Vraag & Antwoord

Beveiliging & privacy

trojan.muldrop

Anoniem
Abraham54
29 antwoorden
  • Hoi,

    Sinds kort kan ik met mijn PC niet meer op internet. Na een scan bleek dat er een virus was gedetecteerd met de naam "Backdoor.gen".
    Daarna heb ik hijackthis gebuikt en bleek die backdoor.gen verdwenen te zijn maar kon ik nog steeds niet op internet.
    Een dag later krijg ik, na een nieuwe scan, de melding dat er een "trojan.muldrop" is gedetecteerd.

    Hoe kan ik deze verwijderen?
    Wie kan mij verder helpen?

    Alvast bedankt voor jullie reacties.

    Roboke
  • Als jij zulks soort meldingen krijgt, dan is het zo dat Hijack This dze misschien aangeeft.
    En dan Fix je het, maar is het virus nog niet weg!

    [b:9cc93ffb1a]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:9cc93ffb1a]
  • Abraham,
    Bedankt voor je uitleg.

    Dit is wel een hele boterham :(

    Ik zal dit één van de avonden eens uitproberen en daarna laat ik je zeker iets weten.

    Groetjes

    Roboke
  • Als je een beetje computer hebt, dan is het in ca een half uurtje gepiept.
  • Abraham

    Ik heb je instructies gevolgd en ik moet zeggen; het zag er in het begin een beetje beangstigend uit, zeker voor een leek als ik, maar je hebt de verschillende stappen zo perfect opgesomd dat het kindrspel wordt. Proficiat hiervoor.

    Dit zijn de twee logbestanden die er uit voortgekomen zijn.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:54:07, on 1/11/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Documents and Settings\gwen\Bureaublad\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PCSafeDoctor\pcsafedoctor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\WINDOWS\Temp\Password.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.be/hws/sb/dell-row/nl/side.html?channel=be
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.be/hws/sb/dell-row/nl/side.html?channel=be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=nl&client=dell-row&channel=be&ibd=0070119
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57758
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] Disable_By_C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Documents and Settings\gwen\Bureaublad\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [QuickTime Task] Disable_By_"C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] Disable_By_"C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [pcsafedoctor.exe] C:\Program Files\PCSafeDoctor\pcsafedoctor.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [msnmsgr] Disable_By_"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Creative ZENcast v1.02.10; BRI/2)" -"http://www8.agame.com/games/shockwave/m/My3DRoom/My3DRoom_girlsgogames_nl.htm"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Dell Network Assistant.lnk = ?
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O4 - Global Startup: Password.lnk = C:\WINDOWS\Temp\Password.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\bruno\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
    O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://imst.selfip.net:88/LNetCam.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe


    End of file - 16877 bytes


    en het mbam-logbestand

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Databaseversie: 8064

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/11/2011 23:10:57
    mbam-log-2011-11-01 (23-10-42).txt

    Scantype: Snelle scan
    Objecten gescand: 287421
    Verstreken tijd: 34 minuut/minuten, 38 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 1
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 1
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    c:\syte821.bin (Trojan.SpyEyes) -> No action taken.

    Bestanden geïnfecteerd:
    c:\syte821.bin\5219ee52361fa22 (Trojan.SpyEyes) -> No action taken.
  • Je hebt alleen MBAM het gevondene niet laten verwijderen!
    Volgende keer wel doen!

    We gaan door:

    [b:91d4c31914]Welk programma[/b:91d4c31914]: ComboFix
    [b:91d4c31914]Waarvoor/waarom[/b:91d4c31914]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:91d4c31914]Moeilijkheidsgraad[/b:91d4c31914]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:91d4c31914]Downloadlokatie[/b:91d4c31914]: Dit programma absoluut naar het bureaublad downloaden!
    [b:91d4c31914]Download ComboFix via één van deze locaties[/b:91d4c31914]:
    [list:91d4c31914][*:91d4c31914][b:91d4c31914]Bleepingcomputer[/b:91d4c31914]
    [*:91d4c31914][b:91d4c31914]ForoSpyware[/b:91d4c31914]
    [*:91d4c31914][b:91d4c31914]Geekstogo[/b:91d4c31914][/list:u:91d4c31914]
    [b:91d4c31914]Hier[/b:91d4c31914] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:91d4c31914]Hier[/b:91d4c31914] en [b:91d4c31914]hier[/b:91d4c31914] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:91d4c31914]Voor alle duidelijkheid nogmaals[/b:91d4c31914]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:91d4c31914]Opmerkingen[/b:91d4c31914]:
    [list:91d4c31914][*:91d4c31914] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:91d4c31914]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:91d4c31914]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:91d4c31914]
    [b:91d4c31914]ComboFix is opgestart[/b:91d4c31914]:
    [list:91d4c31914][*:91d4c31914]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:91d4c31914]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:91d4c31914]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:91d4c31914]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:91d4c31914]Post de inhoud van dit logbestand in je volgende bericht.
    [*:91d4c31914]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:91d4c31914]
    [b:91d4c31914]Belangrijke opmerking[/b:91d4c31914]:
    [list:91d4c31914][*:91d4c31914][b:91d4c31914]
  • Hey Abraham

    Allereerst wens ik je voor 2012 het aalerbeste met veel geluk en vreugde in alles wat je doet.

