Vraag & Antwoord

Beveiliging & privacy

Internet Security suite

Anoniem
None
25 antwoorden
  • Bij openen van een Word-document op internet w.s. Malware binnengehaald.
    Malwarebytes infecties laten verwijderen; daarna controle scan –> schoon!
    Systeemherstel uitgeschakeld –> opnieuw opgestart en daarna weer ingeshakeld.
    HiJack log ziet er m.i. niet goed uit.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:25:55, on 1-12-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\Borland\vbroker\bin\oad.exe
    C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Desktop Sidebar\dsidebar.exe
    C:\Program Files\AutoSizer\AutoSizer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpnvandaag.nl/#/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25437
    F3 - REG:win.ini: load=?
    F3 - REG:win.ini: run=?
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 - Hosts: 74.125.45.100 urs.microsoft.com
    O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108826793839
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121815409610
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.biblioservice.net/msrdp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
    O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
    O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O24 - Desktop Component 0: (no name) - (no file)


    End of file - 6468 bytes

    Wat nog te doen?
  • Hallo Jos, doe eerst het volgende:

    sluit alle openstaande vensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:532a17f537]Fix checked[/b:532a17f537] klikt!


    Start nu HijackThis en klik op de knop [b:532a17f537]Do a Scan only,

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25437
    F3 - REG:win.ini: load=?
    F3 - REG:win.ini: run=?
    O24 - Desktop Component 0: (no name) - (no file)[/b:532a17f537]
    [list:532a17f537][*:532a17f537] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    [*:532a17f537] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:532a17f537]Fix
    checked[/b:532a17f537]
    [*:532a17f537] Klik hierna HijackThis op uit.[/list:u:532a17f537]
    [b:532a17f537] Start de computer na de fix opnieuw op[/b:532a17f537]


    Na heropstarten navigeer je naar [b:532a17f537]C:\WINDOWS\system32\drivers\etc[/b:532a17f537]
    en open je de hostfile.

    Verwijder nu alles wat onder [b:532a17f537]127.0.0.1.[/b:532a17f537] staat vermeld!
    Sla het opgeschoonde document weer op!


    [b:532a17f537]Herstart MBAM.[/b:532a17f537]
    [list:532a17f537][*:532a17f537] Klik eerst op de tab 'Update'.
    [*:532a17f537] Klik vervolgens op de knop 'Controleer op updates'.
    [*:532a17f537] Indien een nieuwe versie van MBAM wordt aangeboden - ga hiermee akkoord.
    [*:532a17f537] Nadat MBAM vernieuwd is eerst weer de updatecyclus opstarten.
    [*:532a17f537] Daarna kies je voor 'Snelle Scan'[/list:u:532a17f537]
    [list:532a17f537][*:532a17f537] Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:532a17f537] Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.
    [*:532a17f537] Zorg ervoor, dat alles aangevinkt is.
    [*:532a17f537] Vervolgens klik je op: 'Verwijder geselecteerde'.
    [*:532a17f537] Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.[/list:u:532a17f537]

    [list:532a17f537][*:532a17f537] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door op de tab 'Logs' te klikken in 'MBAM'.[/list:u:532a17f537]

    [list:532a17f537][*:532a17f537] Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:532a17f537] Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:532a17f537]
    [b:532a17f537]Hierna post je de inhoud van de volgende logs:[/b:532a17f537]
    [list:532a17f537][*:532a17f537] een nieuw Hijackthis-log
    [*:532a17f537] MBAM scanlog[/list:u:532a17f537]
    Tevens een Uninstall-lijst posten:
    [list:532a17f537][*:532a17f537] start HijackThis,
    [*:532a17f537] klik op de knop Open the Misc Tools section,
    [*:532a17f537] klik op de knop Open Uninstall Manager,
    [*:532a17f537] Klik op de knop Save.[/list:u:532a17f537]
  • Bovenstaande acties uitgevoerd; hieronder de nieuwe logbestanden:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:04:07, on 2-12-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpnvandaag.nl/#/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
    O4 - HKUS\S-1-5-21-2052111302-1343024091-62868275-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-2052111302-1343024091-62868275-500\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe" (User '?')
    O4 - HKUS\S-1-5-21-2052111302-1343024091-62868275-500\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108826793839
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121815409610
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.biblioservice.net/msrdp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
    O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
    O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O24 - Desktop Component 0: (no name) - (no file)


