Vraag & Antwoord

Beveiliging & privacy

Internet Security suite

Anoniem
None
25 antwoorden
 • Goedemorgen, ik ben op dit moment op mijn werk en zal vanavond de acties uitvoeren.
  Wordt dus vervolgd.
 • Bij openen van een Word-document op internet w.s. Malware binnengehaald.
  Malwarebytes infecties laten verwijderen; daarna controle scan –> schoon!
  Systeemherstel uitgeschakeld –> opnieuw opgestart en daarna weer ingeshakeld.
  HiJack log ziet er m.i. niet goed uit.

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 21:25:55, on 1-12-2010
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v8.00 (8.00.6001.18702)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\cisvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
  C:\Program Files\Java\jre6\bin\jqs.exe
  C:\PROGRA~1\Borland\vbroker\bin\oad.exe
  C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\dllhost.exe
  C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
  C:\WINDOWS\System32\vssvc.exe
  C:\WINDOWS\System32\wbem\wmiapsrv.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
  C:\WINDOWS\System32\dllhost.exe
  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Desktop Sidebar\dsidebar.exe
  C:\Program Files\AutoSizer\AutoSizer.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpnvandaag.nl/#/home
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25437
  F3 - REG:win.ini: load=?
  F3 - REG:win.ini: run=?
  O1 - Hosts: 74.125.45.100 4-open-davinci.com
  O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
  O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
  O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
  O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
  O1 - Hosts: 74.125.45.100 secure-plus-payments.com
  O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
  O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
  O1 - Hosts: 74.125.45.100 www.getavplusnow.com
  O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
  O1 - Hosts: 74.125.45.100 urs.microsoft.com
  O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
  O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
  O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
  O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
  O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
  O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108826793839
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121815409610
  O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.biblioservice.net/msrdp.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
  O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
  O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
  O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
  O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
  O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
  O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
  O24 - Desktop Component 0: (no name) - (no file)


  End of file - 6468 bytes

  Wat nog te doen?
 • Hoi Jos, sorry voor het late antwoord, maar ik kon dit forum niet bereiken de afgelopen dagen!


  Ik krijg het idee, dat het onderhand er goed begint uit te zien.


  Nu het volgende: [b:e0ae239a05]doe de ESET online scan (Klik).[/b:e0ae239a05]
  [list:e0ae239a05][*:e0ae239a05]Gebruik als webbrowser Internet Explorer
  [*:e0ae239a05] Scroll naar beneden en klik op de knop [b:e0ae239a05]Eset Online Scanner[/b:e0ae239a05]
  [*:e0ae239a05] Accepteer in het popupvenster de [b:e0ae239a05]Terms of use[/b:e0ae239a05]
  [*:e0ae239a05] Klik dan op de [b:e0ae239a05]Startknop[/b:e0ae239a05]
  [*:e0ae239a05] Klik op [b:e0ae239a05]OK[/b:e0ae239a05] om het Active-x bestand toe te staan
  [*:e0ae239a05] Klik dan op [b:e0ae239a05]installeren[/b:e0ae239a05]
  [*:e0ae239a05] Indien je meldingen krijgt van je eigen beveiligingssoftware, geef dan toestemming voor de Eset-applicatie
  [*:e0ae239a05] Vervolgens krijg je dan een popup [b:e0ae239a05]Computer Scan Settings[/b:e0ae239a05], haal het vinkje weg bij [b:e0ae239a05]Remove found threats[/b:e0ae239a05]
  [*:e0ae239a05] Klik vervolgens op [b:e0ae239a05]Start[/b:e0ae239a05]
  [*:e0ae239a05] Geeft jouw beveiligingssoftware weer meldingen - sta toe dat e Esetscan ongehinderd plaats vindt!
  [*:e0ae239a05] Nu wordt eerst de virussignature database gedownload, daarna begint automatisch de scan.
  [*:e0ae239a05] Indien de scan klaar is, dan klik je op de tab [b:e0ae239a05]Details[/b:e0ae239a05]
  [*:e0ae239a05] Is er niets aangetroffen, klik dan op [b:e0ae239a05]Finish[/b:e0ae239a05]
  [*:e0ae239a05] Start het logbestand, dan kopieer je de inhoud hiervan en post deze aansluitend.
  [*:e0ae239a05] Indien er geen log opent, is dit terug te vinden via [b:e0ae239a05]C:\Program Files\EsetOnlineScanner\[/b:e0ae239a05] en klik op [b:e0ae239a05]log.txt[/b:e0ae239a05][/list:u:e0ae239a05]

  [b:e0ae239a05]Bij gebruik van een andere browser dan IE of bij problemen download dan de installer (Klik)[/b:e0ae239a05]
  [list:e0ae239a05][*:e0ae239a05] Na download er op rechtermuisklikken > uitvoeren als admin
  [*:e0ae239a05] Daarna de stappen doen zoals hierboven omschreven[/list:u:e0ae239a05]

  N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
 • Hallo Jos, doe eerst het volgende:

  sluit alle openstaande vensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:532a17f537]Fix checked[/b:532a17f537] klikt!


  Start nu HijackThis en klik op de knop [b:532a17f537]Do a Scan only,

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25437
  F3 - REG:win.ini: load=?
  F3 - REG:win.ini: run=?
  O24 - Desktop Component 0: (no name) - (no file)[/b:532a17f537]
  [list:532a17f537][*:532a17f537] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
  [*:532a17f537] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:532a17f537]Fix
  checked[/b:532a17f537]
  [*:532a17f537] Klik hierna HijackThis op uit.[/list:u:532a17f537]
  [b:532a17f537] Start de computer na de fix opnieuw op[/b:532a17f537]


  Na heropstarten navigeer je naar [b:532a17f537]C:\WINDOWS\system32\drivers\etc[/b:532a17f537]
  en open je de hostfile.

