Hallo,
Ik krijg bij het opstarten van mijn PC de melding van windows dat er een bestand Rbot.gen is gevonden in win32. Wanneer ik mijn virusscanner (Avira) laat scannen vindt hij niets. Ik merk zelf niets van het virus, behalve dan dat ik die melding krijg bij het opstarten van mijn PC.
Omdat ik nog nooit een virus heb gehad, heb ik er ook niet zo veel verstand van hoe ik het eraf krijg, dus al iemand het wel weet hoor ik het graag !. Besturingssysteem: Windows 7 Home Premium. Virusscanner: Avira Anti-Vir Personal. Misschien heeft iemand er wat aan als ik er een logfile van Hijack this bij plaats:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 16:20:50, on 19-2-2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\vsnpstd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AltBinz\altbinz.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HKLM] C:\Windows\System32\spynet\server.exe
O4 - HKLM\..\Run: [WindowsNT Service] C:\Users\Tim\AppData\Roaming\WindowsNT Service.exe
O4 - HKLM\..\RunServices: [WindowsNT Service] C:\Users\Tim\AppData\Roaming\WindowsNT Service.exe
O4 - HKCU\..\Run: [HKCU] C:\Windows\System32\spynet\server.exe
O4 - HKCU\..\Run: [WindowsNT Service] C:\Users\Tim\AppData\Roaming\WindowsNT Service.exe
O4 - HKLM\..\Policies\Explorer\Run: [Critical Service Manager] C:\Program Files\Windows NT\csrss.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\spynet\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Critical Service Manager] C:\Program Files\Windows NT\csrss.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\spynet\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

–
End of file - 10204 bytes

Ik hoop dat iemand kan helpen. Alvast bedankt !

Download Superantispyware eens:

http://www.superantispyware.com/

MBAM is beter!

Bedankt voor de snelle reactie's.
Ik heb gescand met superantispyware. Hij vond alleen 5 cookies van Internet Explorer, en heeft deze dus verwijderd, maar hij heeft niets gevonden wat te maken heeft met Rbot.gen. Dus zal ik MBAM maar eens proberen.

Hallo Tim, ik weet niet of je MBAM al hebt laten scannen, maar post het log.

Doe ook het volgende: download [b:0ec5c1496b] naar je bureaublad.

- dds.scr dubbelklikken - wacht tot de scan klaar is.
- Na de scan worden twee tekstdocumnenten geopend - post het DDS-log!

Ik heb gescand met MBAM.
De Logfile:
Malwarebytes' Anti-Malware 1.44
Database versie: 3766
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20-2-2010 14:01:22
mbam-log-2010-02-20 (14-01-16).txt

Scan type: Volledige Scan (C:\|D:\|)
Objecten gescand: 363324
Verstreken tijd: 1 hour(s), 32 minute(s), 33 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 6
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 4

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{872273i2-l65w-75a5-16x5-5xxj70c8lobv} (Generic.Bot.H) -> No action taken.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\critical service manager (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\critical service manager (Trojan.Agent) -> No action taken.

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\Windows\System32\spynet\server.exe (Generic.Bot.H) -> No action taken.
C:\Users\Tim\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.


Het programma gaf de optie om deze bestanden/registersleutels die geinfecteerd waren met het virus te verwijderen. Dit heb ik gedaan. Ik moest mijn pc hiervoor opnieuw opstarten om dat sommige onderdelen alleen konden worden verwijderd wanneer de pc opnieuw werd opgestart. Na het opstarten kreeg ik verder geen bericht meer van MBAM, wel nog steeds van windows met het bericht dat er mogelijke schadelijke software gevonden was. Ik zal nu die andere scan laten draaien, ik plaats de log zodra hij klaar is!