    End of file - 4645 bytes

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Databaseversie: 5233

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2-12-2010 17:09:50
    mbam-log-2010-12-02 (17-09-50).txt

    Scantype: Snelle scan
    Objecten gescand: 137295
    Verstreken tijd: 3 minuut/minuten, 44 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.1 - Nederlands
    AutoSizer
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
    Beveiligingsupdate voor Windows Media Encoder (KB979332)
    Beveiligingsupdate voor Windows Media Player (KB2378111)
    Beveiligingsupdate voor Windows Media Player (KB975558)
    Beveiligingsupdate voor Windows Media Player (KB978695)
    Beveiligingsupdate voor Windows XP (KB2079403)
    Beveiligingsupdate voor Windows XP (KB2121546)
    Beveiligingsupdate voor Windows XP (KB2160329)
    Beveiligingsupdate voor Windows XP (KB2229593)
    Beveiligingsupdate voor Windows XP (KB2259922)
    Beveiligingsupdate voor Windows XP (KB2279986)
    Beveiligingsupdate voor Windows XP (KB2286198)
    Beveiligingsupdate voor Windows XP (KB2296011)
    Beveiligingsupdate voor Windows XP (KB2347290)
    Beveiligingsupdate voor Windows XP (KB2360937)
    Beveiligingsupdate voor Windows XP (KB2387149)
    Borland Delphi 5
    CCleaner
    Desktop Sidebar
    Google Earth
    Google Earth Plug-in
    Google Update Helper
    Google Updater
    Hema Album Software Advanced
    HEMA Fotoservice
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix voor Windows Internet Explorer 7 (KB947864)
    Hotfix voor Windows XP (KB2158563)
    InterBase
    Java(TM) 6 Update 22
    Label-Lite 3.1.0
    Logitech iTouch-software
    Logitech MouseWare 9.79.1
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
    Microsoft .NET Framework 3.5 Language Pack SP1 - nld
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Premium
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    NVIDIA Drivers
    Picasa 3
    QuickTime
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
    Teletekstbrowser versie 3.3
    TomTom HOME 2.7.3.1894
    TomTom HOME Visual Studio Merge Modules
    Tweak UI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update voor Windows Internet Explorer 8 (KB968220)
    Update voor Windows Internet Explorer 8 (KB972636)
    Update voor Windows Internet Explorer 8 (KB973874)
    Update voor Windows Internet Explorer 8 (KB976662)
    Update voor Windows Internet Explorer 8 (KB976749)
    Update voor Windows Internet Explorer 8 (KB980182)
    Update voor Windows Internet Explorer 8 (KB982632)
    Update voor Windows XP (KB2141007)
    Update voor Windows XP (KB2345886)
    Windows Defender
    Windows Defender Signatures
    Windows Genuine Advantage v1.3.0254.0
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Language Pack 1.0
  • Hoi Jos, ik vraag mij iets af!

    Volgens het HijackThis-log zit Eset/Nod32 als antivirusprogramma in jouw Windows.
    Nochtans wordt dit programma niet in de softwarelijst weergegeven.

    Mijn vraag nu: is Eset/Nod32 legitiem, of heb je deze mideels een fix geactiveerd?
  • Eset/Nod32 legitiem aangeschaft en via de website van Eset gedownd en geinstalleerd.
    Wordt ook keurig voorzien van de laatste definities en werkt prima!!
    Zien de logs er verder goed uit?
  • Hoi Jos, de 024 regel had je verwijderd, maar die is weer terug!
    Verder is je log oké.

    Maar omdat die 024 regel terug is, graag het volgende doen:

    Download ComboFix van één van deze locaties:

    [b:9289cf4a5e]Bleepingcomputer[/b:9289cf4a5e]

    [b:9289cf4a5e]ForoSpyware[/b:9289cf4a5e]


  • Kan combofix.exe niet uitvoeren; er komt alleen een grijs scherm met in de linkerboven hoek een blauwe balk.
    Na opnieuw opstarten komt de melding:
    Kan "vierkantje" (=teken) niet vinden Internet Security Suite.
    Windows kan dit niet vinden en dient uit het register verwijdert te worden.
  • Vreemd.
    Had jij vooraf Eset/Nod32 gedeaktiveerd?
  • Ja, opstarten in veilige modus of werkt combofix dan niet?
  • Dat mag je inderdaad proberen.