  Verwijder nu alles wat onder [b:532a17f537]127.0.0.1.[/b:532a17f537] staat vermeld!
  Sla het opgeschoonde document weer op!


  [b:532a17f537]Herstart MBAM.[/b:532a17f537]
  [list:532a17f537][*:532a17f537] Klik eerst op de tab 'Update'.
  [*:532a17f537] Klik vervolgens op de knop 'Controleer op updates'.
  [*:532a17f537] Indien een nieuwe versie van MBAM wordt aangeboden - ga hiermee akkoord.
  [*:532a17f537] Nadat MBAM vernieuwd is eerst weer de updatecyclus opstarten.
  [*:532a17f537] Daarna kies je voor 'Snelle Scan'[/list:u:532a17f537]
  [list:532a17f537][*:532a17f537] Indien de scan voltooid is, klik dan op de knop 'OK'.
  [*:532a17f537] Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.
  [*:532a17f537] Zorg ervoor, dat alles aangevinkt is.
  [*:532a17f537] Vervolgens klik je op: 'Verwijder geselecteerde'.
  [*:532a17f537] Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.[/list:u:532a17f537]

  [list:532a17f537][*:532a17f537] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door op de tab 'Logs' te klikken in 'MBAM'.[/list:u:532a17f537]

  [list:532a17f537][*:532a17f537] Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
  [*:532a17f537] Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:532a17f537]
  [b:532a17f537]Hierna post je de inhoud van de volgende logs:[/b:532a17f537]
  [list:532a17f537][*:532a17f537] een nieuw Hijackthis-log
  [*:532a17f537] MBAM scanlog[/list:u:532a17f537]
  Tevens een Uninstall-lijst posten:
  [list:532a17f537][*:532a17f537] start HijackThis,
  [*:532a17f537] klik op de knop Open the Misc Tools section,
  [*:532a17f537] klik op de knop Open Uninstall Manager,
  [*:532a17f537] Klik op de knop Save.[/list:u:532a17f537]
 • Bovenstaande acties uitgevoerd; hieronder de nieuwe logbestanden:

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 17:04:07, on 2-12-2010
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v8.00 (8.00.6001.18702)
  Boot mode: Normal

  Running processes:
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpnvandaag.nl/#/home
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
  O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
  O4 - HKUS\S-1-5-21-2052111302-1343024091-62868275-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
  O4 - HKUS\S-1-5-21-2052111302-1343024091-62868275-500\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe" (User '?')
  O4 - HKUS\S-1-5-21-2052111302-1343024091-62868275-500\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" (User '?')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
  O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108826793839
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121815409610
  O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.biblioservice.net/msrdp.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
  O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
  O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
  O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
  O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
  O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
  O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
  O24 - Desktop Component 0: (no name) - (no file)


  End of file - 4645 bytes

  Malwarebytes' Anti-Malware 1.50
  www.malwarebytes.org

  Databaseversie: 5233

  Windows 5.1.2600 Service Pack 3
  Internet Explorer 8.0.6001.18702

  2-12-2010 17:09:50
  mbam-log-2010-12-02 (17-09-50).txt

  Scantype: Snelle scan
  Objecten gescand: 137295
  Verstreken tijd: 3 minuut/minuten, 44 seconde(n)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 0
  Registerwaarden geïnfecteerd: 0
  Registerdata geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 0

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Registersleutels geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Registerdata geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Mappen geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Bestanden geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Adobe Flash Player 10 ActiveX
  Adobe Reader 9.4.1 - Nederlands
  AutoSizer
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
  Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131)
  Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
  Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
  Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
  Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
  Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
  Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
  Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
  Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
  Beveiligingsupdate voor Windows Media Encoder (KB979332)
  Beveiligingsupdate voor Windows Media Player (KB2378111)
  Beveiligingsupdate voor Windows Media Player (KB975558)
  Beveiligingsupdate voor Windows Media Player (KB978695)
  Beveiligingsupdate voor Windows XP (KB2079403)
  Beveiligingsupdate voor Windows XP (KB2121546)
  Beveiligingsupdate voor Windows XP (KB2160329)
  Beveiligingsupdate voor Windows XP (KB2229593)
  Beveiligingsupdate voor Windows XP (KB2259922)
  Beveiligingsupdate voor Windows XP (KB2279986)
  Beveiligingsupdate voor Windows XP (KB2286198)
  Beveiligingsupdate voor Windows XP (KB2296011)
  Beveiligingsupdate voor Windows XP (KB2347290)
  Beveiligingsupdate voor Windows XP (KB2360937)
  Beveiligingsupdate voor Windows XP (KB2387149)
  Borland Delphi 5
  CCleaner
  Desktop Sidebar
  Google Earth
  Google Earth Plug-in
  Google Update Helper
  Google Updater
  Hema Album Software Advanced
  HEMA Fotoservice
  HijackThis 2.0.2
  Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
  Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
  Hotfix voor Windows Internet Explorer 7 (KB947864)
  Hotfix voor Windows XP (KB2158563)
  InterBase
  Java(TM) 6 Update 22
  Label-Lite 3.1.0
  Logitech iTouch-software
  Logitech MouseWare 9.79.1
  Malwarebytes' Anti-Malware
  Microsoft .NET Framework 2.0 Service Pack 2
  Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
  Microsoft .NET Framework 3.0 Service Pack 2
  Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
  Microsoft .NET Framework 3.5 Language Pack SP1 - nld
  Microsoft .NET Framework 3.5 SP1
  Microsoft .NET Framework 3.5 SP1
  Microsoft Compression Client Pack 1.0 for Windows XP
  Microsoft Internationalized Domain Names Mitigation APIs
  Microsoft National Language Support Downlevel APIs
  Microsoft Office 2000 SR-1 Premium
  Microsoft User-Mode Driver Framework Feature Pack 1.0
  MSXML 4.0 SP2 (KB927978)
  MSXML 4.0 SP2 (KB936181)
  MSXML 4.0 SP2 (KB954430)
  MSXML 4.0 SP2 (KB973688)
  MSXML4 Parser
  NVIDIA Drivers
  Picasa 3
  QuickTime
  Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
  Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
  Teletekstbrowser versie 3.3
  TomTom HOME 2.7.3.1894
  TomTom HOME Visual Studio Merge Modules
  Tweak UI
  Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
  Update voor Windows Internet Explorer 8 (KB968220)
  Update voor Windows Internet Explorer 8 (KB972636)
  Update voor Windows Internet Explorer 8 (KB973874)
  Update voor Windows Internet Explorer 8 (KB976662)
  Update voor Windows Internet Explorer 8 (KB976749)
  Update voor Windows Internet Explorer 8 (KB980182)
  Update voor Windows Internet Explorer 8 (KB982632)
  Update voor Windows XP (KB2141007)
  Update voor Windows XP (KB2345886)
  Windows Defender
  Windows Defender Signatures
  Windows Genuine Advantage v1.3.0254.0
  Windows Internet Explorer 8
  Windows Media Encoder 9 Series
  Windows Media Encoder 9 Series
  Windows Media Format 11 runtime
  Windows Media Format 11 runtime
  Windows Media Player 11
  Windows Media Player 11
  Windows XP Service Pack 3
  XML Paper Specification Shared Components Language Pack 1.0
 • Hoi Jos, ik vraag mij iets af!

