Vraag & Antwoord

Beveiliging & privacy

Taakbeheer start niet op

Anoniem
None
36 antwoorden
 • Zo te zien is het inderdaad een externe HD:

  [b:bdb42e9749]L:\Autorun.inf [/b:bdb42e9749]

  Dat autorun.inf-script zorgt ervoor, dat malware op een extern opslag medium, HD of USB-stick, automatisch in Windows wordt ge-ïnstalleerd!

  Overigens, ik las laatst iets over een open-source trein-simulator!
  Dus freeware.
 • Die mappen horen niet niet bij ComboFix - net zo min als map boot!

  Wat staat daar nu in?

  En ja, ook jou help ik graag hoor.
 • Hoi Abraham,

  Die geïnfecteerde USB sticks: kunnen dat ook externe HD's geweest zijn? Kan me niet herinneren dat ik ooit een USB stick aangesloten heb gehad.

  Ik zit volgens mij tot oktober aan Mcafee vast.

  Intussen heb ik wel Steam weer geïnstalleerd; anders kan ik nl. geen treintje meer rijden. :D

  Hoe kun je dat trouwens zien van die geïnfecteerde USB stick?

  Groeten
  Rob
 • Hoi Rob, ComboFix zal echt niet zo maar Steam zonder reden verwijderen!

  En verder zijn er geïnfecteerde USB-sticks met jouw PC verbonden geweest!


  En Steam kan je gewoon opnieuw installeren nietwaar?

  Hoe lang zit jij nog aan McAfee vast?
 • Via Ctrl-Alt-Delete kan ik Taakbeheer niet opstarten. Het start wel op als ik gewoon naar het bestande zelf blader.
  Hieronder een Hijackthis logfile. Kan een expert misschien eens een oordeel daarover vellen? Alvast bedankt.

  Logfile of Trend Micro HijackThis v2.0.4
  Scan saved at 11:02:02, on 15-4-2011
  Platform: Windows Vista SP2 (WinNT 6.00.1906)
  MSIE: Internet Explorer v8.00 (8.00.6001.19019)
  Boot mode: Normal

  Running processes:
  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
  C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
  C:\Program Files (x86)\Opera\opera.exe
  C:\Program Files (x86)\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  F2 - REG:system.ini: UserInit=userinit.exe
  O1 - Hosts: ::1 localhost
  O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
  O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110312231806.dll
  O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
  O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
  O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
  O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
  O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
  O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
  O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
  O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
  O23 - Service: 1% (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
  O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
  O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
  O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
  O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
  O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
  O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
  O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
  O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
  O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
  O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
  O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
  O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
  O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
  O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


  End of file - 8308 bytes
 • Hallo Rob, begin met het volgende:

  sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:4fe0eb08e0]Fix checked[/b:4fe0eb08e0] klikt!


  Start nu HijackThis middels rechtsklik met Administratorrechten en klik op de knop [b:4fe0eb08e0]Do a Scan only,

  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s[/b:4fe0eb08e0]
  • zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
  • vervolgens klik je daarna op de knop [b:4fe0eb08e0]Fix checked[/b:4fe0eb08e0]
  • Klik hierna HijackThis op uit.


  Daarna begin je met onderstaande:

  [b:4fe0eb08e0]Welk programma[/b:4fe0eb08e0]: Malwarebytes MBAM
  [b:4fe0eb08e0]Waarvoor/waarom[/b:4fe0eb08e0]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
  [b:4fe0eb08e0]Moeilijkheidsgraad[/b:4fe0eb08e0]: geen.

  [b:4fe0eb08e0]Download Malwarebytes MBAM via één van deze locaties[/b:4fe0eb08e0]:
  [list:4fe0eb08e0] [*:4fe0eb08e0][b:4fe0eb08e0]Download.com[/b:4fe0eb08e0]
  [*:4fe0eb08e0][b:4fe0eb08e0]Softpedia.com[/b:4fe0eb08e0][*:4fe0eb08e0][b:4fe0eb08e0]Majorgeeks.com[/b:4fe0eb08e0][/list:u:4fe0eb08e0]
  [b:4fe0eb08e0]Allereerst[/b:4fe0eb08e0]:[list:4fe0eb08e0][*:4fe0eb08e0] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
  [*:4fe0eb08e0] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:4fe0eb08e0]
  [b:4fe0eb08e0]Malwarebytes MBAM opstarten[/b:4fe0eb08e0]:
  Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
  Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

  [b:4fe0eb08e0]Scannen[/b:4fe0eb08e0]:
  [list:4fe0eb08e0][*:4fe0eb08e0] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
  [*:4fe0eb08e0]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
  [*:4fe0eb08e0]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:4fe0eb08e0]
  [b:4fe0eb08e0]Infecties gevonden[/b:4fe0eb08e0]:
  [list:4fe0eb08e0][*:4fe0eb08e0]Klik nu eerst op OK om de melding weg te klikken
  [*:4fe0eb08e0]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
  [*:4fe0eb08e0]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
  [*:4fe0eb08e0]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  [*:4fe0eb08e0]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
  [*:4fe0eb08e0]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:4fe0eb08e0]
  [b:4fe0eb08e0]MBAM-Log[/b:4fe0eb08e0]:
  [list:4fe0eb08e0][*:4fe0eb08e0] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:4fe0eb08e0]
  [b:4fe0eb08e0]Samenvattend: hierna post je de inhoud van de volgende logs:[/b:4fe0eb08e0]
  [list:4fe0eb08e0][*:4fe0eb08e0] een nieuw Hijackthis-log
  [*:4fe0eb08e0] MBAM scanlog[/list:u:4fe0eb08e0]
 • Hallo Abraham,

  bedankt voor je snelle reactie. Ik heb je suggesties uitgevoerd en hieronder de resultaten (MBAM vond trouwens geen bijzonderheden):