    Maar eerst ComboFix opnieuw downloaden naar je bureaublad!
    Dus de oude eerst verwijderen.

    In het downloadvenster (IE gebruiken) verander je voor de download start
    de naam ComboFix in [b:af435d9d0f]Combo[/b:af435d9d0f] [b:af435d9d0f]Fix[/b:af435d9d0f].
  • Opgestart in Veilige Modus en Combofix zijn werk laten doen; hieronder het logbestand:

    ComboFix 10-12-02.05 - Administrator 03-12-2010 13:04:48.2.1 - FAT32x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.767.592 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    AV: Internet Security Suite *On-access scanning enabled* (Updated) {A4992DDB-8EFE-4B79-ACF3-96873C227120}
    FW: Internet Security Suite *enabled* {24320D35-AF63-4DD1-AEA3-2C2FA508E44D}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\3ba873
    c:\documents and settings\All Users\Application Data\3ba873\12.mof
    c:\documents and settings\All Users\Application Data\3ba873\3ba87340cccd3b03bac87c290366c17e.ocx
    c:\documents and settings\All Users\Application Data\3ba873\ISS.ico
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\_000007_.tmp.dll
    c:\windows\system32\_000008_.tmp.dll
    c:\windows\system32\_000021_.tmp.dll
    c:\windows\system32\_000022_.tmp.dll
    c:\windows\system32\_000023_.tmp.dll
    c:\windows\system32\_000024_.tmp.dll
    c:\windows\system32\midas.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-11-03 to 2010-12-03 ))))))))))))))))))))))))))))))
    .

    2010-12-03 12:02 . 2010-12-03 12:02 ——– d–h–r- c:\documents and settings\Administrator\Onlangs geopend
    2010-12-03 10:00 . 2010-11-10 04:33 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E4B27AFD-F79F-471B-90B6-967525B85E34}\mpengine.dll
    2010-12-02 16:58 . 2010-12-02 16:58 388096 —-a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-02 16:58 . 2010-12-02 16:58 ——– d—–w- c:\program files\Trend Micro
    2010-12-01 17:09 . 2010-12-01 17:09 ——– d-sh–w- c:\documents and settings\Administrator\Application Data\Internet Security Suite
    2010-12-01 17:09 . 2010-12-01 17:09 ——– d-sh–w- c:\documents and settings\All Users\Application Data\ISCWNLVS
    2010-11-12 18:46 . 2010-11-12 18:46 4280320 —-a-w- c:\windows\system32\GPhotos.scr
    2010-11-06 15:04 . 2010-11-06 15:04 ——– d—–w- c:\documents and settings\All Users\Application Data\TomTom
    2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\TomTom
    2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\documents and settings\Administrator\Application Data\TomTom
    2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\program files\TomTom International B.V
    2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\program files\TomTom HOME 2
    2010-11-06 15:01 . 2010-11-06 15:01 ——– d—–w- c:\program files\TomTom DesktopSuite
    2010-11-06 10:37 . 2010-11-06 10:37 103864 —-a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-29 16:42 . 2009-12-17 20:13 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 16:42 . 2009-12-17 20:13 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-10 04:33 . 2006-09-13 13:25 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2010-10-19 09:41 . 2009-10-03 10:00 222080 ——w- c:\windows\system32\MpSigStub.exe
    2010-10-15 17:28 . 2010-10-15 17:28 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2010-10-15 17:28 . 2010-09-25 16:43 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2010-10-14 08:05 . 2010-10-14 08:05 0 ——w- c:\windows\system32\SET4D3A.tmp
    2010-09-18 11:23 . 2001-09-07 11:00 974848 —-a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 07:53 . 2001-09-07 11:00 974848 —-a-w- c:\windows\system32\mfc42.dll
    2010-09-18 07:53 . 2001-09-07 11:00 954368 —-a-w- c:\windows\system32\mfc40.dll
    2010-09-18 07:53 . 2001-09-07 11:00 953856 —-a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 06:52 . 2010-10-14 07:19 916480 —-a-w- c:\windows\system32\SET4D35.tmp
    2010-09-10 06:52 . 2010-10-14 07:19 1210880 —-a-w- c:\windows\system32\SET4D36.tmp
    2010-09-10 06:52 . 2004-12-07 18:19 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-09-10 06:52 . 2005-02-26 09:26 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 06:52 . 2005-02-26 09:24 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2004-09-04 1126400]
    "AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2008-11-21 131072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^WinRescue.lnk]
    backup=c:\windows\pss\WinRescue.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Run Google Web Accelerator.lnk]
    backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    ? ????? ??¾ [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
    ? ????? ??¾ [?]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcchulp
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    c:\windows\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 22:07 932288 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 03:47 35760 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 18:02 15360 —-a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    2003-12-17 08:50 19968 ——w- c:\windows\LOGI_MWX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2005-11-11 12:47 1519616 —-a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2005-03-30 11:17 98304 —-a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 10:44 248552 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    2008-04-14 18:03 144384 —-a-w- c:\windows\system32\mobsync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-11-13 11:31 247144 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    2004-03-18 08:33 892928 —-a-w- c:\program files\Logitech\iTouch\iTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\System32\\mmc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 DiMaint;Eicon Maintenance-stuurprogramma;c:\windows\system32\drivers\disdn\dimaint.sys [18-2-2005 14:23 91305]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22-2-2009 19:33 64160]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
    S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 7:23 108792]
    S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 7:26 96408]
    S2 DiCapi;Eicon CAPI 2.0-stuurprogramma;c:\windows\system32\drivers\disdn\capi20.sys [18-2-2005 14:23 164923]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 7:24 735960]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1-6-2010 20:46 136176]
    S2 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [28-12-2007 14:13 1781248]
    S2 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [28-12-2007 14:13 193536]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
    S3 DiWan;Eicon-stuurprogramma voor DIVA PnP-kaarten;c:\windows\system32\drivers\disdn\Diwan.sys [18-2-2005 14:23 952007]
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-12-03 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