  Volgens het HijackThis-log zit Eset/Nod32 als antivirusprogramma in jouw Windows.
  Nochtans wordt dit programma niet in de softwarelijst weergegeven.

  Mijn vraag nu: is Eset/Nod32 legitiem, of heb je deze mideels een fix geactiveerd?
 • Eset/Nod32 legitiem aangeschaft en via de website van Eset gedownd en geinstalleerd.
  Wordt ook keurig voorzien van de laatste definities en werkt prima!!
  Zien de logs er verder goed uit?
 • Hoi Jos, de 024 regel had je verwijderd, maar die is weer terug!
  Verder is je log oké.

  Maar omdat die 024 regel terug is, graag het volgende doen:

  Download ComboFix van één van deze locaties:

  [b:9289cf4a5e]Bleepingcomputer[/b:9289cf4a5e]

  [b:9289cf4a5e]ForoSpyware[/b:9289cf4a5e]


 • Kan combofix.exe niet uitvoeren; er komt alleen een grijs scherm met in de linkerboven hoek een blauwe balk.
  Na opnieuw opstarten komt de melding:
  Kan "vierkantje" (=teken) niet vinden Internet Security Suite.
  Windows kan dit niet vinden en dient uit het register verwijdert te worden.
 • Vreemd.
  Had jij vooraf Eset/Nod32 gedeaktiveerd?
 • Ja, opstarten in veilige modus of werkt combofix dan niet?
 • Dat mag je inderdaad proberen.

  Maar eerst ComboFix opnieuw downloaden naar je bureaublad!
  Dus de oude eerst verwijderen.

  In het downloadvenster (IE gebruiken) verander je voor de download start
  de naam ComboFix in [b:af435d9d0f]Combo[/b:af435d9d0f] [b:af435d9d0f]Fix[/b:af435d9d0f].
 • Opgestart in Veilige Modus en Combofix zijn werk laten doen; hieronder het logbestand:

  ComboFix 10-12-02.05 - Administrator 03-12-2010 13:04:48.2.1 - FAT32x86 MINIMAL
  Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.767.592 [GMT 1:00]
  Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
  AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
  AV: Internet Security Suite *On-access scanning enabled* (Updated) {A4992DDB-8EFE-4B79-ACF3-96873C227120}
  FW: Internet Security Suite *enabled* {24320D35-AF63-4DD1-AEA3-2C2FA508E44D}
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  c:\documents and settings\All Users\Application Data\3ba873
  c:\documents and settings\All Users\Application Data\3ba873\12.mof
  c:\documents and settings\All Users\Application Data\3ba873\3ba87340cccd3b03bac87c290366c17e.ocx
  c:\documents and settings\All Users\Application Data\3ba873\ISS.ico
  c:\windows\system32\_000006_.tmp.dll
  c:\windows\system32\_000007_.tmp.dll
  c:\windows\system32\_000008_.tmp.dll
  c:\windows\system32\_000021_.tmp.dll
  c:\windows\system32\_000022_.tmp.dll
  c:\windows\system32\_000023_.tmp.dll
  c:\windows\system32\_000024_.tmp.dll
  c:\windows\system32\midas.dll

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2010-11-03 to 2010-12-03 ))))))))))))))))))))))))))))))
  .

