Windows werkt niet meer.

[michael84]

Ik heb volgende melding: (Microsoft windows werkt niet meer : rundll 32 )
Hierbij mijn HijackThis log.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:02, on 26/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\beernaert\AppData\Local\Google\Update\Goo gleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\beernaert\AppData\Local\Google\Update\Go ogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6391 bytes

[Juisterr]

Download http://download.bleepingcomputer.com/sUBs/ComboFix.exe Combofix naar je Bureaublad en gebruik het volgens http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden deze handleiding
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• Dubbelklik op Combofix.exe om het te starten.
• Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
• Klik op OK in het "NirCmd" venstertje.
• Klik na afloop terug op Ja om het scannen op malware te starten.
• Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
• Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord

[michael84]

Ik heb het is met Superantispyware gedaan.SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/28/2009 at 03:06 PM

Application Version : 4.25.1012

Core Rules Database Version : 3779
Trace Rules Database Version: 1738

Scan type : Complete Scan
Total Scan Time : 00:30:27

Memory items scanned : 700
Memory threats detected : 0
Registry items scanned : 6081
Registry threats detected : 0
File items scanned : 30284
File threats detected : 3

Adware.Tracking Cookie
C:\Users\beernaert\AppData\Roaming\Microsoft\Windo ws\Cookies\Low\beernaert@2o7[1].txt
C:\Users\beernaert\AppData\Roaming\Microsoft\Windo ws\Cookies\Low\beernaert@atdmt[2].txt
C:\Users\beernaert\AppData\Roaming\Microsoft\Windo ws\Cookies\Low\beernaert@microsoftwindows.112.2o7[1].txt

[Juisterr]

? daar had ik niet om gevraagd.

wil je alsnog combofix doen aub

[michael84]

ComboFix 09-02-28.01 - beernaert 2009-02-28 21:39:52.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2046.1321 [GMT 1:00]
Gestart vanuit: c:\users\beernaert\Documents\Downloads\ComboFix.ex e
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-28 to 2009-02-28 ))))))))))))))))))))))))))))))
.