    Na een korte afwezigheid heb ik de draad terug opgenomen en heb ik de combofix uitgevoerd; weliswaar zonder de recovery console.

    ziehier het logbestand dat er uit voortgekomen is


    ComboFix 12-01-02.01 - bruno 02/01/2012 22:26:17.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1369 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\bruno\Bureaublad\ComboFix.exe
    AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\bruno\Application Data\PriceGong
    c:\documents and settings\bruno\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\bruno\WINDOWS
    c:\documents and settings\lena\Application Data\PriceGong
    c:\documents and settings\lena\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\lena\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\lena\WINDOWS
    c:\documents and settings\robbe\Application Data\PriceGong
    c:\documents and settings\robbe\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\robbe\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\robbe\WINDOWS
    c:\program files\mbam-setup-1.51.2.1300.exe
    c:\windows\IsUn0413.exe
    c:\windows\system32\CddbCdda.dll
    c:\windows\system32\SETD0.tmp
    c:\windows\system32\SETD2.tmp
    c:\windows\system32\SETD7.tmp
    c:\windows\system32\SETDE.tmp
    c:\windows\system32\SETE0.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Legacy_RKHIT
    ——-\Service_RkHit
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-12-02 to 2012-01-02 ))))))))))))))))))))))))))))))
    .
    .
    2012-01-02 21:43 . 2012-01-02 21:43 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-01 20:52 . 2011-11-01 20:52 388096 —-a-r- c:\documents and settings\bruno\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-01 20:45 . 2011-09-28 19:26 69356 —-a-w- c:\program files\HijackThis.exe
    2011-11-01 20:35 . 2011-11-01 21:17 3561544 —-a-w- c:\program files\rcpsetup_dcnew_300_pd.exe
    2011-11-01 20:31 . 2011-11-01 20:58 73443336 —-a-w- c:\program files\msert.exe
    2011-11-01 20:24 . 2011-09-28 19:23 1402880 —-a-w- c:\program files\HiJackThis.msi
    2011-09-28 20:27 . 2011-09-28 20:27 70292 —-a-w- c:\program files\SDFiks.exe
    2011-09-28 19:38 . 2011-09-28 19:38 0 —-a-w- c:\program files\Hijack.exe
    2011-09-28 19:38 . 2011-09-28 19:38 1402880 —-a-w- c:\program files\HiJack.msi
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 15:54 175912 ——w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    2011-01-17 14:54 175912 —-a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    2009-12-31 09:53 2349080 —-a-w- c:\program files\DVDVideoSoft\tbDVDV.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
    "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
    "RDReminder"="c:\program files\RegClean Pro\RegCleanPro.exe" [2011-09-30 7224704]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-17 30192]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-02-28 1385472]
    "AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344]
    "PCSuiteTrayApplication"="c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "Nokia.PCSync"="c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
    .
    c:\documents and settings\lena\Menu Start\Programma's\Opstarten\
    ubisoft register.lnk - c:\program files\Ubi Soft\Rayman3\Register\schedule.exe [N/A]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-31 110592]
    Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-1-19 7168]
    Password.lnk - c:\windows\Temp\Password.exe [N/A]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
    "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
    "10426:UDP"= 10426:UDP:SingleClick ICC
    .
    R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [3/03/2007 13:29 137344]
    R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [3/03/2007 13:29 12032]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 10:07 135664]
    S3 bDMusicb;bDMusicb;\??\c:\docume~1\bruno\LOCALS~1\Temp\bDMusicb.sys –> c:\docume~1\bruno\LOCALS~1\Temp\bDMusicb.sys [?]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/01/2007 20:45 30192]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 10:07 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys –> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/09/2004 9:38 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
    .
    2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 09:06]
    .
    2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 09:06]
    .
    2011-09-19 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
    .
    2009-09-30 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
    .
    2011-11-01 c:\windows\Tasks\RegClean Pro_DEFAULT.job
    - c:\program files\RegClean Pro\RegCleanPro.exe [2011-11-01 14:37]
    .
    2011-11-01 c:\windows\Tasks\RegClean Pro_UPDATES.job
    - c:\program files\RegClean Pro\RegCleanPro.exe [2011-11-01 14:37]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.be/
    mWindow Title = Telenet Internet
    uInternet Settings,ProxyServer = http=127.0.0.1:57758
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\bruno\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    TCP: DhcpNameServer = 195.130.131.132 195.130.130.4
    DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab
    DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://imst.selfip.net:88/LNetCam.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    HKLM-Run-Corel Photo Downloader - Disable_By_c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    HKLM-Run-nwiz - nwiz.exe
    HKLM-Run-QuickTime Task - Disable_By_c:\program files\QuickTime\qttask.exe
    HKLM-Run-iTunesHelper - Disable_By_c:\program files\iTunes\iTunesHelper.exe
    AddRemove-Bedrock Bowling - c:\program files\SouthPeak Interactive\Bedrock Bowling\Uninst.isu
    AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-02 22:42
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|þ»Ñw*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'explorer.exe'(244)
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\PhoneBrowser.dll
    c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\PCSCM.dll
    c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\Lang\PhoneBrowser_dut.nlr
    c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Ahead\InCD\InCDsrv.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Windows Live\Family Safety\fsssvc.exe
    c:\program files\Dell Network Assistant\hnm_svc.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\stsystra.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\rundll32.exe
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    c:\program files\Dell Network Assistant\ezi_hnm2.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-01-02 22:47:25 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-01-02 21:47
    .
    Pre-Run: 70.081.740.800 bytes beschikbaar
    Post-Run: 72.151.453.696 bytes beschikbaar
    .
    - - End Of File - - E09B9F48E9974A0A6818441F9E1EAAEA
  • Dank voor jouw wensen.
    Ik wens jouw ook een fijn jaar toe.