  2010-12-03 12:02 . 2010-12-03 12:02 ——– d–h–r- c:\documents and settings\Administrator\Onlangs geopend
  2010-12-03 10:00 . 2010-11-10 04:33 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E4B27AFD-F79F-471B-90B6-967525B85E34}\mpengine.dll
  2010-12-02 16:58 . 2010-12-02 16:58 388096 —-a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
  2010-12-02 16:58 . 2010-12-02 16:58 ——– d—–w- c:\program files\Trend Micro
  2010-12-01 17:09 . 2010-12-01 17:09 ——– d-sh–w- c:\documents and settings\Administrator\Application Data\Internet Security Suite
  2010-12-01 17:09 . 2010-12-01 17:09 ——– d-sh–w- c:\documents and settings\All Users\Application Data\ISCWNLVS
  2010-11-12 18:46 . 2010-11-12 18:46 4280320 —-a-w- c:\windows\system32\GPhotos.scr
  2010-11-06 15:04 . 2010-11-06 15:04 ——– d—–w- c:\documents and settings\All Users\Application Data\TomTom
  2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\TomTom
  2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\documents and settings\Administrator\Application Data\TomTom
  2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\program files\TomTom International B.V
  2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\program files\TomTom HOME 2
  2010-11-06 15:01 . 2010-11-06 15:01 ——– d—–w- c:\program files\TomTom DesktopSuite
  2010-11-06 10:37 . 2010-11-06 10:37 103864 —-a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2010-11-29 16:42 . 2009-12-17 20:13 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  2010-11-29 16:42 . 2009-12-17 20:13 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
  2010-11-10 04:33 . 2006-09-13 13:25 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
  2010-10-19 09:41 . 2009-10-03 10:00 222080 ——w- c:\windows\system32\MpSigStub.exe
  2010-10-15 17:28 . 2010-10-15 17:28 73728 —-a-w- c:\windows\system32\javacpl.cpl
  2010-10-15 17:28 . 2010-09-25 16:43 472808 —-a-w- c:\windows\system32\deployJava1.dll
  2010-10-14 08:05 . 2010-10-14 08:05 0 ——w- c:\windows\system32\SET4D3A.tmp
  2010-09-18 11:23 . 2001-09-07 11:00 974848 —-a-w- c:\windows\system32\mfc42u.dll
  2010-09-18 07:53 . 2001-09-07 11:00 974848 —-a-w- c:\windows\system32\mfc42.dll
  2010-09-18 07:53 . 2001-09-07 11:00 954368 —-a-w- c:\windows\system32\mfc40.dll
  2010-09-18 07:53 . 2001-09-07 11:00 953856 —-a-w- c:\windows\system32\mfc40u.dll
  2010-09-10 06:52 . 2010-10-14 07:19 916480 —-a-w- c:\windows\system32\SET4D35.tmp
  2010-09-10 06:52 . 2010-10-14 07:19 1210880 —-a-w- c:\windows\system32\SET4D36.tmp
  2010-09-10 06:52 . 2004-12-07 18:19 916480 —-a-w- c:\windows\system32\wininet.dll
  2010-09-10 06:52 . 2005-02-26 09:26 43520 —-a-w- c:\windows\system32\licmgr10.dll
  2010-09-10 06:52 . 2005-02-26 09:24 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2004-09-04 1126400]
  "AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2008-11-21 131072]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
  "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  BootExecute REG_MULTI_SZ autocheck

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
  @="Service"

  [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^WinRescue.lnk]
  backup=c:\windows\pss\WinRescue.lnkStartup

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
  backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
  backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Run Google Web Accelerator.lnk]
  backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
  ? ????? ??¾ [?]

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
  ? ????? ??¾ [?]
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcchulp
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
  c:\windows\system32\dumprep 0 -u [X]

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  2010-09-20 22:07 932288 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  2010-09-23 03:47 35760 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
  2008-04-14 18:02 15360 —-a-w- c:\windows\system32\ctfmon.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
  2003-12-17 08:50 19968 ——w- c:\windows\LOGI_MWX.EXE

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
  2005-11-11 12:47 1519616 —-a-w- c:\windows\system32\nwiz.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  2005-03-30 11:17 98304 —-a-w- c:\program files\QuickTime\qttask.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  2010-05-14 10:44 248552 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
  2008-04-14 18:03 144384 —-a-w- c:\windows\system32\mobsync.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
  2009-11-13 11:31 247144 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
  2004-03-18 08:33 892928 —-a-w- c:\program files\Logitech\iTouch\iTouch.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "c:\\WINDOWS\\system32\\sessmgr.exe"=
  "c:\\WINDOWS\\System32\\mmc.exe"=

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

  R0 DiMaint;Eicon Maintenance-stuurprogramma;c:\windows\system32\drivers\disdn\dimaint.sys [18-2-2005 14:23 91305]
  R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22-2-2009 19:33 64160]
  R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
  S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 7:23 108792]
  S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 7:26 96408]
  S2 DiCapi;Eicon CAPI 2.0-stuurprogramma;c:\windows\system32\drivers\disdn\capi20.sys [18-2-2005 14:23 164923]
  S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 7:24 735960]
  S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1-6-2010 20:46 136176]
  S2 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [28-12-2007 14:13 1781248]
  S2 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [28-12-2007 14:13 193536]
  S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
  S3 DiWan;Eicon-stuurprogramma voor DIVA PnP-kaarten;c:\windows\system32\drivers\disdn\Diwan.sys [18-2-2005 14:23 952007]
  .
  Inhoud van de 'Gedeelde Taken' map

  2010-12-03 c:\windows\Tasks\MP Scheduled Scan.job
  - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

  2010-12-03 c:\windows\Tasks\Google Software Updater.job
  - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 07:29]

  2010-12-03 c:\windows\Tasks\{A4261029-491F-408E-9B24-1CBDDA8068FA}_DESKTOP_Administrator.job
  - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

  2010-11-18 c:\windows\Tasks\{02AA7507-4030-4389-9A16-BF1773F7748B}_DESKTOP_Administrator.job
  - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

  2010-11-12 c:\windows\Tasks\{35C9FC60-5B53-429A-A682-980BF67FE179}_DESKTOP_Administrator.job
  - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