  Logfile of Trend Micro HijackThis v2.0.4
  Scan saved at 14:24:47, on 15-4-2011
  Platform: Windows Vista SP2 (WinNT 6.00.1906)
  MSIE: Internet Explorer v8.00 (8.00.6001.19019)
  Boot mode: Normal

  Running processes:
  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
  C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
  C:\Program Files (x86)\Opera\opera.exe
  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  C:\Program Files (x86)\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  F2 - REG:system.ini: UserInit=userinit.exe
  O1 - Hosts: ::1 localhost
  O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
  O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110312231806.dll
  O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
  O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
  O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
  O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
  O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
  O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
  O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
  O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
  O23 - Service: 1% (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
  O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
  O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
  O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
  O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
  O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
  O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
  O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
  O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
  O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
  O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
  O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
  O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
  O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
  O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
  O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


  End of file - 8252 bytes


  *************************************************************  Malwarebytes' Anti-Malware 1.50.1.1100
  www.malwarebytes.org

  Databaseversie: 6368

  Windows 6.0.6002 Service Pack 2
  Internet Explorer 8.0.6001.19019

  15-4-2011 14:31:04
  mbam-log-2011-04-15 (14-31-04).txt

  Scantype: Snelle scan
  Objecten gescand: 161882
  Verstreken tijd: 49 seconde(n)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 0
  Registerwaarden geïnfecteerd: 0
  Registerdata geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 0

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Registersleutels geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Registerdata geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Mappen geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Bestanden geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)
 • Hoi Rob, dan mag je nu het volgende doen:

  [b:12fccd01f0]Welk programma[/b:12fccd01f0]: Kaspersky [b:12fccd01f0]TDSSKiller[/b:12fccd01f0]
  [b:12fccd01f0]Waarvoor/waarom[/b:12fccd01f0]: Rootkitscanner
  [b:12fccd01f0]Moeilijkheidsgraad[/b:12fccd01f0]: geen
  [b:12fccd01f0]Downloadlokatie[/b:12fccd01f0]: Dit programma absoluut naar het bureaublad downloaden!
  [b:12fccd01f0]Download[/b:12fccd01f0] [b:12fccd01f0]TDSSKiller[/b:12fccd01f0] [b:12fccd01f0]hier[/b:12fccd01f0].

  [b:12fccd01f0]Installatie[/b:12fccd01f0]:
  [list:12fccd01f0][*:12fccd01f0] pak het bestand uit op je bureaublad.[/list:u:12fccd01f0]

  [b:12fccd01f0]TDSSKiller gebruiken[/b:12fccd01f0]:
  [list:12fccd01f0][*:12fccd01f0]Windows 2000 en Windows XP: start TDSSKiller middels dubbelklik op TDSSKiller.exe.
  [*:12fccd01f0]Windows Vista en Windows 7: start TDSSKiller middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:12fccd01f0]Als Administrator uitvoeren[/b:12fccd01f0].
  [*:12fccd01f0] Nadat de scan klaar is, vindt je het log in de C:\ partitie
  [*:12fccd01f0] Post de inhoud van dat log[/list:u:12fccd01f0]
 • Hallo Abraham,

  hierbij de log:

  2011/04/15 15:52:57.0130 4696 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
  2011/04/15 15:52:59.0140 4696 ================================================================================
  2011/04/15 15:52:59.0140 4696 SystemInfo:
  2011/04/15 15:52:59.0140 4696
  2011/04/15 15:52:59.0140 4696 OS Version: 6.0.6002 ServicePack: 2.0
  2011/04/15 15:52:59.0140 4696 Product type: Workstation
  2011/04/15 15:52:59.0140 4696 ComputerName: PC_MIJZELF
  2011/04/15 15:52:59.0175 4696 UserName: MIJZELF
  2011/04/15 15:52:59.0175 4696 Windows directory: C:\Windows
  2011/04/15 15:52:59.0175 4696 System windows directory: C:\Windows
  2011/04/15 15:52:59.0175 4696 Running under WOW64
  2011/04/15 15:52:59.0175 4696 Processor architecture: Intel x64
  2011/04/15 15:52:59.0175 4696 Number of processors: 4
  2011/04/15 15:52:59.0175 4696 Page size: 0x1000
  2011/04/15 15:52:59.0175 4696 Boot type: Normal boot
  2011/04/15 15:52:59.0175 4696 ================================================================================
  2011/04/15 15:52:59.0750 4696 Initialize success
  2011/04/15 15:53:01.0500 5156 ================================================================================
  2011/04/15 15:53:01.0500 5156 Scan started
  2011/04/15 15:53:01.0500 5156 Mode: Manual;
  2011/04/15 15:53:01.0500 5156 ================================================================================
  2011/04/15 15:53:02.0405 5156 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
  2011/04/15 15:53:02.0455 5156 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
  2011/04/15 15:53:02.0475 5156 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
  2011/04/15 15:53:02.0485 5156 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
  2011/04/15 15:53:02.0500 5156 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
  2011/04/15 15:53:02.0595 5156 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
  2011/04/15 15:53:02.0660 5156 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
  2011/04/15 15:53:02.0695 5156 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
  2011/04/15 15:53:02.0710 5156 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
  2011/04/15 15:53:02.0725 5156 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
  2011/04/15 15:53:02.0740 5156 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
  2011/04/15 15:53:02.0755 5156 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
  2011/04/15 15:53:02.0770 5156 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
  2011/04/15 15:53:02.0800 5156 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
  2011/04/15 15:53:02.0815 5156 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
  2011/04/15 15:53:02.0850 5156 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
  2011/04/15 15:53:02.0860 5156 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
  2011/04/15 15:53:02.0875 5156 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
  2011/04/15 15:53:02.0890 5156 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
  2011/04/15 15:53:02.0910 5156 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
  2011/04/15 15:53:02.0920 5156 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
  2011/04/15 15:53:02.0935 5156 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
  2011/04/15 15:53:02.0955 5156 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
  2011/04/15 15:53:02.0985 5156 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
  2011/04/15 15:53:03.0025 5156 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
  2011/04/15 15:53:03.0080 5156 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
  2011/04/15 15:53:03.0120 5156 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
  2011/04/15 15:53:03.0130 5156 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
  2011/04/15 15:53:03.0180 5156 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
  2011/04/15 15:53:03.0200 5156 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
  2011/04/15 15:53:03.0225 5156 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
  2011/04/15 15:53:03.0240 5156 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
  2011/04/15 15:53:03.0345 5156 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
  2011/04/15 15:53:03.0390 5156 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
  2011/04/15 15:53:03.0520 5156 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
  2011/04/15 15:53:03.0575 5156 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
  2011/04/15 15:53:03.0600 5156 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
  2011/04/15 15:53:03.0640 5156 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
  2011/04/15 15:53:03.0685 5156 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
  2011/04/15 15:53:03.0705 5156 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
  2011/04/15 15:53:03.0755 5156 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
  2011/04/15 15:53:03.0785 5156 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
  2011/04/15 15:53:03.0800 5156 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
  2011/04/15 15:53:03.0835 5156 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
  2011/04/15 15:53:03.0845 5156 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
  2011/04/15 15:53:03.0865 5156 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
  2011/04/15 15:53:03.0890 5156 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
  2011/04/15 15:53:03.0940 5156 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
  2011/04/15 15:53:03.0975 5156 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
  2011/04/15 15:53:04.0030 5156 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
  2011/04/15 15:53:04.0075 5156 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
  2011/04/15 15:53:04.0110 5156 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
  2011/04/15 15:53:04.0125 5156 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
  2011/04/15 15:53:04.0165 5156 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
  2011/04/15 15:53:04.0185 5156 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
  2011/04/15 15:53:04.0225 5156 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
  2011/04/15 15:53:04.0245 5156 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
  2011/04/15 15:53:04.0275 5156 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
  2011/04/15 15:53:04.0290 5156 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
  2011/04/15 15:53:04.0305 5156 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
  2011/04/15 15:53:04.0330 5156 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
  2011/04/15 15:53:04.0340 5156 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
  2011/04/15 15:53:04.0375 5156 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
  2011/04/15 15:53:04.0415 5156 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
  2011/04/15 15:53:04.0425 5156 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
  2011/04/15 15:53:04.0440 5156 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
  2011/04/15 15:53:04.0470 5156 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
  2011/04/15 15:53:04.0525 5156 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
  2011/04/15 15:53:04.0540 5156 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
  2011/04/15 15:53:04.0565 5156 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
  2011/04/15 15:53:04.0580 5156 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
  2011/04/15 15:53:04.0615 5156 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
  2011/04/15 15:53:04.0660 5156 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
  2011/04/15 15:53:04.0690 5156 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
  2011/04/15 15:53:04.0730 5156 L1E (4180e9d6e51516371afc369f7e8f6652) C:\Windows\system32\DRIVERS\L1E60x64.sys
  2011/04/15 15:53:04.0760 5156 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
  2011/04/15 15:53:04.0790 5156 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
  2011/04/15 15:53:04.0800 5156 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
  2011/04/15 15:53:04.0815 5156 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
  2011/04/15 15:53:04.0830 5156 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
  2011/04/15 15:53:04.0905 5156 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
  2011/04/15 15:53:04.0940 5156 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
  2011/04/15 15:53:04.0990 5156 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
  2011/04/15 15:53:05.0020 5156 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
  2011/04/15 15:53:05.0065 5156 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
  2011/04/15 15:53:05.0095 5156 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
  2011/04/15 15:53:05.0120 5156 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
  2011/04/15 15:53:05.0145 5156 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
  2011/04/15 15:53:05.0185 5156 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
  2011/04/15 15:53:05.0225 5156 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
  2011/04/15 15:53:05.0240 5156 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
  2011/04/15 15:53:05.0260 5156 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
  2011/04/15 15:53:05.0280 5156 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
  2011/04/15 15:53:05.0290 5156 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
  2011/04/15 15:53:05.0410 5156 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
  2011/04/15 15:53:05.0450 5156 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
  2011/04/15 15:53:05.0475 5156 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
  2011/04/15 15:53:05.0495 5156 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
  2011/04/15 15:53:05.0530 5156 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
  2011/04/15 15:53:05.0585 5156 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
  2011/04/15 15:53:05.0610 5156 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
  2011/04/15 15:53:05.0645 5156 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