    Ik zie dat jij van DVD-soft het een en ander in Windows hebt.

    DVD-soft is niet onschuldig en komt altijd minimaal met Conduit in Windows.

    Waar gebruik jij die software voor?
    En hoe draait jouw Windows na de scan?
  • DVD soft heb ik gedownload om youtue-bestanden om te zetten naar mp3-bestanden; dit was dan blijkbaar geen goed idee.

    De PC start nu opmerkelijk sneller op en internet explorer werkt weer.

    Momenteel staat er geen virusscanner op de PC. Ik heb hier ook al wat gelezen over Avira en Avast; wat raad je me dan aan?
  • Over jouw vraag over antivirus:

    Avast Free is de onbetwiste nummer 1, en de enigste, die een aantal onderdelen aan boord heeft, die je verder alleen aantreft bij betaalde antivirusprogramma's.
    [b:77a49e1484]Downloadlink Avast 6 Free[/b:77a49e1484]

    Avira Free daarentegen mist dus o.a. een emailscanner (open je echter een besmette email, spring Avira in actie!) maar heeft een zeer goede ondemandscanner en werkt nog lichter in Windows dan Avast.
    [b:77a49e1484]Downloadlink Avira 2012 Free[/b:77a49e1484]

    Tip: bij installatie wordt gevraagd om de ASK-toolbar te installeren - indien je van Avira's webrep gebruik wil maken!

    Maar dat wil je niet doen, want installeer beter daarna ook nog WOT (Web of Trust - http://www.mywot.com/ )


    Welk van de twee jij ook kiest - laat na updaten de software een volledige systeemscan doen en laat mij dan weten hoe die verlopen is,
  • Abraham

    ik heb dus gekozen voor Avast en een volledige scan uitgevoerd.

    Hij geeft een bedreiging: INI:Cycbot-gen [Trj]
    en bedreiging: Win32:SpyEyes-D [Spy]

    daarnast heb ik de mogelijkheid om te herstellen, te verplaatsen naar kluis, verwijderen of niets doen.

    Wat doe ik hier dan mee?

    Groetjes
  • Verplaatsen naar kluis.
    Dat zijn namelijk schadelijke bestanden en in de kluis van Avast kunnen ze niks meer aanrichten!

    Daarna doe je het volgende: [b:b149f7d5f5]doe de ESET online scan (Klik).[/b:b149f7d5f5]
    [list:b149f7d5f5]
    [*:b149f7d5f5]Klik op de knop [b:b149f7d5f5]ESET Online Scanner[/b:b149f7d5f5]
    [*:b149f7d5f5]Zet een vinkje bij [b:b149f7d5f5]YES, I accept the Terms of Use[/b:b149f7d5f5]
    [*:b149f7d5f5]Klik op [b:b149f7d5f5]Start[/b:b149f7d5f5]
    [*:b149f7d5f5]Sta het ActiveX control toe om te installeren.
    [*:b149f7d5f5]Zet een vinkje bij de volgende opties:
    [list:b149f7d5f5][*:b149f7d5f5][b:b149f7d5f5]Remove found threats[/b:b149f7d5f5]
    [*:b149f7d5f5][b:b149f7d5f5]Scan archives[/b:b149f7d5f5][/list:u:b149f7d5f5]
    [*:b149f7d5f5]Klik vervolgens op [b:b149f7d5f5]
  • Ziehier de logfile nadat ik de ESET online scanner heb uitgevoerd.


    C:\Documents and Settings\gwen\Local Settings\Temporary Internet Files\Content.IE5\8K2KV521\SDFix[2].exe Win32/PrcView application deleted - quarantined
    C:\Program Files\Backdoor . Gen Removal Tool\Backdoor.GenRemovalTool.exe probably a variant of Win32/SecurityStronghold application cleaned by deleting - quarantined
    C:\SDFix\apps\Process.exe Win32/PrcView application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP1218\A0125155.sys Win32/Adware.SpywareCease application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP1218\A0125160.dll a variant of Win32/Adware.SpywareCease.AA application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP1218\A0125163.exe Win32/Adware.SpywareCease application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP1221\A0125646.exe probably a variant of Win32/SecurityStronghold application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP1221\A0125647.exe Win32/PrcView application cleaned by deleting - quarantined
  • Hoi Rob - enig idee hoe dit programma in jouw Windows is gekomen:

    [b:27a6e77150]C:\Program Files\Backdoor . Gen Removal Tool[/b:27a6e77150]??????
  • Wel, toen ik een vriend vertelde van de problemen die ik had met m'n PC en over de melding dat er een virus was gedetecteerd met de naam "backdoor.gen", raadde hij me aan om dat programma eens te laten draaien.
    Vermits hij op zijn werk ook op de IT-afdeling werkt ging ik ervan uit dat hij er wel iets meer van kent; maar nadat het prgramma zijn werk had gedaan bleek er nog niets veranderd te zijn.
    Daarna ben ik zelf een beetje beginnen zoeken en ben ik bij jullie terecht gekomen; wat me al een heeel pak verder heeft geholpen.
  • Op een IT afdeling werken wil nog niet zeggen dat ze ook iets van malware afweten.

    Want het tool is zelf malware!