  2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 19:45]

  2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 19:45]
  .
  .
  ——- Bijkomende Scan ——-
  .
  uStart Page = hxxp://www.kpnvandaag.nl/#/home
  uSearchAssistant = hxxp://www.google.com/ie
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
  DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
  .
  .
  ——- Bestandsassociaties ——-
  .
  JSEFile=NOTEPAD.EXE %1
  .
  - - - - ORPHANS VERWIJDERD - - - -

  Toolbar-Locked - (no file)
  SafeBoot-Lavasoft Ad-Aware Service
  SafeBoot-svcWRSSSDK  **************************************************************************

  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2010-12-03 13:10
  Windows 5.1.2600 Service Pack 3 FAT NTAPI

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  ——————— VERGRENDELDE REGISTER SLEUTELS ———————

  [HKEY_USERS\S-1-5-21-2052111302-1343024091-62868275-500\Software\Microsoft\Internet Explorer\User Preferences]
  @Denied: (2) (Administrator)
  "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\
  "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,9f,cc,5f,29,b5,eb,4f,8c,c2,bf,\
  "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\

  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  @Denied: (A 2) (Everyone)
  @="FlashBroker"
  "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  "Enabled"=dword:00000001

  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  @Denied: (A 2) (Everyone)
  @="IFlashBroker4"

  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  @="{00020424-0000-0000-C000-000000000046}"

  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  "Version"="1.0"

  [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
  @Denied: (2) (Administrator)
  "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\
  "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\
  .
  Voltooingstijd: 2010-12-03 13:13:40
  ComboFix-quarantined-files.txt 2010-12-03 12:13

  Pre-Run: 9.308.798.976 bytes beschikbaar
  Post-Run: 9.321.086.976 bytes beschikbaar

  - - End Of File - - E896FCC74CC34720EA817D130290FC93
 • Hallo Jos, volgens ComboFix heb jij dus twee antivirusprogramma's!

  a) Eset/Nod32
  b) internet security suite

  Deze laatse heeft als lokatie: c:\documents and settings\administrator\application data\internet security suite


  Kan je eens kijken en info geven:

  hoe groot die map is en welke exe's jij erin kan vinden!
 • Er staat alleen een bestand instructions.ini met configuratie instellingen in van 2 kB.
  Er staan geen .exe bestanden in.
  In Program Files kan ik ook niets vinden!
  Ik heb Internet Security Suite nooit geinstalleerd.
  Wat mij betreft –> weggooien!!
  Accoord?
 • Inderdaad handmatig verwijderen!

  Vervolgens de prullenbak legen!

  Dan opnieuw je PC opstarten en dan ben ik benieuwd of ComboFix nu wel wil opstarten vanaf je normale bureaublad?
 • ComboFix opnieuw dedownd en vanaf bureaublad laten opstarten; hieronder het log:

  ComboFix 10-12-02.06 - Administrator 03-12-2010 19:54:51.3.1 - FAT32x86
  Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.767.327 [GMT 1:00]
  Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
  AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
  AV: Internet Security Suite *On-access scanning enabled* (Updated) {A4992DDB-8EFE-4B79-ACF3-96873C227120}
  FW: Internet Security Suite *enabled* {24320D35-AF63-4DD1-AEA3-2C2FA508E44D}
  .

  (((((((((((((((((((( Bestanden Gemaakt van 2010-11-03 to 2010-12-03 ))))))))))))))))))))))))))))))
  .

  2010-12-03 18:43 . 2010-12-03 18:43 ——– d–h–r- c:\documents and settings\Administrator\Onlangs geopend
  2010-12-03 15:39 . 2010-12-03 15:39 ——– d—–w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
  2010-12-03 14:43 . 2010-12-03 14:43 ——– d—–w- c:\program files\Common Files\Java
  2010-12-03 14:42 . 2010-12-03 14:42 73728 —-a-w- c:\windows\system32\javacpl.cpl
  2010-12-03 10:00 . 2010-11-10 04:33 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E4B27AFD-F79F-471B-90B6-967525B85E34}\mpengine.dll
  2010-12-02 16:58 . 2010-12-02 16:58 388096 —-a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
  2010-12-02 16:58 . 2010-12-02 16:58 ——– d—–w- c:\program files\Trend Micro
  2010-12-01 17:09 . 2010-12-01 17:09 ——– d-sh–w- c:\documents and settings\All Users\Application Data\ISCWNLVS
  2010-11-12 18:46 . 2010-11-12 18:46 4280320 —-a-w- c:\windows\system32\GPhotos.scr
  2010-11-06 15:04 . 2010-11-06 15:04 ——– d—–w- c:\documents and settings\All Users\Application Data\TomTom
  2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\TomTom
  2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\documents and settings\Administrator\Application Data\TomTom
  2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\program files\TomTom International B.V
  2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\program files\TomTom HOME 2
  2010-11-06 10:37 . 2010-11-06 10:37 103864 —-a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2010-12-03 14:42 . 2010-09-25 16:43 472808 —-a-w- c:\windows\system32\deployJava1.dll
  2010-11-29 16:42 . 2009-12-17 20:13 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  2010-11-29 16:42 . 2009-12-17 20:13 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
  2010-11-10 04:33 . 2006-09-13 13:25 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
  2010-10-19 09:41 . 2009-10-03 10:00 222080 ——w- c:\windows\system32\MpSigStub.exe
  2010-10-14 08:05 . 2010-10-14 08:05 0 ——w- c:\windows\system32\SET4D3A.tmp
  2010-09-18 11:23 . 2001-09-07 11:00 974848 —-a-w- c:\windows\system32\mfc42u.dll
  2010-09-18 07:53 . 2001-09-07 11:00 974848 —-a-w- c:\windows\system32\mfc42.dll
  2010-09-18 07:53 . 2001-09-07 11:00 954368 —-a-w- c:\windows\system32\mfc40.dll
  2010-09-18 07:53 . 2001-09-07 11:00 953856 —-a-w- c:\windows\system32\mfc40u.dll
  2010-09-10 06:52 . 2010-10-14 07:19 916480 —-a-w- c:\windows\system32\SET4D35.tmp
  2010-09-10 06:52 . 2010-10-14 07:19 1210880 —-a-w- c:\windows\system32\SET4D36.tmp
  2010-09-10 06:52 . 2004-12-07 18:19 916480 —-a-w- c:\windows\system32\wininet.dll
  2010-09-10 06:52 . 2005-02-26 09:26 43520 —-a-w- c:\windows\system32\licmgr10.dll
  2010-09-10 06:52 . 2005-02-26 09:24 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
  .