  2011/04/15 15:53:05.0660 5156 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
  2011/04/15 15:53:05.0715 5156 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
  2011/04/15 15:53:05.0765 5156 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
  2011/04/15 15:53:05.0800 5156 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
  2011/04/15 15:53:05.0835 5156 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
  2011/04/15 15:53:05.0850 5156 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
  2011/04/15 15:53:05.0865 5156 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
  2011/04/15 15:53:06.0245 5156 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
  2011/04/15 15:53:06.0310 5156 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
  2011/04/15 15:53:06.0340 5156 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
  2011/04/15 15:53:06.0375 5156 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
  2011/04/15 15:53:06.0400 5156 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
  2011/04/15 15:53:06.0480 5156 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
  2011/04/15 15:53:06.0580 5156 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
  2011/04/15 15:53:06.0605 5156 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
  2011/04/15 15:53:06.0655 5156 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
  2011/04/15 15:53:06.0755 5156 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
  2011/04/15 15:53:06.0770 5156 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
  2011/04/15 15:53:06.0820 5156 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
  2011/04/15 15:53:06.0895 5156 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
  2011/04/15 15:53:06.0945 5156 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
  2011/04/15 15:53:06.0990 5156 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
  2011/04/15 15:53:07.0020 5156 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
  2011/04/15 15:53:07.0100 5156 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
  2011/04/15 15:53:07.0120 5156 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
  2011/04/15 15:53:07.0450 5156 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
  2011/04/15 15:53:07.0570 5156 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
  2011/04/15 15:53:07.0670 5156 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
  2011/04/15 15:53:07.0935 5156 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
  2011/04/15 15:53:08.0075 5156 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
  2011/04/15 15:53:08.0340 5156 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
  2011/04/15 15:53:08.0355 5156 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
  2011/04/15 15:53:08.0465 5156 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
  2011/04/15 15:53:08.0520 5156 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
  2011/04/15 15:53:08.0565 5156 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
  2011/04/15 15:53:08.0605 5156 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
  2011/04/15 15:53:08.0735 5156 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
  2011/04/15 15:53:08.0750 5156 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
  2011/04/15 15:53:08.0815 5156 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
  2011/04/15 15:53:08.0855 5156 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
  2011/04/15 15:53:08.0875 5156 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
  2011/04/15 15:53:08.0895 5156 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
  2011/04/15 15:53:08.0925 5156 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
  2011/04/15 15:53:08.0965 5156 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
  2011/04/15 15:53:08.0995 5156 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
  2011/04/15 15:53:09.0030 5156 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
  2011/04/15 15:53:09.0085 5156 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
  2011/04/15 15:53:09.0100 5156 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
  2011/04/15 15:53:09.0130 5156 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
  2011/04/15 15:53:09.0150 5156 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
  2011/04/15 15:53:09.0195 5156 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
  2011/04/15 15:53:09.0275 5156 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
  2011/04/15 15:53:09.0320 5156 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
  2011/04/15 15:53:09.0375 5156 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
  2011/04/15 15:53:09.0415 5156 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
  2011/04/15 15:53:09.0450 5156 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
  2011/04/15 15:53:09.0480 5156 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
  2011/04/15 15:53:09.0500 5156 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
  2011/04/15 15:53:09.0525 5156 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
  2011/04/15 15:53:09.0540 5156 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
  2011/04/15 15:53:09.0555 5156 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
  2011/04/15 15:53:09.0570 5156 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
  2011/04/15 15:53:09.0590 5156 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
  2011/04/15 15:53:09.0605 5156 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
  2011/04/15 15:53:09.0650 5156 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
  2011/04/15 15:53:09.0720 5156 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
  2011/04/15 15:53:09.0765 5156 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
  2011/04/15 15:53:09.0810 5156 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
  2011/04/15 15:53:09.0825 5156 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
  2011/04/15 15:53:09.0880 5156 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
  2011/04/15 15:53:09.0905 5156 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
  2011/04/15 15:53:09.0920 5156 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
  2011/04/15 15:53:09.0940 5156 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
  2011/04/15 15:53:10.0005 5156 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
  2011/04/15 15:53:10.0050 5156 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
  2011/04/15 15:53:10.0080 5156 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
  2011/04/15 15:53:10.0105 5156 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
  2011/04/15 15:53:10.0120 5156 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
  2011/04/15 15:53:10.0145 5156 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
  2011/04/15 15:53:10.0190 5156 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
  2011/04/15 15:53:10.0230 5156 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
  2011/04/15 15:53:10.0245 5156 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
  2011/04/15 15:53:10.0265 5156 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
  2011/04/15 15:53:10.0285 5156 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
  2011/04/15 15:53:10.0345 5156 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
  2011/04/15 15:53:10.0385 5156 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
  2011/04/15 15:53:10.0400 5156 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
  2011/04/15 15:53:10.0420 5156 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
  2011/04/15 15:53:10.0440 5156 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
  2011/04/15 15:53:10.0450 5156 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
  2011/04/15 15:53:10.0505 5156 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
  2011/04/15 15:53:10.0530 5156 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
  2011/04/15 15:53:10.0580 5156 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
  2011/04/15 15:53:10.0645 5156 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
  2011/04/15 15:53:10.0740 5156 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
  2011/04/15 15:53:10.0825 5156 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
  2011/04/15 15:53:10.0855 5156 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
  2011/04/15 15:53:10.0895 5156 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
  2011/04/15 15:53:10.0915 5156 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
  2011/04/15 15:53:10.0940 5156 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
  2011/04/15 15:53:10.0950 5156 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
  2011/04/15 15:53:10.0965 5156 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
  2011/04/15 15:53:10.0985 5156 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
  2011/04/15 15:53:11.0045 5156 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
  2011/04/15 15:53:11.0085 5156 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
  2011/04/15 15:53:11.0110 5156 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
  2011/04/15 15:53:11.0135 5156 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
  2011/04/15 15:53:11.0220 5156 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
  2011/04/15 15:53:11.0230 5156 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
  2011/04/15 15:53:11.0255 5156 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
  2011/04/15 15:53:11.0295 5156 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
  2011/04/15 15:53:11.0380 5156 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
  2011/04/15 15:53:11.0415 5156 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
  2011/04/15 15:53:11.0470 5156 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
  2011/04/15 15:53:11.0550 5156 ================================================================================
  2011/04/15 15:53:11.0550 5156 Scan finished
  2011/04/15 15:53:11.0550 5156 ================================================================================
  2011/04/15 15:53:16.0485 4632 Deinitialize success
 • Mooi - geen rootkit van TDSS-familie aanwezig!