    Het is ook erg jammeer, dat er zo'n lange tijd tusen begin en doorgaan heeft gezeten.

    Ik wil nu eerst een nieuw Hijack This-log door jou gepost zien.

    En vergezel dat ook van een nieuw MBAM-log.

    Dus MBAM opstarten, updaten en dan een snelle scan laten doen.
  • Abraham

    Ziehier de 2 gevraagde logbestanden


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:28:46, on 6/01/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Documents and Settings\gwen\Bureaublad\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=nl&client=dell-row&channel=be&ibd=0070119
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57758
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Documents and Settings\gwen\Bureaublad\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Documents and Settings\gwen\Bureaublad\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Dell Network Assistant.lnk = ?
    O4 - Global Startup: Password.lnk = C:\WINDOWS\Temp\Password.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\bruno\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
    O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://imst.selfip.net:88/LNetCam.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe


    End of file - 14953 bytes


    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Databaseversie: v2012.01.06.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    bruno :: ROBBELENA [administrator]

    6/01/2012 19:37:33
    mbam-log-2012-01-06 (19-37-33).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 261870
    Verstreken tijd: 12 minuut/minuten, 38 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)


    Groetjes
  • Hallo Rob, je hebt inmiddels Avast 6 Free geInstalleerd - maar er is nog een hoop van McAfee aktief.

    Verwijder ComboFix van jouw bureaublad en daowload het tool opnieuw!

    Vervolgens doe jij het volgende: zorg ervoor dat alle openstaande webbrowservensters gesloten zijn.
    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:938f37998d]Kladblok (of Notepad)[/b:938f37998d]". .