2009-02-26 20:38 . 2009-02-26 20:38 <DIR> d-------- c:\program files\Trend Micro
2009-02-26 04:10 . 2009-02-26 04:10 <DIR> d-------- c:\users\beernaert\AppData\Roaming\Uniblue
2009-02-26 04:10 . 2009-02-26 04:13 <DIR> d-------- c:\users\All Users\DriverScanner
2009-02-26 04:10 . 2009-02-26 04:11 <DIR> d--h-c--- c:\users\All Users\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-02-26 04:10 . 2009-02-26 04:13 <DIR> d-------- c:\programdata\DriverScanner
2009-02-26 04:10 . 2009-02-26 04:11 <DIR> d--h-c--- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-02-26 04:10 . 2009-02-26 04:10 <DIR> d-------- c:\program files\Uniblue
2009-02-24 21:07 . 2009-02-24 21:07 <DIR> d-------- c:\program files\Lavalys
2009-02-22 15:12 . 2009-02-22 15:12 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-21 20:27 . 2009-02-22 18:17 <DIR> d-------- c:\users\beernaert\AppData\Roaming\PeaZip
2009-02-19 19:06 . 2009-02-22 15:12 <DIR> d-------- c:\users\beernaert\AppData\Roaming\SUPERAntiSpywar e.com
2009-02-19 19:06 . 2009-02-19 19:06 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-02-19 19:06 . 2009-02-19 19:06 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2009-02-19 19:06 . 2009-02-22 15:12 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-18 20:58 . 2009-02-18 20:58 34 --a------ c:\windows\System32\oeminfo.ini
2009-02-18 15:53 . 2003-01-26 12:41 40,960 --a------ c:\windows\System32\ssubtmr6.dll
2009-02-18 15:53 . 2007-08-31 17:36 36,864 --a------ c:\windows\System32\trayicon_handler.ocx
2009-02-15 13:09 . 2009-02-15 13:09 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-02-15 13:09 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-02-15 13:09 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-02-15 13:08 . 2009-02-15 13:09 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-15 13:08 . 2009-02-15 13:09 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BC F6}
2009-02-15 13:08 . 2009-02-15 13:09 <DIR> d-------- c:\program files\iTunes
2009-02-15 13:08 . 2009-02-15 13:08 <DIR> d-------- c:\program files\iPod
2009-02-15 13:08 . 2009-02-15 13:08 <DIR> d-------- c:\program files\Bonjour
2009-02-15 13:07 . 2009-02-15 13:07 <DIR> d-------- c:\program files\QuickTime
2009-02-15 13:07 . 2009-02-15 13:07 <DIR> d-------- c:\program files\Apple Software Update
2009-02-15 13:06 . 2009-02-15 13:06 <DIR> d-------- c:\users\All Users\Apple
2009-02-15 13:06 . 2009-02-15 13:06 <DIR> d-------- c:\programdata\Apple
2009-02-15 13:06 . 2009-02-15 13:08 <DIR> d-------- c:\program files\Common Files\Apple
2009-02-11 20:27 . 2009-02-18 21:24 83,296,256 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-02-11 20:27 . 2009-02-18 21:24 589,824 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-11 20:27 . 2009-02-18 21:24 65,536 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-11 20:26 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-11 20:26 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-11 20:26 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-11 20:26 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-11 20:26 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 20:20 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 20:20 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-11 08:17 . 2009-02-11 20:18 <DIR> d-------- c:\windows\Logs
2009-02-10 13:22 . 2009-02-10 13:32 <DIR> d-------- c:\users\beernaert\AppData\Roaming\DriverCure
2009-02-10 13:22 . 2009-02-10 13:22 <DIR> d-------- c:\users\All Users\ParetoLogic
2009-02-10 13:22 . 2009-02-10 13:32 <DIR> d-------- c:\users\All Users\DriverCure
2009-02-10 13:22 . 2009-02-10 13:22 <DIR> d-------- c:\programdata\ParetoLogic
2009-02-10 13:22 . 2009-02-10 13:32 <DIR> d-------- c:\programdata\DriverCure
2009-02-10 13:22 . 2009-02-10 13:22 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2009-02-07 17:49 . 2009-02-21 05:53 <DIR> d-------- c:\users\beernaert\AppData\Roaming\Ashampoo Photo Commander 5
2009-02-07 12:51 . 2009-02-07 17:45 <DIR> d-------- c:\program files\Ashampoo
2009-02-06 22:28 . 2009-02-06 22:28 <DIR> d-------- c:\users\beernaert\AppData\Roaming\Canneverbe_Limi ted
2009-02-06 22:00 . 2009-02-06 22:00 <DIR> d-------- c:\windows\PCHEALTH
2009-02-06 10:07 . 2009-02-07 12:58 <DIR> d-------- c:\users\beernaert\AppData\Roaming\Ashampoo
2009-02-06 10:00 . 2009-02-06 10:00 <DIR> d-------- c:\users\All Users\ashampoo
2009-02-06 10:00 . 2009-02-06 10:00 <DIR> d-------- c:\programdata\ashampoo
2009-02-04 23:07 . 2009-02-04 23:07 <DIR> d-------- c:\program files\PC Camera
2009-02-04 23:07 . 2006-11-03 10:59 48,128 --a------ c:\windows\System32\Remove.exe
2009-02-04 23:07 . 2007-03-15 11:01 284 --a------ c:\windows\System32\Remover.ini
2009-02-04 19:23 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-04 19:23 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-04 19:23 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-04 19:23 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2009-02-04 19:23 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-04 19:23 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-04 19:23 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-04 19:23 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-04 19:19 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-04 19:19 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-04 19:19 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-04 19:19 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-04 19:19 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-04 14:31 . 2009-02-04 14:31 <DIR> d-------- c:\users\All Users\ATI
2009-02-04 14:31 . 2009-02-04 14:31 <DIR> d-------- c:\programdata\ATI
2009-02-04 13:33 . 2009-02-04 13:33 <DIR> d-------- c:\program files\PC Drivers HeadQuarters(209)