    2010-12-03 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 07:29]

    2010-12-03 c:\windows\Tasks\{A4261029-491F-408E-9B24-1CBDDA8068FA}_DESKTOP_Administrator.job
    - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

    2010-11-18 c:\windows\Tasks\{02AA7507-4030-4389-9A16-BF1773F7748B}_DESKTOP_Administrator.job
    - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

    2010-11-12 c:\windows\Tasks\{35C9FC60-5B53-429A-A682-980BF67FE179}_DESKTOP_Administrator.job
    - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

    2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 19:45]

    2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 19:45]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.kpnvandaag.nl/#/home
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    .
    .
    ——- Bestandsassociaties ——-
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS VERWIJDERD - - - -

    Toolbar-Locked - (no file)
    SafeBoot-Lavasoft Ad-Aware Service
    SafeBoot-svcWRSSSDK



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-03 13:10
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-2052111302-1343024091-62868275-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,9f,cc,5f,29,b5,eb,4f,8c,c2,bf,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\
    .
    Voltooingstijd: 2010-12-03 13:13:40
    ComboFix-quarantined-files.txt 2010-12-03 12:13

    Pre-Run: 9.308.798.976 bytes beschikbaar
    Post-Run: 9.321.086.976 bytes beschikbaar

    - - End Of File - - E896FCC74CC34720EA817D130290FC93
  • Hallo Jos, volgens ComboFix heb jij dus twee antivirusprogramma's!

    a) Eset/Nod32
    b) internet security suite

    Deze laatse heeft als lokatie: c:\documents and settings\administrator\application data\internet security suite


    Kan je eens kijken en info geven:

    hoe groot die map is en welke exe's jij erin kan vinden!
  • Er staat alleen een bestand instructions.ini met configuratie instellingen in van 2 kB.
    Er staan geen .exe bestanden in.
    In Program Files kan ik ook niets vinden!
    Ik heb Internet Security Suite nooit geinstalleerd.
    Wat mij betreft –> weggooien!!
    Accoord?
  • Inderdaad handmatig verwijderen!

    Vervolgens de prullenbak legen!

    Dan opnieuw je PC opstarten en dan ben ik benieuwd of ComboFix nu wel wil opstarten vanaf je normale bureaublad?
  • ComboFix opnieuw dedownd en vanaf bureaublad laten opstarten; hieronder het log:

    ComboFix 10-12-02.06 - Administrator 03-12-2010 19:54:51.3.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.767.327 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    AV: Internet Security Suite *On-access scanning enabled* (Updated) {A4992DDB-8EFE-4B79-ACF3-96873C227120}
    FW: Internet Security Suite *enabled* {24320D35-AF63-4DD1-AEA3-2C2FA508E44D}
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2010-11-03 to 2010-12-03 ))))))))))))))))))))))))))))))
    .

