology\EPOWER\SysHook.dll
    .
    Voltooingstijd: 2009-02-11 15:35:56
    ComboFix-quarantined-files.txt 2009-02-11 14:35:49
    ComboFix2.txt 2009-02-09 20:01:22
    ComboFix3.txt 2009-02-09 17:29:39

    Pre-Run: 12,953,149,440 bytes beschikbaar
    Post-Run: 12,724,600,832 bytes beschikbaar

    305 — E O F — 2009-02-11 10:05:17
  • Geen probleem.

    Zijn er nog problemen?
  • Behalve dat t touchpad op deze Schlepptopp HEEELE rare dingen doet
    niets.
    Over dat touchpad ga ik nog wel eens een draadje posten wordt er kakeltureluurs van

    Als je daarin geintersesseerd bent : het gaat in hardware komen.
    Verder hele grote dank ( ook Namens de vrouw ) je hebt me een 3e herinstalatie hier bespaard

    Groet Anjo

    @ Mod Slotje aub
  • Graag gedaan,

    Doe nog even dit:

    ij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:f1c265ef43]ComboFix /U[/b:f1c265ef43] typen en op enter drukken!!)


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt
  • Op deze schlepptop Vista Home :evil: :evil:
    Gebruik hier dan ook IE
    Via Buro-ass.doorgelinkt naar systeembeveiliging en daar op "maken"geklikt

    Is dat ook Goed?

    ( Heb al hevige plannen om op dat ding XPpro te zetten , maar ik heb geen info over dat ding> spoorloos verdwenen.
    Weet niet eens hoe ik hier in de bios kom om te checken naar de bootsequence maar dat is OFFTOPIC :) :) )
  • Heuh

    had ik net een reply gepost viel opeens deze pagina weg :) 8)
    na 10 miin weer on-line
  • Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:a6e91ae200]ComboFix /U[/b:a6e91ae200] typen en op enter drukken!!)
  • Probleempje
    uitvoeren combofix/u geeft bestand niet gevonden.
    Via zoeken
    een heeeele hoop dingen maar geen progmap :o :o
  • update
    heb combofix op D:downloads staan en op de C:
    Verder een snelkoppeling op t buroblad

    beste opties??
    Kan de zaak oopk laten staan, prog geeft toch verder geen problemen?
  • Je moet Combofix /U doen
    Dus ComboFix en /u niet aan elkaar.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.