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-28 20:37 --------- d-----w c:\users\beernaert\AppData\Roaming\Skype
2009-02-28 15:07 --------- d-----w c:\users\beernaert\AppData\Roaming\uTorrent
2009-02-26 03:07 --------- d-----w c:\programdata\PC Drivers HeadQuarters
2009-02-26 03:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 09:34 --------- d-----w c:\program files\ISP Monitor
2009-02-18 09:33 737,280 ----a-w c:\windows\iun6002.exe
2009-02-15 12:07 --------- d-----w c:\programdata\Apple Computer
2009-02-15 10:46 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-15 10:46 --------- d-----w c:\program files\Java
2009-02-12 18:30 --------- d-----w c:\users\beernaert\AppData\Roaming\dvdcss
2009-02-10 19:47 --------- d-----w c:\programdata\BitDefender
2009-02-08 18:47 --------- d---a-w c:\program files\Common Files\LightScribe
2009-02-08 18:21 --------- d-----w c:\programdata\LightScribe
2009-02-04 22:07 --------- d-----w c:\program files\Common Files\PAC207
2009-02-04 17:34 --------- d-----w c:\users\beernaert\AppData\Roaming\vlc
2009-02-04 17:34 --------- d-----w c:\program files\Samsung
2009-02-04 17:34 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-04 17:34 --------- d-----w c:\program files\CCleaner
2009-02-04 17:33 --------- d-----w c:\program files\ATI
2009-02-04 14:23 --------- d-----w c:\program files\ATI Technologies
2009-01-27 20:42 --------- d-----w c:\program files\Portrait Displays
2009-01-25 17:23 --------- d-----w c:\program files\Hewlett-Packard
2009-01-25 09:35 --------- d-----w c:\programdata\Lavasoft
2009-01-20 09:36 --------- d-----w c:\users\beernaert\AppData\Roaming\Malwarebytes
2009-01-20 09:36 --------- d-----w c:\programdata\Malwarebytes
2009-01-15 20:46 --------- d-----w c:\program files\Windows Mail
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-13 08:45 954,368 ----a-w c:\windows\system32\drivers\athr.sys
2009-01-05 20:04 --------- d-----w c:\users\beernaert\AppData\Roaming\ISP Monitor
2009-01-04 16:25 --------- d-----w c:\program files\VistaCodecPack
2009-01-04 10:37 --------- d-----w c:\programdata\VistaCodecs
2009-01-03 22:42 81,984 ----a-w c:\windows\System32\bdod.bin
2009-01-03 17:06 --------- d-----w c:\users\beernaert\AppData\Roaming\BitDefender
2009-01-03 17:04 --------- d-----w c:\program files\Common Files\BitDefender
2009-01-03 17:04 --------- d-----w c:\program files\BitDefender
2008-12-31 12:57 --------- d-----r c:\program files\Skype
2008-12-31 07:06 --------- d-----w c:\users\beernaert\AppData\Roaming\skypePM
2008-12-30 15:45 --------- d-----w c:\program files\VS Revo Group
2008-12-29 14:08 --------- d-----w c:\programdata\Skype
2008-12-24 11:05 1,036,288 ----a-w c:\windows\System32\VSFilter.dll
2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-12-07 12:08 795,648 ----a-w c:\windows\System32\xvidcore.dll
2008-12-07 12:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll
2008-12-03 19:15 2,030,080 ----a-w c:\windows\System32\python30.dll
2008-11-21 12:11 160 ----a-w c:\users\beernaert\AppData\Roaming\wklnhst.dat
2008-07-04 19:29 174 --sha-w c:\program files\desktop.ini
2008-06-24 15:28 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-06-24 15:28 56 ---ha-w c:\programdata\ezsidmv.dat
2008-11-12 15:03 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2008-11-12 15:03 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-12 15:03 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
2008-06-15 07:34 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-02-28_21.17.32,08 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-28 15:19:42 3,308 ----a-w c:\windows\bthservsdp.dat
+ 2009-02-28 20:27:37 3,308 ----a-w c:\windows\bthservsdp.dat