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:938f37998d]
  • Abraham

    Hieronder vind je het nieuwe Combofix log

    ComboFix 12-01-06.03 - bruno 06/01/2012 23:56:14.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1372 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\bruno\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\bruno\Bureaublad\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\bruno\Application Data\PriceGong
    c:\documents and settings\bruno\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\j.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\bruno\Application Data\PriceGong\Data\z.xml
    c:\program files\McAfee
    c:\program files\McAfee\Common Framework\0409\AgentRes.dll
    c:\program files\McAfee\Common Framework\0409\AgentRes64.dll
    c:\program files\McAfee\Common Framework\0409\CmaUIRes.dll
    c:\program files\McAfee\Common Framework\0409\ScrptRes.dll
    c:\program files\McAfee\Common Framework\0409\UpdRes.dll
    c:\program files\McAfee\Common Framework\Agent.dll
    c:\program files\McAfee\Common Framework\Agent64.dll
    c:\program files\McAfee\Common Framework\AgentPlugin.dll
    c:\program files\McAfee\Common Framework\applib.dll
    c:\program files\McAfee\Common Framework\applib64.dll
    c:\program files\McAfee\Common Framework\Cleanup.exe
    c:\program files\McAfee\Common Framework\ClientUI.dll
    c:\program files\McAfee\Common Framework\cmalib.dll
    c:\program files\McAfee\Common Framework\cmalib64.dll
    c:\program files\McAfee\Common Framework\CmdAgent.exe
    c:\program files\McAfee\Common Framework\ComponentFrameworkCallback64.dll
    c:\program files\McAfee\Common Framework\ComponentPolicyEnforcement64.dll
    c:\program files\McAfee\Common Framework\ComponentSubSystem.dll
    c:\program files\McAfee\Common Framework\ComponentSubSystem64.dll
    c:\program files\McAfee\Common Framework\ComponentUserInterface.dll
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\McAfee\Common Framework\FrmInst.exe
    c:\program files\McAfee\Common Framework\FrmPlugin.dll
    c:\program files\McAfee\Common Framework\GenEvtInf.dll
    c:\program files\McAfee\Common Framework\GenEvtInf64.dll
    c:\program files\McAfee\Common Framework\InternetManager.dll
    c:\program files\McAfee\Common Framework\InternetManager64.dll
    c:\program files\McAfee\Common Framework\JrMac.dll
    c:\program files\McAfee\Common Framework\ListenServer.dll
    c:\program files\McAfee\Common Framework\Logging.dll
    c:\program files\McAfee\Common Framework\Logging64.dll
    c:\program files\McAfee\Common Framework\Management.dll
    c:\program files\McAfee\Common Framework\Management64.dll
    c:\program files\McAfee\Common Framework\McScanCheck.exe
    c:\program files\McAfee\Common Framework\McScript.exe
    c:\program files\McAfee\Common Framework\McScript_InUse.exe
    c:\program files\McAfee\Common Framework\Mctray.exe
    c:\program files\McAfee\Common Framework\mcurial.dll
    c:\program files\McAfee\Common Framework\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
    c:\program files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcm80.dll
    c:\program files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcp80.dll
    c:\program files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcr80.dll
    c:\program files\McAfee\Common Framework\msvcp71.dll
    c:\program files\McAfee\Common Framework\msvcr71.dll
    c:\program files\McAfee\Common Framework\naCmnLib64.dll
    c:\program files\McAfee\Common Framework\naCmnLib71.dll
    c:\program files\McAfee\Common Framework\nagshr32.dll
    c:\program files\McAfee\Common Framework\naicrt32.dll
    c:\program files\McAfee\Common Framework\nailog.dll
    c:\program files\McAfee\Common Framework\nailog64.dll
    c:\program files\McAfee\Common Framework\naInet.dll
    c:\program files\McAfee\Common Framework\naInet64.dll
    c:\program files\McAfee\Common Framework\naisign.dll
    c:\program files\McAfee\Common Framework\naitcpp.dll
    c:\program files\McAfee\Common Framework\naPolicyManager.dll
    c:\program files\McAfee\Common Framework\naPolicyManager64.dll
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\program files\McAfee\Common Framework\naPrdMgr64.exe
    c:\program files\McAfee\Common Framework\naSPIPE.dll
    c:\program files\McAfee\Common Framework\naSPIPE64.dll
    c:\program files\McAfee\Common Framework\naXML64.dll
    c:\program files\McAfee\Common Framework\naXML71.dll
    c:\program files\McAfee\Common Framework\nmcomn32.dll
    c:\program files\McAfee\Common Framework\patchw32.dll
    c:\program files\McAfee\Common Framework\PcrPlug.dll
    c:\program files\McAfee\Common Framework\PoEvtInf.dll
    c:\program files\McAfee\Common Framework\Scheduler.dll
    c:\program files\McAfee\Common Framework\Scheduler64.dll
    c:\program files\McAfee\Common Framework\ScriptSubSys.dll
    c:\program files\McAfee\Common Framework\SecureFrameworkFactory.dll
    c:\program files\McAfee\Common Framework\SecureFrameworkFactory64.dll
    c:\program files\McAfee\Common Framework\TCHelper.dll
    c:\program files\McAfee\Common Framework\TCSubSys.dll
    c:\program files\McAfee\Common Framework\UdaterUI.exe
    c:\program files\McAfee\Common Framework\unicows.dll
    c:\program files\McAfee\Common Framework\UpdateSubSys.dll
    c:\program files\McAfee\Common Framework\UpdPlug.dll
    c:\program files\McAfee\Common Framework\UserSpace.dll
    c:\program files\McAfee\Common Framework\XMLWrap.dll
    c:\program files\McAfee\SpamKiller\borlndmm.dll
    c:\program files\McAfee\SpamKiller\mcapfbho.dat
    c:\program files\McAfee\SpamKiller\MSKColors.dat
    c:\program files\McAfee\SpamKiller\MSKDetct.exe
    c:\program files\McAfee\SpamKiller\MSKRescs.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-12-06 to 2012-01-06 ))))))))))))))))))))))))))))))
    .
    .
    2012-01-05 19:48 . 2012-01-05 19:48 ——– d—–w- c:\program files\ESET
    2012-01-05 17:45 . 2011-11-28 17:53 314456 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2012-01-05 17:45 . 2011-11-28 17:51 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-01-05 17:45 . 2011-11-28 17:53 435032 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-01-05 17:45 . 2011-11-28 17:52 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-01-05 17:45 . 2011-11-28 17:52 52952 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-01-05 17:45 . 2011-11-28 17:52 111320 —-a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-01-05 17:45 . 2011-11-28 17:51 105176 —-a-w- c:\windows\system32\drivers\aswmon.sys