EDIT: Blijkbaar duurt deze scan kort, dus hierbij ook de logfile van DDS:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Tim at 14:08:56,93 on za 20-02-2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.2047.1244 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\vsnpstd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tim\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.nl/
uDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [WindowsNT Service] c:\users\tim\appdata\roaming\WindowsNT Service.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WindowsNT Service] c:\users\tim\appdata\roaming\WindowsNT Service.exe
mRunServices: [WindowsNT Service] c:\users\tim\appdata\roaming\WindowsNT Service.exe
StartupFolder: c:\users\tim\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: LocalAccountTokenFilterPolicy = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: han.nl
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-27 11608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-27 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-27 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-27 56816]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-11-20 240232]
R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 311808]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-28 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2009-6-10 48128]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]

=============== Created Last 30 ================

2010-02-20 11:26:58 0 d—–w- c:\users\tim\appdata\roaming\Malwarebytes
2010-02-20 11:26:54 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-20 11:26:52 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-02-20 11:26:51 0 d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 15:43:40 0 d—–w- c:\programdata\SUPERAntiSpyware.com
2010-02-19 15:43:35 0 d—–w- c:\users\tim\appdata\roaming\SUPERAntiSpyware.com
2010-02-19 15:43:35 0 d—–w- c:\program files\SUPERAntiSpyware
2010-02-19 15:25:21 0 d—–w- c:\users\tim\appdata\roaming\GrabIt
2010-02-19 15:24:10 0 d—–w- c:\program files\GrabIt
2010-02-19 12:54:05 0 d—–w- c:\program files\TrendMicro
2010-02-18 10:15:51 23208 —-a-w- c:\windows\hpqins15.dat
2010-02-17 13:13:51 0 d—–w- c:\program files\FTDv3.8
2010-02-16 19:43:17 87608 —-a-w- c:\users\tim\appdata\roaming\inst.exe
2010-02-16 19:43:17 47360 —-a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-16 19:43:17 47360 —-a-w- c:\users\tim\appdata\roaming\pcouffin.sys
2010-02-16 19:43:02 0 d—–w- c:\program files\VSO
2010-02-16 18:51:40 69 —-a-w- c:\windows\NeroDigital.ini
2010-02-14 23:39:03 0 d—–w- c:\program files\PowerISO
2010-02-14 23:27:46 0 d—–w- c:\program files\VirtualCloneDrive
2010-02-14 23:09:19 175104 —-a-w- c:\users\tim\appdata\roaming\SQLite3.dll
2010-02-14 23:07:35 0 d—–w- c:\users\tim\Tracing
2010-02-14 21:21:54 0 d—–w- c:\program files\Nero
2010-02-14 21:21:25 0 d—–w- c:\programdata\Nero
2010-02-14 20:49:37 0 d—–w- c:\users\tim\appdata\roaming\Canneverbe Limited
2010-02-14 20:49:36 0 d—–w- c:\programdata\Canneverbe Limited
2010-02-14 11:55:33 0 d—–w- c:\users\tim\appdata\roaming\DAEMON Tools Pro
2010-02-14 11:55:33 0 d—–w- c:\programdata\DAEMON Tools Pro
2010-02-14 11:43:34 0 d—–w- c:\program files\Your Uninstaller 2010
2010-02-10 09:08:59 85504 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 09:08:59 85504 —-a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 09:08:59 324608 —-a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 09:08:59 320512 —-a-w- c:\windows\system32\RMActivate.exe
2010-02-10 09:08:59 280064 —-a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-10 09:08:59 277504 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-02 19:07:50 0 d—–w- c:\program files\iPod
2010-02-02 19:07:49 0 d—–w- c:\program files\iTunes
2010-01-29 00:17:05 0 d—–w- c:\program files\MSXML 4.0
2010-01-27 23:14:20 0 d—–w- c:\programdata\WEBREG
2010-01-27 23:10:35 1843 ——w- c:\windows\hpwmdl23.dat.temp
2010-01-27 22:59:19 0 d—–w- c:\program files\VDOWNLOADER
2010-01-27 22:59:19 0 d—–w- c:\program files\common files\eBay
2010-01-27 22:47:18 0 d—–w- c:\programdata\HP Product Assistant
2010-01-27 22:45:35 0 d—–w- c:\program files\common files\HP
2010-01-27 22:45:33 0 d—–w- c:\program files\common files\Hewlett-Packard
2010-01-27 22:45:19 0 d—–w- c:\windows\hpoj6500e709
2010-01-27 22:44:38 118272 —-a-w- c:\windows\system32\hpf3l082.dll
2010-01-27 22:44:31 0 d—–w- c:\program files\HP
2010-01-27 22:43:37 250099 —-a-w- c:\windows\hpwins23.dat
2010-01-27 22:43:37 1843 ——w- c:\windows\hpwmdl23.dat
2010-01-27 22:43:17 966656 —-a-w- c:\windows\system32\hpwtiop4.dll
2010-01-27 22:43:17 741376 —-a-w- c:\windows\system32\hpwwiax5.dll
2010-01-27 22:43:17 271704 —-a-w- c:\windows\system32\hpzids01.dll
2010-01-27 22:43:16 364544 —-a-w- c:\windows\system32\hppldcoi.dll
2010-01-27 22:43:16 294912 —-a-w- c:\windows\system32\hpovst11.dll
2010-01-27 22:27:49 0 d—–w- c:\program files\QuickPar
2010-01-27 22:18:12 0 d—–w- c:\programdata\HP
2010-01-27 21:30:30 0 d—–w- c:\programdata\Office Genuine Advantage
2010-01-27 11:01:01 331776 –sh–r- c:\users\tim\appdata\roaming\ServiceNT.exe
2010-01-27 11:01:01 285696 —-a-w- c:\windows\system32\winlogon.exe
2010-01-27 11:01:01 2614272 —-a-w- c:\windows\explorer.exe
2010-01-27 11:01:01 188416 –sh–r- c:\users\tim\appdata\roaming\WindowsNT Service.exe
2010-01-22 07:29:59 977920 —-a-w- c:\windows\system32\wininet.dll