- 2009-02-28 17:44:32 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-02-28 20:28:43 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-02-28 17:44:32 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-02-28 20:28:43 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-02-28 17:55:11 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-28 20:30:09 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-28 20:30:09 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2009-02-28 17:55:06 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-02-28 20:30:04 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-02-28 20:30:04 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
- 2009-02-28 18:55:26 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-28 20:33:52 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-28 18:55:26 126,648 ----a-w c:\windows\System32\perfc013.dat
+ 2009-02-28 20:33:52 126,648 ----a-w c:\windows\System32\perfc013.dat
- 2009-02-28 18:55:26 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-28 20:33:52 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-28 18:55:26 667,114 ----a-w c:\windows\System32\perfh013.dat
+ 2009-02-28 20:33:52 667,114 ----a-w c:\windows\System32\perfh013.dat
- 2009-02-28 17:46:27 11,482 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4198273856-2802487723-2920741586-1000_UserData.bin
+ 2009-02-28 20:30:49 11,482 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4198273856-2802487723-2920741586-1000_UserData.bin
- 2009-02-28 17:46:27 80,802 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-02-28 20:30:49 80,928 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-02-28 17:46:26 54,712 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-02-28 20:30:48 54,854 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\beernaert\AppData\Local\Google\U pdate\GoogleUpdate.exe" [2008-12-20 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SunJavaUpdateReg"="c:\windows\system32\jureg. exe" [2007-04-07 54936]
"DT HPW"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-07-14 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-01-03 360448]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.ex e" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-15 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{3F33BC46-529F-47F8-B659-0F212CB45258}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{710EE531-190F-41D6-83C6-948DE8021B1E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D7C8FFB3-1576-4174-93DE-31BB979E7ED7}"= UDP:9420:Red Swoosh
"{C3D49CCD-2E00-4CEE-AE7E-9DEA8D5960E5}"= TCP:5000:Red Swoosh
"TCP Query User{FB54CE7F-3B67-4A1A-8C40-456BB76A21CD}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{532403EA-9E84-4199-B11A-F39F24C8B65B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9BB8B88D-4021-4525-BBA1-2580A69A8CC9}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{22686D4F-F0E1-49F0-97F0-3F18FE54CC29}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{C0F268AE-7745-41A3-9336-319E92850F7C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{044AFADB-F4DA-4F1C-940B-247575AF68A7}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{A7FC72EB-6323-4910-98E1-1CB955A17F04}"= UDP:9420:Akamai NetSession Interface
"{91DFE7A0-52D2-4FD4-B6F1-3104A89BCD4B}"= TCP:5000:Akamai NetSession Interface
"{D87497BD-DE77-4DC4-864C-659760FC4DEC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{71945091-F188-432A-9C2E-1DDAC52AC88F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AA1998A0-1433-47E9-A580-00346364F419}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2802723E-56EE-452C-B2F6-D29FAA35FCEA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2008-01-25 85520]
R3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [2006-12-05 507136]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S4 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [2007-08-23 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
bdx REG_MULTI_SZ scan
.
Inhoud van de 'Gedeelde Taken' map