  Dus gaan we naar de volgende stap:

  [b:3d823a659e]Welk programma[/b:3d823a659e]: ComboFix
  [b:3d823a659e]Waarvoor/waarom[/b:3d823a659e]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
  en zo mogelijk op te schonen.
  [b:3d823a659e]Moeilijkheidsgraad[/b:3d823a659e]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
  [b:3d823a659e]Downloadlokatie[/b:3d823a659e]: Dit programma absoluut naar het bureaublad downloaden!
  [b:3d823a659e]Download ComboFix via één van deze locaties[/b:3d823a659e]:
  [list:3d823a659e][*:3d823a659e][b:3d823a659e]Bleepingcomputer[/b:3d823a659e]
  [*:3d823a659e][b:3d823a659e]ForoSpyware[/b:3d823a659e]
  [*:3d823a659e][b:3d823a659e]Geekstogo[/b:3d823a659e][/list:u:3d823a659e]
  [b:3d823a659e]Hier[/b:3d823a659e] zie je hoe je ComboFix moet gebruiken.

  Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
  [b:3d823a659e]Hier[/b:3d823a659e] en [b:3d823a659e]hier[/b:3d823a659e] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

  [b:3d823a659e]Voor alle duidelijkheid nogmaals[/b:3d823a659e]: ComboFix dient vanaf het bureaublad gestart te worden.

  [b:3d823a659e]Opmerkingen[/b:3d823a659e]:
  [list:3d823a659e][*:3d823a659e] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
  [*:3d823a659e]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
  [*:3d823a659e]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:3d823a659e]
  [b:3d823a659e]ComboFix is opgestart[/b:3d823a659e]:
  [list:3d823a659e][*:3d823a659e]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
  [*:3d823a659e]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
  [*:3d823a659e]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
  [*:3d823a659e]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
  [*:3d823a659e]Post de inhoud van dit logbestand in je volgende bericht.
  [*:3d823a659e]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:3d823a659e]
  [b:3d823a659e]Belangrijke opmerking[/b:3d823a659e]:
  [list:3d823a659e][*:3d823a659e][b:3d823a659e]
 • Bedankt Abraham,

  maar misschien denk ik wel te eenvoudig: ik heb taskmgr.exe vanuit de SysWOW64 map gekopieerd naar de System32 map en nu kan ik Taakbeheer gewoon opstarten.

  Denk je dat hiermee het probleem opgelost is of zou er meer achter zitten?

  Groeten
  Rob
 • Laat ComboFix absuluut scannen, want dat er verder nog niks is gevonden zegt nog niks!

  Want Taskmgr.exe zit standaard zowel in Syswow64 alsook in System32!
 • Hierbij de log van Combofix. Helaas heeft Combofix wel het bestand Steam.exe verwijderd en laat ik dat nu ongeveer het meest gebruiken. Ik hoop niet dat het middel nu erger is dan de kwaal???