==================== Find3M ====================

2010-02-20 12:20:24 691490 —-a-w- c:\windows\system32\perfh013.dat
2010-02-20 12:20:24 130026 —-a-w- c:\windows\system32\perfc013.dat
2010-02-16 19:03:59 142504 —ha-w- c:\windows\system32\mlfcache.dat
2010-01-18 23:29:31 365568 —-a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 —-a-w- c:\windows\system32\secproc.dll
2010-01-14 10:12:06 181120 ——w- c:\windows\system32\MpSigStub.exe
2010-01-08 03:18:02 221184 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17:36 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-23 14:57:11 248 —-a-w- c:\programdata\nvUnsupRes.dat
2009-12-19 09:02:52 12288 —-a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 —-a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 —-a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 —-a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 —-a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 —-a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 —-a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 —-a-w- c:\windows\system32\avifil32.dll
2009-12-10 18:31:10 1539104 —-a-w- c:\windows\system32\RtkPgExt.dll
2009-12-10 18:31:04 56864 —-a-w- c:\windows\system32\RtkCoInst.dll
2009-12-10 18:31:04 367136 —-a-w- c:\windows\system32\RtkApoApi.dll
2009-12-10 18:30:58 2796576 —-a-w- c:\windows\system32\RtkAPO.dll
2009-12-08 11:40:12 3955288 —-a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40:12 3899464 —-a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32:02 292864 —-a-w- c:\windows\system32\apphelp.dll
2009-12-04 17:26:12 297376 —-a-w- c:\windows\system32\FMAPO.dll
2009-12-04 14:43:54 132368 —-a-w- c:\windows\system32\MaxxAudioAPO.dll
2009-11-28 15:56:18 29480 —-a-w- c:\windows\system32\msxml3a.dll
2009-11-28 15:56:17 505128 —-a-w- c:\windows\system32\msvcp71.dll
2009-11-28 15:56:17 353576 —-a-w- c:\windows\system32\msvcr71.dll
2009-11-28 13:18:33 2853 —-a-w- c:\windows\system32\COMMAND.PIF
2009-11-24 16:40:20 838176 —-a-w- c:\windows\RtlExUpd.dll
2009-11-24 08:55:08 345328 —-a-w- c:\windows\system32\SRSTSXT.dll
2009-11-24 08:55:08 185584 —-a-w- c:\windows\system32\SRSTSHD.dll
2009-11-24 08:55:08 173296 —-a-w- c:\windows\system32\SRSHP360.dll
2009-11-24 08:55:08 140528 —-a-w- c:\windows\system32\SRSWOW.dll
2009-08-26 08:51:37 43068 —-a-w- c:\windows\inf\perflib\0413\perfd.dat
2009-08-26 08:51:37 43068 —-a-w- c:\windows\inf\perflib\0413\perfc.dat
2009-08-26 08:51:37 341322 —-a-w- c:\windows\inf\perflib\0413\perfi.dat
2009-08-26 08:51:37 341322 —-a-w- c:\windows\inf\perflib\0413\perfh.dat
2009-07-14 04:41:57 174 –sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 —-a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 —-a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 —-a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 —-a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 –sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:10:26,66 ===============