    2012-01-05 17:45 . 2011-11-28 17:48 30808 —-a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-01-05 17:44 . 2011-11-28 18:01 41184 —-a-w- c:\windows\avastSS.scr
    2012-01-05 17:44 . 2011-11-28 18:01 199816 —-a-w- c:\windows\system32\aswBoot.exe
    2012-01-05 17:44 . 2012-01-05 17:44 ——– d—–w- c:\documents and settings\All Users\Application Data\AVAST Software
    2012-01-05 17:44 . 2012-01-05 17:44 ——– d—–w- c:\program files\AVAST Software
    2012-01-05 17:39 . 2012-01-05 17:39 64207032 —-a-w- c:\program files\setup_av_free.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-10 14:24 . 2011-11-01 21:30 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-23 14:40 . 2004-09-14 08:38 1859712 —-a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:13 . 2004-09-14 08:38 916992 —-a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:13 . 2004-09-14 08:38 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:13 . 2004-09-14 08:38 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:25 . 2004-09-14 08:38 385024 —-a-w- c:\windows\system32\html.iec
    2011-11-01 20:52 . 2011-11-01 20:52 388096 —-a-r- c:\documents and settings\bruno\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-01 20:45 . 2011-09-28 19:26 69356 —-a-w- c:\program files\HijackThis.exe
    2011-11-01 20:35 . 2011-11-01 21:17 3561544 —-a-w- c:\program files\rcpsetup_dcnew_300_pd.exe
    2011-11-01 20:31 . 2011-11-01 20:58 73443336 —-a-w- c:\program files\msert.exe
    2011-11-01 20:24 . 2011-09-28 19:23 1402880 —-a-w- c:\program files\HiJackThis.msi
    2011-11-01 16:07 . 2004-09-14 08:38 1288192 —-a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:32 . 2004-09-14 08:38 33280 —-a-w- c:\windows\system32\csrsrv.dll
    2011-10-26 10:50 . 2004-09-14 08:38 2153472 —-a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-26 10:50 . 2004-08-04 00:58 2031616 —-a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13 . 2004-09-14 08:38 186880 —-a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2004-09-14 08:49 692736 —-a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 20:27 . 2011-09-28 20:27 70292 —-a-w- c:\program files\SDFiks.exe
    2011-09-28 19:38 . 2011-09-28 19:38 0 —-a-w- c:\program files\Hijack.exe
    2011-09-28 19:38 . 2011-09-28 19:38 1402880 —-a-w- c:\program files\HiJack.msi
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-02_21.42.36 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    + 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2012-01-06 18:14 . 2012-01-06 18:14 16384 c:\windows\Temp\Perflib_Perfdata_71c.dat
    - 2008-07-14 11:09 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
    + 2008-07-14 11:09 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
    - 2004-09-14 08:38 . 2011-08-22 23:41 66560 c:\windows\system32\mshtmled.dll
    + 2004-09-14 08:38 . 2011-11-04 19:13 66560 c:\windows\system32\mshtmled.dll
    + 2007-08-13 17:54 . 2011-11-04 19:13 55296 c:\windows\system32\msfeedsbs.dll
    - 2007-08-13 17:54 . 2011-08-22 23:41 55296 c:\windows\system32\msfeedsbs.dll
    - 2004-09-14 08:38 . 2011-08-22 23:41 25600 c:\windows\system32\jsproxy.dll
    + 2004-09-14 08:38 . 2011-11-04 19:13 25600 c:\windows\system32\jsproxy.dll
    + 2009-08-31 18:50 . 2011-11-04 19:13 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2009-08-31 18:50 . 2011-08-22 23:41 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2007-01-19 19:31 . 2011-08-22 23:41 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2007-01-19 19:31 . 2011-11-04 19:13 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2008-12-11 18:26 . 2011-11-04 19:13 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2008-12-11 18:26 . 2011-08-22 23:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2007-08-13 17:44 . 2011-08-22 23:41 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2007-08-13 17:44 . 2011-11-04 19:13 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2007-01-19 19:31 . 2011-08-22 23:41 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2007-01-19 19:31 . 2011-11-04 19:13 25600 c:\windows\system32\dllcache\jsproxy.dll
    - 2009-12-14 07:10 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2009-12-14 07:10 . 2011-10-28 05:32 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2007-01-31 21:26 . 2012-01-02 22:25 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2007-01-31 21:26 . 2011-10-13 20:10 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2007-01-31 21:26 . 2012-01-02 22:25 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2007-01-31 21:26 . 2011-10-13 20:10 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2007-01-31 21:26 . 2011-10-13 20:10 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2007-01-31 21:26 . 2012-01-02 22:25 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2007-01-31 21:26 . 2012-01-02 22:25 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2007-01-31 21:26 . 2011-10-13 20:10 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2007-01-31 21:26 . 2012-01-02 22:25 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2007-01-31 21:26 . 2011-10-13 20:10 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2007-01-31 21:26 . 2012-01-02 22:25 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2007-01-31 21:26 . 2011-10-13 20:10 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2012-01-02 22:29 . 2011-08-22 23:41 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
    + 2012-01-02 22:28 . 2011-08-22 23:41 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
    + 2012-01-02 22:28 . 2011-08-22 23:41 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
    + 2012-01-02 22:28 . 2011-08-22 23:41 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
    + 2012-01-02 22:28 . 2011-08-22 23:41 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
    - 2007-01-31 21:26 . 2011-10-13 20:10 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2007-01-31 21:26 . 2012-01-02 22:25 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    + 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    + 2004-09-14 08:38 . 2011-11-04 19:13 105984 c:\windows\system32\url.dll
    - 2004-09-14 08:38 . 2011-08-22 23:41 105984 c:\windows\system32\url.dll
    + 2004-09-14 08:38 . 2011-11-04 19:13 206848 c:\windows\system32\occache.dll
    - 2004-09-14 08:38 . 2011-08-22 23:41 206848 c:\windows\system32\occache.dll
    + 2004-09-14 08:38 . 2011-11-04 19:13 611840 c:\windows\system32\mstime.dll
    - 2004-09-14 08:38 . 2011-08-22 23:41 611840 c:\windows\system32\mstime.dll
    + 2007-08-13 17:54 . 2011-11-04 19:13 602112 c:\windows\system32\msfeeds.dll
    - 2007-08-13 17:54 . 2011-08-22 23:41 602112 c:\windows\system32\msfeeds.dll
    - 2004-09-14 08:38 . 2011-08-22 23:41 184320 c:\windows\system32\iepeers.dll