2009-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4198273856-2802487723-2920741586-1000.job
- c:\users\beernaert\AppData\Local\Google\Update\Goo gleUpdate.exe [2008-12-20 13:44]

2009-02-27 c:\windows\Tasks\NeroLiveEpgUpdate-pchuis_beernaert.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe []
.
.
------- Bijkomende Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion &pf=desktop
uInternet Settings,ProxyOverride = *.local
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 21:41:12
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2009-02-28 21:42:59
ComboFix-quarantined-files.txt 2009-02-28 20:42:56
ComboFix2.txt 2009-02-28 20:26:35
ComboFix3.txt 2009-02-28 20:20:19

Pre-Run: 433.360.162.816 bytes beschikbaar
Post-Run: 433,326,465,024 bytes beschikbaar

277 --- E O F --- 2009-02-18 20:24:16

[Juisterr]

S.A.S. heeft zijn best al gedaan.

een opmerking.
c:\users\beernaert\Documents\Downloads\ComboFix.ex e

staat niet op de goede plek, hij moet op het bureaublad staan, verplaats het bestand naar het bureaublad.

Doe dan dit.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U
Klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

[michael84]

ComboFix 09-03-02.01 - beernaert 2009-03-02 19:01:32.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2046.1298 [GMT 1:00]
Gestart vanuit: c:\users\beernaert\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-02-02 to 2009-03-02 ))))))))))))))))))))))))))))))
.

2009-03-01 18:36 . 2009-03-01 18:36 <DIR> d-------- c:\users\beernaert\AppData\Roaming\TuneUp Software
2009-03-01 18:36 . 2009-03-01 18:36 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-03-01 18:36 . 2009-03-01 18:36 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-03-01 18:36 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-03-01 18:36 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-03-01 18:35 . 2009-03-01 18:35 <DIR> d-------- c:\users\All Users\TuneUp Software
2009-03-01 18:35 . 2009-03-01 18:35 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-01 18:35 . 2009-03-01 18:35 <DIR> d-------- c:\programdata\TuneUp Software
2009-03-01 18:35 . 2009-03-01 18:35 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-01 18:35 . 2009-03-01 18:36 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-03-01 17:37 . 2009-03-01 17:37 <DIR> d-------- c:\program files\QuickTime
2009-03-01 17:17 . 2009-03-01 17:17 <DIR> d-------- c:\program files\Secunia
2009-02-26 20:38 . 2009-02-26 20:38 <DIR> d-------- c:\program files\Trend Micro
2009-02-26 04:10 . 2009-03-01 01:28 <DIR> d-------- c:\program files\Uniblue
2009-02-24 21:07 . 2009-02-24 21:07 <DIR> d-------- c:\program files\Lavalys
2009-02-22 15:12 . 2009-02-22 15:12 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-21 20:27 . 2009-02-22 18:17 <DIR> d-------- c:\users\beernaert\AppData\Roaming\PeaZip
2009-02-19 19:06 . 2009-02-22 15:12 <DIR> d-------- c:\users\beernaert\AppData\Roaming\SUPERAntiSpywar e.com
2009-02-19 19:06 . 2009-02-19 19:06 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-02-19 19:06 . 2009-02-19 19:06 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2009-02-19 19:06 . 2009-02-22 15:12 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-18 20:58 . 2009-02-18 20:58 34 --a------ c:\windows\System32\oeminfo.ini
2009-02-18 15:53 . 2003-01-26 12:41 40,960 --a------ c:\windows\System32\ssubtmr6.dll
2009-02-18 15:53 . 2007-08-31 17:36 36,864 --a------ c:\windows\System32\trayicon_handler.ocx
2009-02-15 13:09 . 2009-02-15 13:09 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-02-15 13:09 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-02-15 13:09 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-02-15 13:08 . 2009-02-15 13:09 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-15 13:08 . 2009-02-15 13:09 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BC F6}