  ComboFix 11-04-14.03 - Mijzelf 15-04-2011 20:27:18.1.4 - x64
  Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.4094.2899 [GMT 2:00]
  Gestart vanuit: c:\users\Mijzelf\Desktop\ComboFix.exe
  AV: McAfee Antivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
  FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
  SP: McAfee Antivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
  SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  .
  .
  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  c:\program files (x86)\Steam\Steam.exe
  L:\Autorun.inf
  .
  .
  (((((((((((((((((((( Bestanden Gemaakt van 2011-03-15 to 2011-04-15 ))))))))))))))))))))))))))))))
  .
  .
  2011-04-15 18:35 . 2011-04-15 18:35 ——– d—–w- c:\users\Mijzelf\AppData\Local\temp
  2011-04-15 17:03 . 2008-01-21 02:50 163840 —-a-w- c:\windows\system32\taskmgr.exe
  2011-04-15 09:01 . 2011-04-15 09:01 388096 —-a-r- c:\users\Mijzelf\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
  2011-04-09 15:11 . 2011-04-09 15:11 ——– d—–w- c:\program files (x86)\Common Files\Wise Installation Wizard
  2011-04-03 13:45 . 2011-04-15 15:23 ——– d—–w- c:\users\Mijzelf\AppData\Local\Microsoft Games
  2011-04-03 11:46 . 2011-04-03 11:46 ——– d—–w- c:\users\Mijzelf\AppData\Roaming\Malwarebytes
  2011-04-03 11:46 . 2011-04-03 11:46 ——– d—–w- c:\programdata\Malwarebytes
  2011-04-03 11:46 . 2010-12-20 16:09 38224 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
  2011-04-03 11:46 . 2011-04-03 11:46 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
  2011-04-03 11:46 . 2010-12-20 16:08 24152 —-a-w- c:\windows\system32\drivers\mbam.sys
  2011-04-03 10:34 . 2011-04-03 10:34 ——– d—–w- C:\found.001
  2011-04-03 08:04 . 2011-04-03 08:04 ——– d—–w- C:\found.000
  2011-03-31 19:26 . 2011-03-31 19:26 ——– d—–w- c:\users\Mijzelf\AppData\Roaming\Open Rails
  2011-03-31 18:41 . 2009-03-16 12:18 69448 —-a-w- c:\windows\SysWow64\XAPOFX1_3.dll
  2011-03-31 18:41 . 2009-03-16 12:18 517448 —-a-w- c:\windows\SysWow64\XAudio2_4.dll
  2011-03-31 18:41 . 2009-03-16 12:18 235352 —-a-w- c:\windows\SysWow64\xactengine3_4.dll
  2011-03-31 18:41 . 2009-03-16 12:18 22360 —-a-w- c:\windows\SysWow64\X3DAudio1_6.dll
  2011-03-31 18:41 . 2007-04-04 16:53 81768 —-a-w- c:\windows\SysWow64\xinput1_3.dll
  2011-03-31 18:41 . 2007-03-12 14:42 3495784 —-a-w- c:\windows\SysWow64\d3dx9_33.dll
  2011-03-31 18:41 . 2006-09-28 14:05 2414360 —-a-w- c:\windows\SysWow64\d3dx9_31.dll
  2011-03-31 18:41 . 2011-03-31 18:41 ——– d—–w- c:\program files (x86)\Microsoft XNA
  2011-03-28 16:11 . 2011-03-28 16:11 ——– d—–w- c:\users\Mijzelf\AppData\Local\VS Revo Group
  2011-03-28 16:11 . 2009-12-30 09:21 31800 —-a-w- c:\windows\system32\drivers\revoflt.sys
  2011-03-28 16:11 . 2011-03-28 16:11 ——– d—–w- c:\program files\VS Revo Group
  2011-03-26 13:15 . 2011-03-26 13:15 ——– d—–w- c:\users\Mijzelf\.jordan
  2011-03-26 13:11 . 2011-03-26 13:11 ——– d—–w- c:\windows\Sun
  2011-03-19 21:03 . 2011-03-19 21:03 ——– d—–w- c:\users\Mijzelf\AppData\Local\GHISLER
  2011-03-19 09:31 . 2011-03-19 09:31 ——– d—–w- c:\program files\Windows Portable Devices
  2011-03-19 09:31 . 2011-03-19 09:31 ——– d—–w- c:\program files (x86)\Windows Portable Devices
  2011-03-19 09:09 . 2009-10-01 01:02 30208 —-a-w- c:\windows\SysWow64\WPDShextAutoplay.exe
  2011-03-19 09:08 . 2009-10-08 21:07 4096 —-a-w- c:\windows\SysWow64\oleaccrc.dll
  2011-03-19 09:08 . 2009-10-08 21:08 736256 —-a-w- c:\windows\system32\UIAutomationCore.dll
  2011-03-19 09:08 . 2009-10-08 21:08 555520 —-a-w- c:\windows\SysWow64\UIAutomationCore.dll
  2011-03-19 09:08 . 2009-10-08 21:08 234496 —-a-w- c:\windows\SysWow64\oleacc.dll
  2011-03-19 09:08 . 2009-10-08 21:07 315904 —-a-w- c:\windows\system32\oleacc.dll
  2011-03-19 09:08 . 2009-10-08 21:07 4096 —-a-w- c:\windows\system32\oleaccrc.dll
  2011-03-19 09:06 . 2009-09-10 02:00 92672 —-a-w- c:\windows\SysWow64\UIAnimation.dll
  2011-03-19 09:06 . 2009-09-10 02:05 103424 —-a-w- c:\windows\system32\UIAnimation.dll
  2011-03-19 09:06 . 2009-09-10 02:07 3815424 —-a-w- c:\windows\system32\UIRibbon.dll
  2011-03-19 09:06 . 2009-09-10 02:06 1164800 —-a-w- c:\windows\system32\UIRibbonRes.dll
  2011-03-19 09:06 . 2009-09-10 02:01 3023360 —-a-w- c:\windows\SysWow64\UIRibbon.dll
  2011-03-19 09:06 . 2009-09-10 02:00 1164800 —-a-w- c:\windows\SysWow64\UIRibbonRes.dll
  2011-03-19 09:04 . 2010-05-04 19:40 316928 —-a-w- c:\windows\system32\msshsq.dll
  2011-03-19 09:04 . 2010-05-04 19:13 231424 —-a-w- c:\windows\SysWow64\msshsq.dll
  2011-03-17 19:43 . 2011-03-19 11:16 ——– d–h–w- c:\program files (x86)\InstallShield Installation Information
  2011-03-17 19:42 . 2011-03-17 19:42 ——– d—–w- c:\users\Mijzelf\AppData\Roaming\InstallShield
  2011-03-17 19:41 . 2011-03-17 19:41 ——– d—–w- c:\programdata\Trymedia
  2011-03-17 18:57 . 2011-04-10 08:59 ——– d—–w- c:\program files (x86)\RW_Tools
  2011-03-17 13:52 . 2011-03-17 13:52 ——– d—–w- c:\program files (x86)\NVIDIA Corporation
  2011-03-17 13:45 . 2011-03-17 13:45 ——– d—–w- C:\NVIDIA
  .
  .
  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2011-03-11 19:41 . 2011-03-11 19:41 499712 —-a-w- c:\windows\SysWow64\msvcp71.dll
  2011-03-11 19:41 . 2011-03-11 19:41 348160 —-a-w- c:\windows\SysWow64\msvcr71.dll
  2011-03-11 19:37 . 2011-03-11 19:37 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
  2011-02-23 08:34 . 2011-03-09 19:08 7947600 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7B3F472-77BF-49B9-88A1-8FC3A96D8F71}\mpengine.dll