    2010-12-03 18:43 . 2010-12-03 18:43 ——– d–h–r- c:\documents and settings\Administrator\Onlangs geopend
    2010-12-03 15:39 . 2010-12-03 15:39 ——– d—–w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
    2010-12-03 14:43 . 2010-12-03 14:43 ——– d—–w- c:\program files\Common Files\Java
    2010-12-03 14:42 . 2010-12-03 14:42 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2010-12-03 10:00 . 2010-11-10 04:33 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E4B27AFD-F79F-471B-90B6-967525B85E34}\mpengine.dll
    2010-12-02 16:58 . 2010-12-02 16:58 388096 —-a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-02 16:58 . 2010-12-02 16:58 ——– d—–w- c:\program files\Trend Micro
    2010-12-01 17:09 . 2010-12-01 17:09 ——– d-sh–w- c:\documents and settings\All Users\Application Data\ISCWNLVS
    2010-11-12 18:46 . 2010-11-12 18:46 4280320 —-a-w- c:\windows\system32\GPhotos.scr
    2010-11-06 15:04 . 2010-11-06 15:04 ——– d—–w- c:\documents and settings\All Users\Application Data\TomTom
    2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\TomTom
    2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\documents and settings\Administrator\Application Data\TomTom
    2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\program files\TomTom International B.V
    2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\program files\TomTom HOME 2
    2010-11-06 10:37 . 2010-11-06 10:37 103864 —-a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-03 14:42 . 2010-09-25 16:43 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2010-11-29 16:42 . 2009-12-17 20:13 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 16:42 . 2009-12-17 20:13 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-10 04:33 . 2006-09-13 13:25 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2010-10-19 09:41 . 2009-10-03 10:00 222080 ——w- c:\windows\system32\MpSigStub.exe
    2010-10-14 08:05 . 2010-10-14 08:05 0 ——w- c:\windows\system32\SET4D3A.tmp
    2010-09-18 11:23 . 2001-09-07 11:00 974848 —-a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 07:53 . 2001-09-07 11:00 974848 —-a-w- c:\windows\system32\mfc42.dll
    2010-09-18 07:53 . 2001-09-07 11:00 954368 —-a-w- c:\windows\system32\mfc40.dll
    2010-09-18 07:53 . 2001-09-07 11:00 953856 —-a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 06:52 . 2010-10-14 07:19 916480 —-a-w- c:\windows\system32\SET4D35.tmp
    2010-09-10 06:52 . 2010-10-14 07:19 1210880 —-a-w- c:\windows\system32\SET4D36.tmp
    2010-09-10 06:52 . 2004-12-07 18:19 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-09-10 06:52 . 2005-02-26 09:26 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 06:52 . 2005-02-26 09:24 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-12-03_12.10.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-12-03 18:45 . 2010-12-03 18:45 16384 c:\windows\temp\Perflib_Perfdata_7a0.dat
    + 2010-12-03 14:42 . 2010-12-03 14:42 157472 c:\windows\system32\javaws.exe
    - 2010-10-15 17:28 . 2010-10-15 17:28 145184 c:\windows\system32\javaw.exe
    + 2010-12-03 14:42 . 2010-12-03 14:42 145184 c:\windows\system32\javaw.exe
    + 2010-12-03 14:42 . 2010-12-03 14:42 145184 c:\windows\system32\java.exe
    - 2010-10-15 17:28 . 2010-10-15 17:28 145184 c:\windows\system32\java.exe
    + 2010-12-03 14:43 . 2010-12-03 14:43 180224 c:\windows\Installer\4ffce.msi
    + 2010-12-03 14:42 . 2010-12-03 14:42 677376 c:\windows\Installer\4ffc8.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2004-09-04 1126400]
    "AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2008-11-21 131072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^WinRescue.lnk]
    backup=c:\windows\pss\WinRescue.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Run Google Web Accelerator.lnk]
    backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    ? ????? ??¾ [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
    ? ????? ??¾ [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    c:\windows\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 22:07 932288 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 03:47 35760 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 18:02 15360 —-a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    2003-12-17 08:50 19968 ——w- c:\windows\LOGI_MWX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2005-11-11 12:47 1519616 —-a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2005-03-30 11:17 98304 —-a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 10:44 248552 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    2008-04-14 18:03 144384 —-a-w- c:\windows\system32\mobsync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-11-13 11:31 247144 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    2004-03-18 08:33 892928 —-a-w- c:\program files\Logitech\iTouch\iTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\System32\\mmc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 DiMaint;Eicon Maintenance-stuurprogramma;c:\windows\system32\drivers\disdn\dimaint.sys [18-2-2005 14:23 91305]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22-2-2009 19:33 64160]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 7:23 108792]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 7:26 96408]
    R2 DiCapi;Eicon CAPI 2.0-stuurprogramma;c:\windows\system32\drivers\disdn\capi20.sys [18-2-2005 14:23 164923]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 7:24 735960]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
    R3 DiWan;Eicon-stuurprogramma voor DIVA PnP-kaarten;c:\windows\system32\drivers\disdn\Diwan.sys [18-2-2005 14:23 952007]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1-6-2010 20:46 136176]
    S2 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [28-12-2007 14:13 1781248]
    S2 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [28-12-2007 14:13 193536]
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-12-03 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