en is de melding weg?

Ik heb MBAM nog een keer laten scannen, en heeft kan nu niets meer vinden, echter als ik windows weer opnieuw opstart, geeft het onderhoudscentrum nog steeds de waarschuwing dat er schadelijke software gevonden is. Wanneer ik op deze melding klik en de opdracht geef om Rbot.gen te verwijderen doet hij dit. Hierna krijg ik geen melding meer, maar wanneer ik windows daarna weer opnieuw opstart komt deze melding weer tevoorschijn. Dus is het virus nu van mijn PC af of niet ?

Nee, het virus komt na herstart van je pc weer tevoorschijn.

Scan anders eens in de veilige modus.

Ik heb hem gescand in veilige modus, kon niets vinden. Weet jij of iemand anders nog een programma of tip ?

Probeer anders eens met Spybot Seach & Destroy?

http://www.safer-networking.org/nl/spybotsd/index.html

Ik heb spybot search en destroy geprobeert, deze vond alleen 6 cookies van internet explorer. Dus iemand nog een ander programma/tip graag !

Ok, start Internet Explorer en verwijder je cookies. Download daarna Kaspersky Online Scanner http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html en ga scannen.

Hallo Tim, je hebt ondertussen van een aantal mensen adviezen ter hand genomen!

Het hele vreemde van de melding over rbot.gen is, dat deze niet in één van de logs voorkomt - waarschijnlijk ook al verwijderd is!


Ergo -doe eerst het volgende (essentieel):
deïnstalleer Super Antispyware en Spybot Search and Destroy.
Je hebt nu MBAM - dus die andere tools heb je echt niet nodig!

Na deïnstallatie start je jouw PC opnieuw op en dan ga je het volgende doen:


[b:4f642c140e]Laat Combofix jouw Windows scannen[/b:4f642c140e] (klik).

[b:4f642c140e]Hoe Combofix goed te gebruiken[/b:4f642c140e] (klik)

[b:4f642c140e]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:

Hallo, hierbij de combo-fix log. Ik had de andere 2 programma's al verwijderd, en heb nu dus nog alleen mbam.

ComboFix 10-02-20.04 - Tim 21-02-2010 16:50:23.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.2047.1096 [GMT 1:00]
Gestart vanuit: c:\users\Tim\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp
c:\users\Tim\AppData\Roaming\inst.exe
c:\users\Tim\AppData\Roaming\ServiceNT.exe
c:\users\Tim\AppData\Roaming\SQLite3.dll
c:\users\Tim\AppData\Roaming\WindowsNT Service.exe
c:\windows\system32\command.pif

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-21 to 2010-02-21 ))))))))))))))))))))))))))))))
.