  2011-02-02 16:11 . 2011-03-09 19:08 270720 ——w- c:\windows\system32\MpSigStub.exe
  .
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4
  .
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1484856]
  "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
  "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-03-11 273544]
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  "EnableLUA"= 0 (0x0)
  "EnableUIADesktopToggle"= 0 (0x0)
  .
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
  @=""
  .
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
  @=""
  .
  R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
  R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
  S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
  S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
  S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
  S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
  S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
  S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
  S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
  S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
  S2 MOBKbackup;1%;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-13 231224]
  S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
  S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
  S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
  S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
  .
  .
  — Andere Services/Drivers In Geheugen —
  .
  *Deregistered* - mfeavfk01
  .
  .
  ——— x86-64 ———–
  .
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
  @="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
  [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
  2010-04-13 19:11 3816248 —-a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
  @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
  [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
  2010-04-13 19:11 3816248 —-a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
  @="{b4caf489-1eec-c617-49ad-8d7088598c06}"
  [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
  2010-04-13 19:11 3816248 —-a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "LoadAppInit_DLLs"=0x0
  .
  ——- Bijkomende Scan ——-
  .
  uLocal Page = c:\windows\system32\blank.htm
  mLocal Page = c:\windows\SysWOW64\blank.htm
  IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
  FF - ProfilePath - c:\users\Mijzelf\AppData\Roaming\Mozilla\Firefox\Profiles\1cz0hd18.default\
  FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
  FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
  FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
  FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
  FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
  FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
  .
  - - - - ORPHANS VERWIJDERD - - - -
  .
  Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\steam.exe
  WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
  AddRemove-Steam App 24010 - c:\program files (x86)\Steam\steam.exe
  .
  .
  .
  ——————— VERGRENDELDE REGISTER SLEUTELS ———————
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  @Denied: (A 2) (Everyone)
  @="FlashBroker"
  "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  "Enabled"=dword:00000001
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  @Denied: (A 2) (Everyone)
  @="Shockwave Flash Object"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
  "ThreadingModel"="Apartment"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  @="0"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  @="ShockwaveFlash.ShockwaveFlash.10"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  @="1.0"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  @="ShockwaveFlash.ShockwaveFlash"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  @Denied: (A 2) (Everyone)
  @="Macromedia Flash Factory Object"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
  "ThreadingModel"="Apartment"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  @="FlashFactory.FlashFactory.1"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  @="1.0"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  @="FlashFactory.FlashFactory"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  @Denied: (A 2) (Everyone)
  @="IFlashBroker4"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  @="{00020424-0000-0000-C000-000000000046}"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  "Version"="1.0"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
  @Denied: (A 2) (Everyone)
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
  @="Shockwave Flash"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
  @Denied: (A 2) (Everyone)
  @=""
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
  @="FlashBroker"
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
  "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
  "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
  .
  Voltooingstijd: 2011-04-15 20:38:25
  ComboFix-quarantined-files.txt 2011-04-15 18:38
  .
  Pre-Run: 149.592.285.184 bytes beschikbaar
  Post-Run: 149.680.062.464 bytes beschikbaar
  .
  - - End Of File - - 6078D208FE7B2495670BB34F6CCC2AFC
 • Nu je het zegt: L:\Autorun.inf zag ik ook verwijderd worden. Op dit moment heb ik een externe hd aangekoppeld staan.