    + 2004-09-14 08:38 . 2011-11-04 19:13 184320 c:\windows\system32\iepeers.dll
    - 2004-09-14 08:38 . 2011-08-22 23:41 387584 c:\windows\system32\iedkcs32.dll
    + 2004-09-14 08:38 . 2011-11-04 19:13 387584 c:\windows\system32\iedkcs32.dll
    + 2004-09-14 08:38 . 2011-11-04 11:25 174080 c:\windows\system32\ie4uinit.exe
    - 2004-09-14 08:38 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
    + 2004-09-14 08:44 . 2012-01-04 19:31 197752 c:\windows\system32\FNTCACHE.DAT
    - 2004-09-14 08:44 . 2011-10-13 20:21 197752 c:\windows\system32\FNTCACHE.DAT
    + 2007-01-19 19:31 . 2011-11-04 19:13 916992 c:\windows\system32\dllcache\wininet.dll
    - 2007-08-13 17:44 . 2011-08-22 23:41 105984 c:\windows\system32\dllcache\url.dll
    + 2007-08-13 17:44 . 2011-11-04 19:13 105984 c:\windows\system32\dllcache\url.dll
    - 2007-08-13 17:44 . 2011-08-22 23:41 206848 c:\windows\system32\dllcache\occache.dll
    + 2007-08-13 17:44 . 2011-11-04 19:13 206848 c:\windows\system32\dllcache\occache.dll
    - 2007-01-19 19:31 . 2011-08-22 23:41 611840 c:\windows\system32\dllcache\mstime.dll
    + 2007-01-19 19:31 . 2011-11-04 19:13 611840 c:\windows\system32\dllcache\mstime.dll
    + 2008-12-11 18:26 . 2011-11-04 19:13 602112 c:\windows\system32\dllcache\msfeeds.dll
    - 2008-12-11 18:26 . 2011-08-22 23:41 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2008-12-05 19:25 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
    - 2008-12-05 19:25 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2009-08-31 18:50 . 2011-11-04 19:13 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2009-08-31 18:50 . 2011-08-22 23:41 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2007-01-19 19:31 . 2011-11-04 19:13 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2007-01-19 19:31 . 2011-08-22 23:41 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2010-06-09 11:38 . 2011-11-04 19:13 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2010-06-09 11:38 . 2011-08-22 23:41 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2007-08-13 17:39 . 2011-11-04 19:13 387584 c:\windows\system32\dllcache\iedkcs32.dll
    - 2007-08-13 17:39 . 2011-08-22 23:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
    - 2007-08-13 17:39 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
    + 2007-08-13 17:39 . 2011-11-04 11:25 174080 c:\windows\system32\dllcache\ie4uinit.exe
    + 2011-02-09 13:54 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
    - 2011-02-09 13:54 . 2011-02-09 13:54 186880 c:\windows\system32\dllcache\encdec.dll
    - 2011-09-03 10:17 . 2011-09-09 09:12 602624 c:\windows\system32\dllcache\crypt32.dll
    + 2011-09-03 10:17 . 2011-09-28 07:06 602624 c:\windows\system32\dllcache\crypt32.dll
    + 2004-09-14 08:38 . 2011-09-28 07:06 602624 c:\windows\system32\crypt32.dll
    - 2004-09-14 08:38 . 2011-09-09 09:12 602624 c:\windows\system32\crypt32.dll
    + 2012-01-05 17:45 . 2012-01-05 17:45 219648 c:\windows\Installer\10f2b4.msi
    - 2007-01-31 21:26 . 2011-10-13 20:10 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2007-01-31 21:26 . 2012-01-02 22:25 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2007-01-31 21:26 . 2012-01-02 22:25 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2007-01-31 21:26 . 2011-10-13 20:10 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2007-01-31 21:26 . 2012-01-02 22:25 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2007-01-31 21:26 . 2011-10-13 20:10 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2007-01-31 21:26 . 2011-10-13 20:10 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2007-01-31 21:26 . 2012-01-02 22:25 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2007-01-31 21:26 . 2012-01-02 22:25 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2007-01-31 21:26 . 2011-10-13 20:10 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2007-01-31 21:26 . 2011-10-13 20:10 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2007-01-31 21:26 . 2012-01-02 22:25 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2012-01-02 22:28 . 2011-08-22 23:41 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
    + 2012-01-02 22:28 . 2011-08-22 23:41 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
    + 2012-01-02 22:29 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
    + 2012-01-02 22:29 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
    + 2012-01-02 22:28 . 2011-08-22 23:41 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
    + 2012-01-02 22:28 . 2011-08-22 23:41 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
    + 2012-01-02 22:28 . 2011-08-22 23:41 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
    + 2012-01-02 22:29 . 2011-08-22 23:41 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
    + 2012-01-02 22:28 . 2011-08-22 23:41 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
    + 2012-01-02 22:29 . 2011-08-22 23:41 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
    + 2012-01-02 22:29 . 2011-08-22 23:41 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
    + 2012-01-02 22:29 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
    + 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    + 2004-09-14 08:38 . 2011-11-04 19:13 1212416 c:\windows\system32\urlmon.dll
    - 2004-09-14 08:38 . 2011-08-22 23:41 1212416 c:\windows\system32\urlmon.dll
    + 2004-09-14 08:38 . 2011-11-04 19:13 5978112 c:\windows\system32\mshtml.dll
    - 2007-08-13 17:34 . 2011-08-22 23:41 2000384 c:\windows\system32\iertutil.dll
    + 2007-08-13 17:34 . 2011-11-04 19:13 2000384 c:\windows\system32\iertutil.dll
    + 2008-12-05 19:27 . 2011-11-23 14:40 1859712 c:\windows\system32\dllcache\win32k.sys
    - 2007-01-19 19:31 . 2011-08-22 23:41 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2007-01-19 19:31 . 2011-11-04 19:13 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2010-07-16 12:01 . 2011-11-01 16:07 1288192 c:\windows\system32\dllcache\ole32.dll
    + 2008-12-05 19:26 . 2011-10-26 10:50 2197120 c:\windows\system32\dllcache\ntoskrnl.exe
    - 2008-12-05 19:26 . 2010-12-09 15:14 2197120 c:\windows\system32\dllcache\ntoskrnl.exe
    - 2008-12-05 19:26 . 2010-12-09 15:14 2031616 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-12-05 19:26 . 2011-10-26 10:50 2031616 c:\windows\system32\dllcache\ntkrpamp.exe
    - 2008-12-05 19:26 . 2010-12-09 15:14 2073728 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2008-12-05 19:26 . 2011-10-26 10:50 2073728 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2008-12-05 19:26 . 2011-10-26 10:50 2153472 c:\windows\system32\dllcache\ntkrnlmp.exe