  ((((((((((((((((((((((((((((( SnapShot@2010-12-03_12.10.21 )))))))))))))))))))))))))))))))))))))))))
  .
  + 2010-12-03 18:45 . 2010-12-03 18:45 16384 c:\windows\temp\Perflib_Perfdata_7a0.dat
  + 2010-12-03 14:42 . 2010-12-03 14:42 157472 c:\windows\system32\javaws.exe
  - 2010-10-15 17:28 . 2010-10-15 17:28 145184 c:\windows\system32\javaw.exe
  + 2010-12-03 14:42 . 2010-12-03 14:42 145184 c:\windows\system32\javaw.exe
  + 2010-12-03 14:42 . 2010-12-03 14:42 145184 c:\windows\system32\java.exe
  - 2010-10-15 17:28 . 2010-10-15 17:28 145184 c:\windows\system32\java.exe
  + 2010-12-03 14:43 . 2010-12-03 14:43 180224 c:\windows\Installer\4ffce.msi
  + 2010-12-03 14:42 . 2010-12-03 14:42 677376 c:\windows\Installer\4ffc8.msi
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2004-09-04 1126400]
  "AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2008-11-21 131072]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
  "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
  "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  BootExecute REG_MULTI_SZ autocheck

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
  @="Service"

  [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^WinRescue.lnk]
  backup=c:\windows\pss\WinRescue.lnkStartup

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
  backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
  backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Run Google Web Accelerator.lnk]
  backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
  ? ????? ??¾ [?]

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
  ? ????? ??¾ [?]

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
  c:\windows\system32\dumprep 0 -u [X]

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  2010-09-20 22:07 932288 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  2010-09-23 03:47 35760 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
  2008-04-14 18:02 15360 —-a-w- c:\windows\system32\ctfmon.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
  2003-12-17 08:50 19968 ——w- c:\windows\LOGI_MWX.EXE

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
  2005-11-11 12:47 1519616 —-a-w- c:\windows\system32\nwiz.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  2005-03-30 11:17 98304 —-a-w- c:\program files\QuickTime\qttask.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  2010-05-14 10:44 248552 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
  2008-04-14 18:03 144384 —-a-w- c:\windows\system32\mobsync.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
  2009-11-13 11:31 247144 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
  2004-03-18 08:33 892928 —-a-w- c:\program files\Logitech\iTouch\iTouch.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "c:\\WINDOWS\\system32\\sessmgr.exe"=
  "c:\\WINDOWS\\System32\\mmc.exe"=

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

  R0 DiMaint;Eicon Maintenance-stuurprogramma;c:\windows\system32\drivers\disdn\dimaint.sys [18-2-2005 14:23 91305]
  R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22-2-2009 19:33 64160]
  R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 7:23 108792]
  R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 7:26 96408]
  R2 DiCapi;Eicon CAPI 2.0-stuurprogramma;c:\windows\system32\drivers\disdn\capi20.sys [18-2-2005 14:23 164923]
  R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 7:24 735960]
  R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
  R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
  R3 DiWan;Eicon-stuurprogramma voor DIVA PnP-kaarten;c:\windows\system32\drivers\disdn\Diwan.sys [18-2-2005 14:23 952007]
  S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1-6-2010 20:46 136176]
  S2 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [28-12-2007 14:13 1781248]
  S2 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [28-12-2007 14:13 193536]
  .
  Inhoud van de 'Gedeelde Taken' map

  2010-12-03 c:\windows\Tasks\MP Scheduled Scan.job
  - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

  2010-12-03 c:\windows\Tasks\Google Software Updater.job
  - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 07:29]

  2010-12-03 c:\windows\Tasks\{A4261029-491F-408E-9B24-1CBDDA8068FA}_DESKTOP_Administrator.job
  - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

  2010-12-03 c:\windows\Tasks\{02AA7507-4030-4389-9A16-BF1773F7748B}_DESKTOP_Administrator.job
  - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

  2010-12-03 c:\windows\Tasks\{35C9FC60-5B53-429A-A682-980BF67FE179}_DESKTOP_Administrator.job
  - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

  2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 19:45]

  2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 19:45]
  .
  .
  ——- Bijkomende Scan ——-
  .
  uStart Page = hxxp://www.kpnvandaag.nl/#/home
  uSearchAssistant = hxxp://www.google.com/ie
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
  DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
  .
  .
  ——- Bestandsassociaties ——-
  .
  JSEFile=NOTEPAD.EXE %1
  .