    2010-12-03 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 07:29]

    2010-12-03 c:\windows\Tasks\{A4261029-491F-408E-9B24-1CBDDA8068FA}_DESKTOP_Administrator.job
    - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

    2010-12-03 c:\windows\Tasks\{02AA7507-4030-4389-9A16-BF1773F7748B}_DESKTOP_Administrator.job
    - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

    2010-12-03 c:\windows\Tasks\{35C9FC60-5B53-429A-A682-980BF67FE179}_DESKTOP_Administrator.job
    - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

    2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 19:45]

    2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 19:45]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.kpnvandaag.nl/#/home
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    .
    .
    ——- Bestandsassociaties ——-
    .
    JSEFile=NOTEPAD.EXE %1
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-03 20:01
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-2052111302-1343024091-62868275-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,9f,cc,5f,29,b5,eb,4f,8c,c2,bf,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,ab,89,24,2c,b8,46,4d,b9,0b,fa,\
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'explorer.exe'(2532)
    c:\program files\AutoSizer\AutoSizer.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2010-12-03 20:08:27
    ComboFix-quarantined-files.txt 2010-12-03 19:08
    ComboFix2.txt 2010-12-03 12:13

    Pre-Run: 8.588.787.712 bytes beschikbaar
    Post-Run: 8.578.547.712 bytes beschikbaar

    - - End Of File - - 41068A1FA1586FE8F5A46CCEF877487E
  • Hoi Jos, open een nieuw kladblok bestand, via Start>Alle programma’s>Bureau-accessoires>Kladblok.


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:477f560be3]
  • Bovenstaande acties uitgevoerd; hieronder het logbestand:

    ComboFix 10-12-02.06 - Administrator 03-12-2010 21:11:44.4.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.767.418 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt
    AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    AV: Internet Security Suite *On-access scanning enabled* (Updated) {A4992DDB-8EFE-4B79-ACF3-96873C227120}
    FW: Internet Security Suite *enabled* {24320D35-AF63-4DD1-AEA3-2C2FA508E44D}

    FILE ::
    "c:\windows\system32\SET4D35.tmp"
    "c:\windows\system32\SET4D36.tmp"
    "c:\windows\system32\SET4D3A.tmp"
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\ISCWNLVS
    c:\documents and settings\All Users\Application Data\ISCWNLVS\ISAZMXBS.cfg
    c:\windows\system32\SET4D35.tmp
    c:\windows\system32\SET4D36.tmp
    c:\windows\system32\SET4D3A.tmp . . . . konden niet verwijderd worden

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-11-03 to 2010-12-03 ))))))))))))))))))))))))))))))
    .