2009-02-15 13:08 . 2009-02-15 13:09 <DIR> d-------- c:\program files\iTunes
2009-02-15 13:08 . 2009-02-15 13:08 <DIR> d-------- c:\program files\iPod
2009-02-15 13:08 . 2009-02-15 13:08 <DIR> d-------- c:\program files\Bonjour
2009-02-15 13:07 . 2009-02-15 13:07 <DIR> d-------- c:\program files\Apple Software Update
2009-02-15 13:06 . 2009-02-15 13:06 <DIR> d-------- c:\users\All Users\Apple
2009-02-15 13:06 . 2009-02-15 13:06 <DIR> d-------- c:\programdata\Apple
2009-02-15 13:06 . 2009-02-15 13:08 <DIR> d-------- c:\program files\Common Files\Apple
2009-02-11 20:27 . 2009-02-18 21:24 83,296,256 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-02-11 20:27 . 2009-02-18 21:24 589,824 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-11 20:27 . 2009-02-18 21:24 65,536 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-11 20:26 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-11 20:26 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-11 20:26 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-11 20:26 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-11 20:26 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 20:20 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 20:20 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-11 08:17 . 2009-02-11 20:18 <DIR> d-------- c:\windows\Logs
2009-02-10 13:22 . 2009-02-10 13:32 <DIR> d-------- c:\users\beernaert\AppData\Roaming\DriverCure
2009-02-10 13:22 . 2009-02-10 13:22 <DIR> d-------- c:\users\All Users\ParetoLogic
2009-02-10 13:22 . 2009-02-10 13:32 <DIR> d-------- c:\users\All Users\DriverCure
2009-02-10 13:22 . 2009-02-10 13:22 <DIR> d-------- c:\programdata\ParetoLogic
2009-02-10 13:22 . 2009-02-10 13:32 <DIR> d-------- c:\programdata\DriverCure
2009-02-10 13:22 . 2009-02-10 13:22 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2009-02-07 17:49 . 2009-02-21 05:53 <DIR> d-------- c:\users\beernaert\AppData\Roaming\Ashampoo Photo Commander 5
2009-02-07 12:51 . 2009-02-07 17:45 <DIR> d-------- c:\program files\Ashampoo
2009-02-06 22:28 . 2009-02-06 22:28 <DIR> d-------- c:\users\beernaert\AppData\Roaming\Canneverbe_Limi ted
2009-02-06 22:00 . 2009-02-06 22:00 <DIR> d-------- c:\windows\PCHEALTH
2009-02-06 10:07 . 2009-02-07 12:58 <DIR> d-------- c:\users\beernaert\AppData\Roaming\Ashampoo
2009-02-06 10:00 . 2009-02-06 10:00 <DIR> d-------- c:\users\All Users\ashampoo
2009-02-06 10:00 . 2009-02-06 10:00 <DIR> d-------- c:\programdata\ashampoo
2009-02-04 23:07 . 2009-02-04 23:07 <DIR> d-------- c:\program files\PC Camera
2009-02-04 23:07 . 2006-11-03 10:59 48,128 --a------ c:\windows\System32\Remove.exe
2009-02-04 23:07 . 2007-03-15 11:01 284 --a------ c:\windows\System32\Remover.ini
2009-02-04 19:23 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-04 19:23 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-04 19:23 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-04 19:23 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2009-02-04 19:23 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-04 19:23 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-04 19:23 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-04 19:23 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-04 19:19 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-04 19:19 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-04 19:19 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-04 19:19 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-04 19:19 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-04 14:31 . 2009-02-04 14:31 <DIR> d-------- c:\users\All Users\ATI
2009-02-04 14:31 . 2009-02-04 14:31 <DIR> d-------- c:\programdata\ATI
2009-02-04 13:33 . 2009-02-04 13:33 <DIR> d-------- c:\program files\PC Drivers HeadQuarters(209)