2010-02-21 15:57 . 2010-02-21 15:57 ——– d—–w- c:\users\Tim\AppData\Local\temp
2010-02-21 15:57 . 2010-02-21 15:57 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-02-21 13:48 . 2010-02-21 13:48 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{1B158E12-E145-E704-3CB6-3A64B875E5FA}-iexplore.exe
2010-02-21 13:37 . 2010-02-21 13:37 ——– d—–w- c:\users\Tim\AppData\Roaming\HPAppData
2010-02-21 10:09 . 2010-02-21 10:09 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{EB80568D-5416-292D-521C-298ADC5DF005}-iexplore.exe
2010-02-20 19:27 . 2010-02-20 19:27 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{7B5DF56B-7974-EB46-E01B-75D246384204}-iexplore.exe
2010-02-20 18:43 . 2010-02-20 18:43 ——– d—–w- c:\users\Tim\AppData\Roaming\NeroDigital(TM)
2010-02-20 18:00 . 2010-02-20 18:36 ——– d—–w- c:\programdata\Spybot - Search & Destroy
2010-02-20 17:02 . 2010-02-20 17:02 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{14804A7E-8144-BEE2-E51B-213DFFDEDCD6}-iexplore.exe
2010-02-20 15:25 . 2010-02-20 15:25 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{8875A5C6-7594-2750-848C-5B85C871F5A3}-iexplore.exe
2010-02-20 11:26 . 2010-02-20 11:26 ——– d—–w- c:\users\Tim\AppData\Roaming\Malwarebytes
2010-02-20 11:26 . 2010-01-07 15:07 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-20 11:26 . 2010-01-07 15:07 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-02-20 11:26 . 2010-02-20 11:26 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-02-20 10:47 . 2010-02-20 10:47 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{99A4332B-CE58-E2BF-3A58-B117060D403E}-iexplore.exe
2010-02-20 10:35 . 2010-02-21 13:59 ——– d—–w- c:\users\Tim\AppData\Local\Adobe
2010-02-19 15:43 . 2010-02-19 15:43 ——– d—–w- c:\programdata\SUPERAntiSpyware.com
2010-02-19 15:43 . 2010-02-19 16:29 ——– d—–w- c:\users\Tim\AppData\Roaming\SUPERAntiSpyware.com
2010-02-19 15:36 . 2010-02-20 19:04 ——– d—–w- c:\users\Tim\AppData\Local\Apple Computer
2010-02-19 15:25 . 2010-02-19 15:29 ——– d—–w- c:\users\Tim\AppData\Roaming\GrabIt
2010-02-19 15:22 . 2010-02-19 15:23 ——– d—–w- c:\users\Tim\AppData\Local\Alt.Binz
2010-02-19 12:54 . 2010-02-19 12:54 388096 —-a-r- c:\users\Tim\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-19 12:54 . 2010-02-19 12:54 ——– d—–w- c:\program files\TrendMicro
2010-02-19 12:41 . 2010-02-19 12:41 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{831629CF-3090-4928-3965-D29829C159E9}-iexplore.exe
2010-02-18 10:15 . 2010-02-18 10:16 23208 —-a-w- c:\windows\hpqins15.dat
2010-02-17 13:13 . 2010-02-17 13:15 ——– d—–w- c:\program files\FTDv3.8
2010-02-16 19:43 . 2010-02-16 19:54 47360 —-a-w- c:\users\Tim\AppData\Roaming\pcouffin.sys
2010-02-16 19:43 . 2010-02-16 19:43 47360 —-a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-16 19:43 . 2010-02-16 19:54 ——– d—–w- c:\users\Tim\AppData\Roaming\Vso
2010-02-14 23:39 . 2010-02-14 23:39 ——– d—–w- c:\program files\PowerISO
2010-02-14 23:07 . 2010-02-21 14:24 ——– d—–w- c:\users\Tim\Tracing
2010-02-14 21:26 . 2010-02-14 21:27 ——– d—–w- c:\users\Tim\AppData\Roaming\Nero
2010-02-14 21:21 . 2010-02-14 21:24 ——– d—–w- c:\program files\Nero
2010-02-14 21:21 . 2010-02-14 21:23 ——– d—–w- c:\programdata\Nero
2010-02-14 21:21 . 2010-02-14 21:24 ——– d—–w- c:\program files\Common Files\Nero
2010-02-14 20:49 . 2010-02-14 20:49 ——– d—–w- c:\users\Tim\AppData\Roaming\Canneverbe Limited
2010-02-14 20:49 . 2010-02-14 20:49 ——– d—–w- c:\programdata\Canneverbe Limited
2010-02-14 11:55 . 2010-02-14 12:01 ——– d—–w- c:\users\Tim\AppData\Roaming\DAEMON Tools Pro
2010-02-14 11:55 . 2010-02-14 12:00 ——– d—–w- c:\programdata\DAEMON Tools Pro
2010-02-14 11:43 . 2010-02-14 11:46 ——– d—–w- c:\program files\Your Uninstaller 2010
2010-02-14 10:54 . 2010-02-14 10:54 1955784 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{5339287C-37F4-9D0E-511B-937074C0162C}-FlashPlayerUpdate.exe