    2010-12-03 19:19 . 2010-12-03 19:19 ——– d–h–r- c:\documents and settings\Administrator\Onlangs geopend
    2010-12-03 15:39 . 2010-12-03 15:39 ——– d—–w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
    2010-12-03 14:43 . 2010-12-03 14:43 ——– d—–w- c:\program files\Common Files\Java
    2010-12-03 14:42 . 2010-12-03 14:42 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2010-12-03 10:00 . 2010-11-10 04:33 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E4B27AFD-F79F-471B-90B6-967525B85E34}\mpengine.dll
    2010-12-02 16:58 . 2010-12-02 16:58 388096 —-a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-02 16:58 . 2010-12-02 16:58 ——– d—–w- c:\program files\Trend Micro
    2010-11-12 18:46 . 2010-11-12 18:46 4280320 —-a-w- c:\windows\system32\GPhotos.scr
    2010-11-06 15:04 . 2010-11-06 15:04 ——– d—–w- c:\documents and settings\All Users\Application Data\TomTom
    2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\documents and settings\Administrator\Local Settings\Application Data\TomTom
    2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\documents and settings\Administrator\Application Data\TomTom
    2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\program files\TomTom International B.V
    2010-11-06 15:03 . 2010-11-06 15:03 ——– d—–w- c:\program files\TomTom HOME 2
    2010-11-06 10:37 . 2010-11-06 10:37 103864 —-a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-03 14:42 . 2010-09-25 16:43 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2010-11-29 16:42 . 2009-12-17 20:13 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 16:42 . 2009-12-17 20:13 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-10 04:33 . 2006-09-13 13:25 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2010-10-19 09:41 . 2009-10-03 10:00 222080 ——w- c:\windows\system32\MpSigStub.exe
    2010-10-14 08:05 . 2010-10-14 08:05 0 ——w- c:\windows\system32\SET4D3A.tmp
    2010-09-18 11:23 . 2001-09-07 11:00 974848 —-a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 07:53 . 2001-09-07 11:00 974848 —-a-w- c:\windows\system32\mfc42.dll
    2010-09-18 07:53 . 2001-09-07 11:00 954368 —-a-w- c:\windows\system32\mfc40.dll
    2010-09-18 07:53 . 2001-09-07 11:00 953856 —-a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 06:52 . 2004-12-07 18:19 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-09-10 06:52 . 2005-02-26 09:26 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 06:52 . 2005-02-26 09:24 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-12-03_12.10.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-12-03 18:45 . 2010-12-03 18:45 16384 c:\windows\temp\Perflib_Perfdata_7a0.dat
    + 2010-12-03 20:26 . 2010-12-03 20:26 16384 c:\windows\temp\Perflib_Perfdata_3f0.dat
    + 2010-12-03 14:42 . 2010-12-03 14:42 157472 c:\windows\system32\javaws.exe
    - 2010-10-15 17:28 . 2010-10-15 17:28 145184 c:\windows\system32\javaw.exe
    + 2010-12-03 14:42 . 2010-12-03 14:42 145184 c:\windows\system32\javaw.exe
    - 2010-10-15 17:28 . 2010-10-15 17:28 145184 c:\windows\system32\java.exe
    + 2010-12-03 14:42 . 2010-12-03 14:42 145184 c:\windows\system32\java.exe
    + 2010-12-03 14:43 . 2010-12-03 14:43 180224 c:\windows\Installer\4ffce.msi
    + 2010-12-03 14:42 . 2010-12-03 14:42 677376 c:\windows\Installer\4ffc8.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2004-09-04 1126400]
    "AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2008-11-21 131072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^WinRescue.lnk]
    backup=c:\windows\pss\WinRescue.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Run Google Web Accelerator.lnk]
    backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    ? ????? ??¾ [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
    ? ????? ??¾ [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    c:\windows\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 22:07 932288 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 03:47 35760 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 18:02 15360 —-a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    2003-12-17 08:50 19968 ——w- c:\windows\LOGI_MWX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2005-11-11 12:47 1519616 —-a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2005-03-30 11:17 98304 —-a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 10:44 248552 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    2008-04-14 18:03 144384 —-a-w- c:\windows\system32\mobsync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-11-13 11:31 247144 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    2004-03-18 08:33 892928 —-a-w- c:\program files\Logitech\iTouch\iTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\System32\\mmc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 DiMaint;Eicon Maintenance-stuurprogramma;c:\windows\system32\drivers\disdn\dimaint.sys [18-2-2005 14:23 91305]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22-2-2009 19:33 64160]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 7:23 108792]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 7:26 96408]
    R2 DiCapi;Eicon CAPI 2.0-stuurprogramma;c:\windows\system32\drivers\disdn\capi20.sys [18-2-2005 14:23 164923]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 7:24 735960]
    R2 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [28-12-2007 14:13 1781248]
    R2 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [28-12-2007 14:13 193536]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
    R3 DiWan;Eicon-stuurprogramma voor DIVA PnP-kaarten;c:\windows\system32\drivers\disdn\Diwan.sys [18-2-2005 14:23 952007]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1-6-2010 20:46 136176]
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-12-03 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

    2010-12-03 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 07:29]

    2010-12-03 c:\windows\Tasks\{A4261029-491F-408E-9B24-1CBDDA8068FA}_DESKTOP_Administrator.job
    - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

    2010-12-03 c:\windows\Tasks\{02AA7507-4030-4389-9A16-BF1773F7748B}_DESKTOP_Administrator.job
    - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

    2010-12-03 c:\windows\Tasks\{35C9FC60-5B53-429A-A682-980BF67FE179}_DESKTOP_Administrator.job
    - c:\windows\system32\mobsync.exe [2001-09-07 18:03]

    2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 19:45]

    2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 19:45]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.kpnvandaag.nl/#/home
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    .