  Die open source treinsim: is dat toevallig Open Rails? Daar zit (hoop ik) de toekomst in. Die is inderdaad gratis en kan overweg met de treinsimulator die ooit door Microsoft is uitgebracht.

  Maar om op het onderwerp terug te komen: nu weten we eigenlijk nog niet wat de boosdoener was aangezien ik handmatig taskmgr heb gekopieerd naar de System32 map.

  Zou ik dan van alle externe schijven het autorun bestand moeten verwijderen?
 • Hoeveel externe HD's heb jij dan?

  En ja - doe dat!

  En dan dit, laten we nog het volgende gaan doen:

  [b:b49d81fe20]Doe de ESET online scan (Klik).[/b:b49d81fe20]
  [list:b49d81fe20]
  [*:b49d81fe20]Klik op de knop [b:b49d81fe20]ESET Online Scanner[/b:b49d81fe20]
  [*:b49d81fe20]Zet een vinkje bij [b:b49d81fe20]YES, I accept the Terms of Use[/b:b49d81fe20]
  [*:b49d81fe20]Klik op [b:b49d81fe20]Start[/b:b49d81fe20]
  [*:b49d81fe20]Sta het ActiveX control toe om te installeren.
  [*:b49d81fe20]Klik op [b:b49d81fe20]"Advanced settings"[/b:b49d81fe20]
  [*:b49d81fe20]Zet een vinkje bij de volgende opties:
  [list:b49d81fe20][*:b49d81fe20][b:b49d81fe20]Remove found threats[/b:b49d81fe20]
  [*:b49d81fe20][b:b49d81fe20]Scan archives[/b:b49d81fe20]
  [*:b49d81fe20][b:b49d81fe20]Scan for potentially unwanted applications[/b:b49d81fe20]
  [*:b49d81fe20][b:b49d81fe20]Scan for potentially unsafe applications[/b:b49d81fe20]
  [*:b49d81fe20][b:b49d81fe20]Enable Anti-Stealth technology [/b:b49d81fe20][/list:u:b49d81fe20]
  [*:b49d81fe20]Klik op [b:b49d81fe20]Start[/b:b49d81fe20]
  [*:b49d81fe20]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
  [*:b49d81fe20]Je mag het venster sluiten wanneer de scan klaar is.
  [*:b49d81fe20]Gebruik [b:b49d81fe20]Kladblok[/b:b49d81fe20] om het logje te openen. Dit logje vind je in de lokatie C:\Program Files\EsetOnlineScanner\[b:b49d81fe20]log.txt[/b:b49d81fe20]
  [*:b49d81fe20]Kopieer en plak de inhoud van dit logje in je volgende bericht.[/list:u:b49d81fe20]
  N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
 • [quote:b46b9c3eac="Abraham54"]Hoeveel externe HD's heb jij dan?

  [/quote:b46b9c3eac]

  4 stuks.

  De log van de ESET online scan volgt straks. Heeft al wel wat gevonden, trouwens: a variant of Win32/Adware.ADON application.
 • De log van ESET:

  ESETSmartInstaller@High as downloader log:
  all ok
  # version=7
  # OnlineScannerApp.exe=1.0.0.1
  # OnlineScanner.ocx=1.0.0.6427
  # api_version=3.0.2
  # EOSSerial=1686fbc4e9ff1c4796cf01072a125fee
  # end=stopped
  # remove_checked=true
  # archives_checked=true
  # unwanted_checked=true
  # unsafe_checked=true
  # antistealth_checked=true
  # utc_time=2011-04-15 10:09:35
  # local_time=2011-04-16 12:09:35 (+0100, West-Europa (zomertijd))
  # country="Netherlands"
  # lang=1033
  # osver=6.0.6002 NT Service Pack 2
  # compatibility_mode=512 16777215 100 0 0 0 0 0
  # compatibility_mode=5121 16777213 100 75 3199400 16416397 0 0
  # compatibility_mode=5892 16776574 100 56 3202383 140420371 0 0
  # compatibility_mode=8192 67108863 100 0 91 91 0 0
  # scanned=423117
  # found=1
  # cleaned=1
  # scan_time=8909
  C:\Downloads\Klaar\fc_setup_.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
 • Hoi Rob, ik denk dat jouw Windows zo langzamerhand op orde is.

  Want hoe draait Windows nu en heb je er nog problemen mee?
 • Morgen Abraham,

  ik kan Taakbeheer weer opstarten, maar dat kon dus al nadat ik het naar de System32 map had gekopieerd. Voor de rest had ik geen problemen met Windows.
  We weten dus nu eigenlijk nog de oorzaak niet, denk ik. Het was misschien beter geweest als ik taskmgr niet handmatig had gekopieerd.
 • Ben jij de enigste gebruiker van je PC?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.