2010-02-10 09:08 . 2010-01-18 23:29 85504 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 09:08 . 2010-01-18 23:29 85504 —-a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 09:08 . 2010-01-18 23:28 324608 —-a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 09:08 . 2010-01-18 23:28 277504 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-10 09:08 . 2010-01-18 23:28 320512 —-a-w- c:\windows\system32\RMActivate.exe
2010-02-10 09:08 . 2010-01-18 23:28 280064 —-a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-09 10:47 . 2010-02-09 10:47 2326901 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{849AA657-ECD3-6F42-E659-0D9278C664E6}-aeheur.dll
2010-02-02 19:07 . 2010-02-02 19:07 ——– d—–w- c:\program files\iPod
2010-02-02 19:07 . 2010-02-02 19:08 ——– d—–w- c:\program files\iTunes
2010-02-02 19:05 . 2010-02-02 19:05 72488 —-a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-29 00:17 . 2010-01-29 00:17 ——– d—–w- c:\program files\MSXML 4.0
2010-01-27 23:25 . 2010-01-27 23:25 ——– d—–w- c:\users\Tim\AppData\Local\vdownloader
2010-01-27 22:43 . 2009-11-06 09:17 1843 ——w- c:\windows\hpwmdl23.dat
2010-01-27 22:43 . 2009-10-16 05:56 966656 —-a-w- c:\windows\system32\hpwtiop4.dll
2010-01-27 22:43 . 2009-10-16 05:56 741376 —-a-w- c:\windows\system32\hpwwiax5.dll
2010-01-27 22:43 . 2009-10-16 05:55 271704 —-a-w- c:\windows\system32\hpzids01.dll
2010-01-27 22:43 . 2009-10-16 05:56 364544 —-a-w- c:\windows\system32\hppldcoi.dll
2010-01-27 22:43 . 2009-10-16 05:56 294912 —-a-w- c:\windows\system32\hpovst11.dll
2010-01-27 22:29 . 2010-02-20 13:20 ——– d—–w- c:\users\Tim\AppData\Local\QuickPar
2010-01-27 22:27 . 2010-02-18 13:16 ——– d—–w- c:\program files\QuickPar
2010-01-27 22:18 . 2010-01-27 23:14 ——– d—–w- c:\programdata\HP
2010-01-27 21:30 . 2010-01-27 21:30 ——– d—–w- c:\programdata\Office Genuine Advantage
2010-01-27 11:01 . 2009-10-31 05:45 2614272 —-a-w- c:\windows\explorer.exe
2010-01-27 11:01 . 2009-10-28 06:17 285696 —-a-w- c:\windows\system32\winlogon.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 15:49 . 2009-11-28 14:21 ——– d—–w- c:\programdata\NVIDIA
2010-02-20 12:20 . 2009-08-26 08:52 691490 —-a-w- c:\windows\system32\perfh013.dat
2010-02-20 12:20 . 2009-08-26 08:52 130026 —-a-w- c:\windows\system32\perfc013.dat
2010-02-20 12:16 . 2009-11-27 22:08 ——– d—–w- c:\users\Tim\AppData\Roaming\uTorrent
2010-02-19 16:29 . 2009-11-27 15:58 ——– d—–w- c:\program files\Common Files\Wise Installation Wizard
2010-02-18 12:25 . 2010-01-27 22:59 ——– d—–w- c:\program files\Common Files\eBay
2010-02-16 19:03 . 2009-11-28 18:40 142504 —ha-w- c:\windows\system32\mlfcache.dat
2010-02-14 20:07 . 2009-12-02 18:48 ——– d—–w- c:\programdata\DVD Shrink
2010-02-14 12:13 . 2009-11-27 22:31 ——– d–h–w- c:\program files\InstallShield Installation Information
2010-02-14 12:11 . 2009-11-28 16:01 ——– d—–w- c:\programdata\CyberLink
2010-02-14 12:07 . 2009-11-27 23:05 ——– d—–w- c:\program files\Teach2000
2010-02-14 12:06 . 2009-11-28 15:57 53319 —-a-w- c:\programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-02-12 15:21 . 2009-11-28 15:37 319280 —-a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\uTorrent.exe
2010-02-10 10:39 . 2009-11-28 15:19 ——– d—–w- c:\programdata\Microsoft Help
2010-02-04 15:10 . 2009-11-27 23:02 ——– d—–w- c:\program files\Google
2010-02-02 19:07 . 2009-11-27 15:55 ——– d—–w- c:\program files\Common Files\Apple
2010-02-01 11:10 . 2009-11-27 22:17 ——– d—–w- c:\users\Tim\AppData\Roaming\LimeWire
2010-01-27 23:23 . 2010-01-27 23:13 ——– d—–w- c:\users\Tim\AppData\Roaming\HP
2010-01-27 23:14 . 2010-01-27 22:43 250099 —-a-w- c:\windows\hpwins23.dat
2010-01-27 23:14 . 2010-01-27 23:14 ——– d—–w- c:\programdata\WEBREG
2010-01-27 22:59 . 2010-01-27 22:59 ——– d—–w- c:\program files\VDOWNLOADER
2010-01-27 22:51 . 2009-11-27 15:19 110768 —-a-w- c:\users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-27 22:48 . 2010-01-27 22:44 ——– d—–w- c:\program files\HP
2010-01-27 22:47 . 2010-01-27 22:47 ——– d—–w- c:\programdata\HP Product Assistant
2010-01-27 22:45 . 2010-01-27 22:45 ——– d—–w- c:\program files\Common Files\HP
2010-01-27 22:45 . 2010-01-27 22:45 ——– d—–w- c:\program files\Common Files\Hewlett-Packard