    **************************************************************************
  • Hoi Jos, sorry voor het late antwoord, maar ik kon dit forum niet bereiken de afgelopen dagen!


    Ik krijg het idee, dat het onderhand er goed begint uit te zien.


    Nu het volgende: [b:e0ae239a05]doe de ESET online scan (Klik).[/b:e0ae239a05]
    [list:e0ae239a05][*:e0ae239a05]Gebruik als webbrowser Internet Explorer
    [*:e0ae239a05] Scroll naar beneden en klik op de knop [b:e0ae239a05]Eset Online Scanner[/b:e0ae239a05]
    [*:e0ae239a05] Accepteer in het popupvenster de [b:e0ae239a05]Terms of use[/b:e0ae239a05]
    [*:e0ae239a05] Klik dan op de [b:e0ae239a05]Startknop[/b:e0ae239a05]
    [*:e0ae239a05] Klik op [b:e0ae239a05]OK[/b:e0ae239a05] om het Active-x bestand toe te staan
    [*:e0ae239a05] Klik dan op [b:e0ae239a05]installeren[/b:e0ae239a05]
    [*:e0ae239a05] Indien je meldingen krijgt van je eigen beveiligingssoftware, geef dan toestemming voor de Eset-applicatie
    [*:e0ae239a05] Vervolgens krijg je dan een popup [b:e0ae239a05]Computer Scan Settings[/b:e0ae239a05], haal het vinkje weg bij [b:e0ae239a05]Remove found threats[/b:e0ae239a05]
    [*:e0ae239a05] Klik vervolgens op [b:e0ae239a05]Start[/b:e0ae239a05]
    [*:e0ae239a05] Geeft jouw beveiligingssoftware weer meldingen - sta toe dat e Esetscan ongehinderd plaats vindt!
    [*:e0ae239a05] Nu wordt eerst de virussignature database gedownload, daarna begint automatisch de scan.
    [*:e0ae239a05] Indien de scan klaar is, dan klik je op de tab [b:e0ae239a05]Details[/b:e0ae239a05]
    [*:e0ae239a05] Is er niets aangetroffen, klik dan op [b:e0ae239a05]Finish[/b:e0ae239a05]
    [*:e0ae239a05] Start het logbestand, dan kopieer je de inhoud hiervan en post deze aansluitend.
    [*:e0ae239a05] Indien er geen log opent, is dit terug te vinden via [b:e0ae239a05]C:\Program Files\EsetOnlineScanner\[/b:e0ae239a05] en klik op [b:e0ae239a05]log.txt[/b:e0ae239a05][/list:u:e0ae239a05]

    [b:e0ae239a05]Bij gebruik van een andere browser dan IE of bij problemen download dan de installer (Klik)[/b:e0ae239a05]
    [list:e0ae239a05][*:e0ae239a05] Na download er op rechtermuisklikken > uitvoeren als admin
    [*:e0ae239a05] Daarna de stappen doen zoals hierboven omschreven[/list:u:e0ae239a05]

    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • Goedemorgen, ik ben op dit moment op mijn werk en zal vanavond de acties uitvoeren.
    Wordt dus vervolgd.
  • Eset Online scanner uitgevoerd; hieronder het log:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6415
    # api_version=3.0.2
    # EOSSerial=9b99b8c15f8f464ea8ef7c55cb7973cc
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-12-06 08:00:45
    # local_time=2010-12-06 09:00:45 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 357912 357912 0 0
    # compatibility_mode=6143 16777215 0 0 0 0 0 0
    # compatibility_mode=8199 39157157 100 100 4154 39013568 0 0
    # scanned=50518
    # found=0
    # cleaned=0
    # scan_time=2256
    # nod_component=V3 Build:0x30000000

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.