    - 2008-12-05 19:26 . 2010-12-09 15:14 2153472 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2006-07-28 04:29 . 2011-11-04 19:13 5978112 c:\windows\system32\dllcache\mshtml.dll
    + 2008-12-11 18:26 . 2011-11-04 19:13 2000384 c:\windows\system32\dllcache\iertutil.dll
    - 2008-12-11 18:26 . 2011-08-22 23:41 2000384 c:\windows\system32\dllcache\iertutil.dll
    + 2011-10-29 22:10 . 2011-10-29 22:10 6824960 c:\windows\Installer\2724ff.msp
    + 2011-10-31 11:37 . 2011-10-31 11:37 4146688 c:\windows\Installer\2724e9.msp
    + 2011-11-17 09:55 . 2011-11-17 09:55 5522944 c:\windows\Installer\2724d4.msp
    + 2012-01-02 22:28 . 2011-08-22 23:41 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
    + 2012-01-02 22:28 . 2011-10-03 08:31 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
    + 2012-01-02 22:28 . 2011-08-22 23:41 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
    - 2008-12-05 19:26 . 2010-12-09 15:14 2197120 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-12-05 19:26 . 2011-10-26 10:50 2197120 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-12-05 19:26 . 2011-10-26 10:50 2031616 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2008-12-05 19:26 . 2010-12-09 15:14 2031616 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-12-05 19:26 . 2011-10-26 10:50 2073728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    - 2008-12-05 19:26 . 2010-12-09 15:14 2073728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-12-05 19:26 . 2011-10-26 10:50 2153472 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    - 2008-12-05 19:26 . 2010-12-09 15:14 2153472 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2008-12-11 18:20 . 2011-12-07 10:44 52988224 c:\windows\system32\MRT.exe
    + 2007-08-13 17:54 . 2011-11-05 13:13 11081728 c:\windows\system32\ieframe.dll
    - 2007-08-13 17:54 . 2011-08-23 15:41 11081728 c:\windows\system32\ieframe.dll
    + 2008-12-11 18:26 . 2011-11-05 13:13 11081728 c:\windows\system32\dllcache\ieframe.dll
    - 2008-12-11 18:26 . 2011-08-23 15:41 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2012-01-02 22:28 . 2011-08-23 15:41 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
    .
    – Snapshot teruggezet naar huidige datum –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 15:54 175912 ——w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    2011-01-17 14:54 175912 —-a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    2009-12-31 09:53 2349080 —-a-w- c:\program files\DVDVideoSoft\tbDVDV.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
    "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-17 30192]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-02-28 1385472]
    "AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344]
    "PCSuiteTrayApplication"="c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "Nokia.PCSync"="c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
    .
    c:\documents and settings\lena\Menu Start\Programma's\Opstarten\
    ubisoft register.lnk - c:\program files\Ubi Soft\Rayman3\Register\schedule.exe [N/A]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-31 110592]
    Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-1-19 7168]
    Password.lnk - c:\windows\Temp\Password.exe [N/A]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
    "10426:UDP"= 10426:UDP:SingleClick ICC
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/01/2012 18:45 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/01/2012 18:45 314456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/01/2012 18:45 20568]
    R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [3/03/2007 13:29 137344]
    R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [3/03/2007 13:29 12032]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 10:07 135664]
    S3 bDMusicb;bDMusicb;\??\c:\docume~1\bruno\LOCALS~1\Temp\bDMusicb.sys –> c:\docume~1\bruno\LOCALS~1\Temp\bDMusicb.sys [?]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/01/2007 20:45 30192]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 10:07 135664]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/09/2004 9:38 14336]
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - ASWSNX
    *Deregistered* - MBAMSwissArmy
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
    .
    2012-01-04 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-27 19:00]
    .
    2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 09:06]
    .
    2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 09:06]
    .
    2011-09-19 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
    .
    2012-01-06 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.be/
    mWindow Title = Telenet Internet
    uInternet Settings,ProxyServer = http=127.0.0.1:57758
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\bruno\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    TCP: DhcpNameServer = 195.130.131.132 195.130.130.4
    DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab
    DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://imst.selfip.net:88/LNetCam.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
    HKLM-Run-McAfeeUpdaterUI - c:\program files\McAfee\Common Framework\UdaterUI.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-07 00:15
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    .
    C:\## aswSnx private storage
    .
    Scan succesvol afgerond
    verborgen bestanden: 1
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|þ»Ñw*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Voltooingstijd: 2012-01-07 00:22:14
    ComboFix-quarantined-files.txt 2012-01-06 23:22
    ComboFix2.txt 2012-01-02 21:47
    .
    Pre-Run: 70.794.428.416 bytes beschikbaar
    Post-Run: 70.919.221.248 bytes beschikbaar
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 35F7E3F0A604C48E0A82B0604DCC2049
  • Hoi Rob, met je laatste ComboFix log is er voor de tweede keer nu de AdAware "PriceGong" verwijderd.
    En dat vind ik vreemd.

    Daar gaarna nu eerst het volgende doen: een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is.

    Download naar je bureaublad [b:592bc40b06].
    [list:592bc40b06][*:592bc40b06] Klik/dubbelklik op [b:592bc40b06]SecurityCheck.exe[/b:592bc40b06] en let op de instrukties in het zwarte venster.
    [*:592bc40b06] Een Kladblok document genaamd [b:592bc40b06]checkup.txt[/b:592bc40b06] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:592bc40b06] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:592bc40b06]
    Post de inhoud van [b:592bc40b06]checkup.txt [/b:592bc40b06]in je volgende post.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.