  **************************************************************************

  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2010-12-03 20:01
  Windows 5.1.2600 Service Pack 3 FAT NTAPI

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  ——————— VERGRENDELDE REGISTER SLEUTELS ———————

  [HKEY_USERS\S-1-5-21-2052111302-1343024091-62868275-500\Software\Microsoft\Internet Explorer\User Preferences]
  @Denied: (2) (Administrator)
  "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\
  "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,9f,cc,5f,29,b5,eb,4f,8c,c2,bf,\
  "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\

  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  @Denied: (A 2) (Everyone)
  @="FlashBroker"
  "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  "Enabled"=dword:00000001

  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  @Denied: (A 2) (Everyone)
  @="IFlashBroker4"

  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  @="{00020424-0000-0000-C000-000000000046}"

  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  "Version"="1.0"

  [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
  @Denied: (2) (Administrator)
  "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\
  "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\
  .
  ——————— DLLs Geladen Onder Lopende Processen ———————

  - - - - - - - > 'explorer.exe'(2532)
  c:\program files\AutoSizer\AutoSizer.dll
  c:\progra~1\WINDOW~3\wmpband.dll
  c:\windows\system32\webcheck.dll
  c:\windows\system32\WPDShServiceObj.dll
  c:\windows\system32\PortableDeviceTypes.dll
  c:\windows\system32\PortableDeviceApi.dll
  .
  Voltooingstijd: 2010-12-03 20:08:27
  ComboFix-quarantined-files.txt 2010-12-03 19:08
  ComboFix2.txt 2010-12-03 12:13

  Pre-Run: 8.588.787.712 bytes beschikbaar
  Post-Run: 8.578.547.712 bytes beschikbaar

  - - End Of File - - 41068A1FA1586FE8F5A46CCEF877487E
 • Hoi Jos, open een nieuw kladblok bestand, via Start>Alle programma’s>Bureau-accessoires>Kladblok.


  Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


  [b:477f560be3]
 • Bovenstaande acties uitgevoerd; hieronder het logbestand:

  ComboFix 10-12-02.06 - Administrator 03-12-2010 21:11:44.4.1 - FAT32x86
  Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.767.418 [GMT 1:00]
  Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
  gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt
  AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
  AV: Internet Security Suite *On-access scanning enabled* (Updated) {A4992DDB-8EFE-4B79-ACF3-96873C227120}
  FW: Internet Security Suite *enabled* {24320D35-AF63-4DD1-AEA3-2C2FA508E44D}

  FILE ::
  "c:\windows\system32\SET4D35.tmp"
  "c:\windows\system32\SET4D36.tmp"
  "c:\windows\system32\SET4D3A.tmp"
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  c:\documents and settings\All Users\Application Data\ISCWNLVS
  c:\documents and settings\All Users\Application Data\ISCWNLVS\ISAZMXBS.cfg
  c:\windows\system32\SET4D35.tmp
  c:\windows\system32\SET4D36.tmp
  c:\windows\system32\SET4D3A.tmp . . . . konden niet verwijderd worden

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2010-11-03 to 2010-12-03 ))))))))))))))))))))))))))))))
  .

  2010-12-03 19:19 . 2010-12-03 19:19 ——– d–h–r- c:\documents and settings\Administrator\Onlangs geopend
  2010-12-03 15:39 . 2010-12-03 15:39 ——– d—–w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
  2010-12-03 14:43 . 2010-12-03 14:43 ——– d—–w- c:\program files\Common Files\Java
  2010-12-03 14:42 . 2010-12-03 14:42 73728 —-a-w- c:\windows\system32\javacpl.cpl
  2010-12-03 10:00 . 2010-11-10 04:33 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E4B27AFD-F79F-471B-90B6-967525B85E34}\mpengine.dll
  2010-12-02 16:58 . 2010-12-02 16:58 388096 —-a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
  2010-12-02 16:58 . 2010-12-02 16:58 ——– d—–w- c:\program files\Trend Micro
  2010-11-12 18:46 . 2010-11-12 18:46 4280320 —-a-w- c:\windows\system32\GPhotos.scr
  2010-11-06 15:04 . 2010-11-06 15:04 ——– d—–w- c:\documents and settings\All Users\Application Data\TomTom
  2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\TomTom
  2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\documents and settings\Administrator\Application Data\TomTom
  2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\program files\TomTom International B.V
  2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\program files\TomTom HOME 2
  2010-11-06 10:37 . 2010-11-06 10:37 103864 —-a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2010-12-03 14:42 . 2010-09-25 16:43 472808 —-a-w- c:\windows\system32\deployJava1.dll
  2010-11-29 16:42 . 2009-12-17 20:13 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  2010-11-29 16:42 . 2009-12-17 20:13 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
  2010-11-10 04:33 . 2006-09-13 13:25 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
  2010-10-19 09:41 . 2009-10-03 10:00 222080 ——w- c:\windows\system32\MpSigStub.exe
  2010-10-14 08:05 . 2010-10-14 08:05 0 ——w- c:\windows\system32\SET4D3A.tmp
  2010-09-18 11:23 . 2001-09-07 11:00 974848 —-a-w- c:\windows\system32\mfc42u.dll
  2010-09-18 07:53 . 2001-09-07 11:00 974848 —-a-w- c:\windows\system32\mfc42.dll
  2010-09-18 07:53 . 2001-09-07 11:00 954368 —-a-w- c:\windows\system32\mfc40.dll
  2010-09-18 07:53 . 2001-09-07 11:00 953856 —-a-w- c:\windows\system32\mfc40u.dll
  2010-09-10 06:52 . 2004-12-07 18:19 916480 —-a-w- c:\windows\system32\wininet.dll
  2010-09-10 06:52 . 2005-02-26 09:26 43520 —-a-w- c:\windows\system32\licmgr10.dll
  2010-09-10 06:52 . 2005-02-26 09:24 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
  .