2010-01-27 20:14 . 2009-11-27 15:43 ——– d—–w- c:\program files\Microsoft
2010-01-21 09:18 . 2009-11-27 15:44 ——– d—–w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 09:09 365568 —-a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 09:09 369152 —-a-w- c:\windows\system32\secproc.dll
2010-01-18 11:05 . 2009-12-23 15:35 ——– d—–w- c:\users\Tim\AppData\Roaming\BSplayer
2010-01-18 11:04 . 2009-12-23 15:35 ——– d—–w- c:\program files\BSplayer
2010-01-14 10:12 . 2009-11-27 15:20 181120 ——w- c:\windows\system32\MpSigStub.exe
2010-01-08 03:18 . 2010-02-10 09:09 221184 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 09:09 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-29 21:36 . 2009-12-01 16:16 ——– d—–w- c:\program files\LimeWire
2009-12-25 19:02 . 2009-11-27 15:41 923456 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-08 11:40 . 2010-02-10 09:09 3955288 —-a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40 . 2010-02-10 09:09 3899464 —-a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32 . 2010-02-10 09:09 292864 —-a-w- c:\windows\system32\apphelp.dll
2009-12-08 08:05 . 2010-02-10 09:09 310784 —-a-w- c:\windows\system32\drivers\srv.sys
2009-12-08 08:05 . 2010-02-10 09:09 113664 —-a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-07 17:42 . 2009-11-27 15:33 56816 —-a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 17:26 . 2009-12-23 16:59 297376 —-a-w- c:\windows\system32\FMAPO.dll
2009-12-04 14:43 . 2009-12-23 16:59 132368 —-a-w- c:\windows\system32\MaxxAudioAPO.dll
2009-12-01 18:02 . 2009-12-01 18:02 10134 —-a-r- c:\users\Tim\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-11-28 16:19 . 2009-11-28 16:20 53319 —-a-w- c:\programdata\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2009-11-28 15:56 . 2009-11-28 15:58 29480 —-a-w- c:\windows\system32\msxml3a.dll
2009-11-28 15:56 . 2009-11-28 15:58 505128 —-a-w- c:\windows\system32\msvcp71.dll
2009-11-28 15:56 . 2009-11-28 15:58 353576 —-a-w- c:\windows\system32\msvcr71.dll
2009-11-28 13:03 . 2009-11-28 13:03 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
2009-11-27 15:42 . 2009-11-27 15:42 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-11-24 16:40 . 2009-12-23 16:59 838176 —-a-w- c:\windows\RtlExUpd.dll
2009-11-24 08:55 . 2009-12-23 16:59 345328 —-a-w- c:\windows\system32\SRSTSXT.dll
2009-11-24 08:55 . 2009-12-23 16:59 185584 —-a-w- c:\windows\system32\SRSTSHD.dll
2009-11-24 08:55 . 2009-12-23 16:59 173296 —-a-w- c:\windows\system32\SRSHP360.dll
2009-11-24 08:55 . 2009-12-23 16:59 140528 —-a-w- c:\windows\system32\SRSWOW.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 –sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-10 8120864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-27 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"LocalAccountTokenFilterPolicy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 —-a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14-7-2009 0:52 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27-11-2009 16:33 108289]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [20-11-2009 19:17 240232]
R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;c:\windows\System32\drivers\RTL85n86.sys [10-6-2009 22:18 311808]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [28-9-2009 9:22 315392]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [28-11-2009 14:03 691696]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28-11-2009 0:02 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15-8-2008 5:46 284016]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [10-6-2009 22:18 48128]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\System32\drivers\WSDPrint.sys [14-7-2009 1:18 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 23:02]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 23:02]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.msn.nl/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: han.nl
.
- - - - ORPHANS VERWIJDERD - - - -