  ((((((((((((((((((((((((((((( SnapShot@2010-12-03_12.10.21 )))))))))))))))))))))))))))))))))))))))))
  .
  + 2010-12-03 18:45 . 2010-12-03 18:45 16384 c:\windows\temp\Perflib_Perfdata_7a0.dat
  + 2010-12-03 20:26 . 2010-12-03 20:26 16384 c:\windows\temp\Perflib_Perfdata_3f0.dat
  + 2010-12-03 14:42 . 2010-12-03 14:42 157472 c:\windows\system32\javaws.exe
  - 2010-10-15 17:28 . 2010-10-15 17:28 145184 c:\windows\system32\javaw.exe
  + 2010-12-03 14:42 . 2010-12-03 14:42 145184 c:\windows\system32\javaw.exe
  - 2010-10-15 17:28 . 2010-10-15 17:28 145184 c:\windows\system32\java.exe
  + 2010-12-03 14:42 . 2010-12-03 14:42 145184 c:\windows\system32\java.exe
  + 2010-12-03 14:43 . 2010-12-03 14:43 180224 c:\windows\Installer\4ffce.msi
  + 2010-12-03 14:42 . 2010-12-03 14:42 677376 c:\windows\Installer\4ffc8.msi
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2004-09-04 1126400]
  "AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2008-11-21 131072]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
  "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
  "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  BootExecute REG_MULTI_SZ autocheck

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
  @="Service"

  [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^WinRescue.lnk]
  backup=c:\windows\pss\WinRescue.lnkStartup

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
  backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
  backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Run Google Web Accelerator.lnk]
  backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
  ? ????? ??¾ [?]

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
  ? ????? ??¾ [?]

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
  c:\windows\system32\dumprep 0 -u [X]

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  2010-09-20 22:07 932288 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  2010-09-23 03:47 35760 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
  2008-04-14 18:02 15360 —-a-w- c:\windows\system32\ctfmon.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
  2003-12-17 08:50 19968 ——w- c:\windows\LOGI_MWX.EXE

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
  2005-11-11 12:47 1519616 —-a-w- c:\windows\system32\nwiz.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  2005-03-30 11:17 98304 —-a-w- c:\program files\QuickTime\qttask.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  2010-05-14 10:44 248552 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
  2008-04-14 18:03 144384 —-a-w- c:\windows\system32\mobsync.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
  2009-11-13 11:31 247144 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
  2004-03-18 08:33 892928 —-a-w- c:\program files\Logitech\iTouch\iTouch.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "c:\\WINDOWS\\system32\\sessmgr.exe"=
  "c:\\WINDOWS\\System32\\mmc.exe"=

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

  R0 DiMaint;Eicon Maintenance-stuurprogramma;c:\windows\system32\drivers\disdn\dimaint.sys [18-2-2005 14:23 91305]
  R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22-2-2009 19:33 64160]
  R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 7:23 108792]
  R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 7:26 96408]
  R2 DiCapi;Eicon CAPI 2.0-stuurprogramma;c:\windows\system32\drivers\disdn\capi20.sys [18-2-2005 14:23 164923]
  R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 7:24 735960]
  R2 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [28-12-2007 14:13 1781248]
  R2 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [28-12-2007 14:13 193536]
  R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
  R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
  R3 DiWan;Eicon-stuurprogramma voor DIVA PnP-kaarten;c:\windows\system32\drivers\disdn\Diwan.sys [18-2-2005 14:23 952007]
  S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1-6-2010 20:46 136176]
  .
  Inhoud van de 'Gedeelde Taken' map

  2010-12-03 c:\windows\Tasks\MP Scheduled Scan.job
  - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

  2010-12-03 c:\windows\Tasks\Google Software Updater.job
  - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 07:29]

  2010-12-03 c:\windows\Tasks\{A4261029-491F-408E-9B24-1CBDDA8068FA}_DESKTOP_Administrator.job
  - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

  2010-12-03 c:\windows\Tasks\{02AA7507-4030-4389-9A16-BF1773F7748B}_DESKTOP_Administrator.job
  - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

  2010-12-03 c:\windows\Tasks\{35C9FC60-5B53-429A-A682-980BF67FE179}_DESKTOP_Administrator.job
  - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

  2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 19:45]

  2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 19:45]
  .
  .
  ——- Bijkomende Scan ——-
  .
  uStart Page = hxxp://www.kpnvandaag.nl/#/home
  uSearchAssistant = hxxp://www.google.com/ie
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
  DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
  .

  **************************************************************************
 • Eset Online scanner uitgevoerd; hieronder het log:

  ESETSmartInstaller@High as CAB hook log:
  OnlineScanner.ocx - registred OK
  # version=7
  # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
  # OnlineScanner.ocx=1.0.0.6415
  # api_version=3.0.2
  # EOSSerial=9b99b8c15f8f464ea8ef7c55cb7973cc
  # end=finished
  # remove_checked=false
  # archives_checked=false
  # unwanted_checked=true
  # unsafe_checked=false
  # antistealth_checked=true
  # utc_time=2010-12-06 08:00:45
  # local_time=2010-12-06 09:00:45 (+0100, West-Europa (standaardtijd))
  # country="Netherlands"
  # lang=1033
  # osver=5.1.2600 NT Service Pack 3
  # compatibility_mode=512 16777215 100 0 357912 357912 0 0
  # compatibility_mode=6143 16777215 0 0 0 0 0 0
  # compatibility_mode=8199 39157157 100 100 4154 39013568 0 0
  # scanned=50518
  # found=0
  # cleaned=0
  # scan_time=2256
  # nod_component=V3 Build:0x30000000

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.