Toolbar-Locked - (no file)
HKCU-Run-WindowsNT Service - WindowsNT Service.exe
HKLM-Run-WindowsNT Service - WindowsNT Service.exe
AddRemove-SystemRequirementsLab - c:\program files\SystemRequirementsLab\Uninstall.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll


.
——————— VERGRENDELDE REGISTER SLEUTELS ———————

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-02-21 17:00:05
ComboFix-quarantined-files.txt 2010-02-21 16:00

Pre-Run: 58.529.566.720 bytes beschikbaar
Post-Run: 58.305.277.952 bytes beschikbaar

- - End Of File - - C4E185E50D3BA4167B3948D59B806F15

Hallo Tim - Superantispyware heb je ook gedeïnstalleerd?
Er is in ieder geval in C:\Program Files nog een map aanwezig!


Nu Combofix zijn werk gedaan heeft, krijg je nu nog steeds de melding?

Ik krijg nu niet meer de melding. Die map waar jij het over hebt is voor mij niet zichtbaar ?, Wel heb ik een paar mappen erbij gekregen in C:\. Kan ik deze verwijderen?

Maar bedankt voor het oplossen van mijn probleem, heel erg bedankt!

Die mappen behoren bij Combofix, die mag je verwijderen, ook wat op je bureaublad staat!

maar fijn, dat je weer normaal met je PC verder kan en dat graag gedaan.