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-02 18:03 --------- d-----w c:\users\beernaert\AppData\Roaming\Skype
2009-03-01 13:08 --------- d-----w c:\users\beernaert\AppData\Roaming\uTorrent
2009-03-01 00:13 --------- d-----w c:\program files\Intel
2009-02-26 03:07 --------- d-----w c:\programdata\PC Drivers HeadQuarters
2009-02-26 03:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 09:34 --------- d-----w c:\program files\ISP Monitor
2009-02-18 09:33 737,280 ----a-w c:\windows\iun6002.exe
2009-02-15 12:07 --------- d-----w c:\programdata\Apple Computer
2009-02-15 10:46 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-15 10:46 --------- d-----w c:\program files\Java
2009-02-12 18:30 --------- d-----w c:\users\beernaert\AppData\Roaming\dvdcss
2009-02-10 19:47 --------- d-----w c:\programdata\BitDefender
2009-02-08 18:47 --------- d---a-w c:\program files\Common Files\LightScribe
2009-02-08 18:21 --------- d-----w c:\programdata\LightScribe
2009-02-04 22:07 --------- d-----w c:\program files\Common Files\PAC207
2009-02-04 17:34 --------- d-----w c:\users\beernaert\AppData\Roaming\vlc
2009-02-04 17:34 --------- d-----w c:\program files\Samsung
2009-02-04 17:34 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-04 17:34 --------- d-----w c:\program files\CCleaner
2009-02-04 17:33 --------- d-----w c:\program files\ATI
2009-02-04 14:23 --------- d-----w c:\program files\ATI Technologies
2009-01-27 20:42 --------- d-----w c:\program files\Portrait Displays
2009-01-25 17:23 --------- d-----w c:\program files\Hewlett-Packard
2009-01-25 09:35 --------- d-----w c:\programdata\Lavasoft
2009-01-20 09:36 --------- d-----w c:\users\beernaert\AppData\Roaming\Malwarebytes
2009-01-20 09:36 --------- d-----w c:\programdata\Malwarebytes
2009-01-15 20:46 --------- d-----w c:\program files\Windows Mail
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-13 08:45 954,368 ----a-w c:\windows\system32\drivers\athr.sys
2009-01-05 20:04 --------- d-----w c:\users\beernaert\AppData\Roaming\ISP Monitor
2009-01-04 16:25 --------- d-----w c:\program files\VistaCodecPack
2009-01-04 10:37 --------- d-----w c:\programdata\VistaCodecs
2009-01-03 22:42 81,984 ----a-w c:\windows\System32\bdod.bin
2009-01-03 17:06 --------- d-----w c:\users\beernaert\AppData\Roaming\BitDefender
2009-01-03 17:04 --------- d-----w c:\program files\Common Files\BitDefender
2009-01-03 17:04 --------- d-----w c:\program files\BitDefender
2008-12-24 11:05 1,036,288 ----a-w c:\windows\System32\VSFilter.dll
2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-12-07 12:08 795,648 ----a-w c:\windows\System32\xvidcore.dll
2008-12-07 12:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll
2008-12-03 19:15 2,030,080 ----a-w c:\windows\System32\python30.dll
2008-11-21 12:11 160 ----a-w c:\users\beernaert\AppData\Roaming\wklnhst.dat
2008-07-04 19:29 174 --sha-w c:\program files\desktop.ini
2008-06-24 15:28 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-06-24 15:28 56 ---ha-w c:\programdata\ezsidmv.dat
2008-11-12 15:03 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2008-11-12 15:03 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-12 15:03 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
2008-06-15 07:34 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-01-03 360448]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.ex e" [2006-11-03 319488]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Google Update"="c:\users\beernaert\AppData\Local\Google\U pdate\GoogleUpdate.exe" /c
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"SunJavaUpdateReg"="c:\windows\system32\jureg. exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DT HPW"=c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{3F33BC46-529F-47F8-B659-0F212CB45258}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{710EE531-190F-41D6-83C6-948DE8021B1E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D7C8FFB3-1576-4174-93DE-31BB979E7ED7}"= UDP:9420:Red Swoosh
"{C3D49CCD-2E00-4CEE-AE7E-9DEA8D5960E5}"= TCP:5000:Red Swoosh
"TCP Query User{FB54CE7F-3B67-4A1A-8C40-456BB76A21CD}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{532403EA-9E84-4199-B11A-F39F24C8B65B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9BB8B88D-4021-4525-BBA1-2580A69A8CC9}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{22686D4F-F0E1-49F0-97F0-3F18FE54CC29}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{C0F268AE-7745-41A3-9336-319E92850F7C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{044AFADB-F4DA-4F1C-940B-247575AF68A7}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{A7FC72EB-6323-4910-98E1-1CB955A17F04}"= UDP:9420:Akamai NetSession Interface
"{91DFE7A0-52D2-4FD4-B6F1-3104A89BCD4B}"= TCP:5000:Akamai NetSession Interface
"{D87497BD-DE77-4DC4-864C-659760FC4DEC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{71945091-F188-432A-9C2E-1DDAC52AC88F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AA1998A0-1433-47E9-A580-00346364F419}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2802723E-56EE-452C-B2F6-D29FAA35FCEA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-01 603904]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2008-01-25 85520]
R3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [2006-12-05 507136]
S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [2008-12-10 7808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S4 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [2007-08-23 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map

2009-03-02 c:\windows\Tasks\1-klik Onderhoud.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:12]

2009-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4198273856-2802487723-2920741586-1000.job
- c:\users\beernaert\AppData\Local\Google\Update\Goo gleUpdate.exe [2008-12-20 13:44]

2009-02-28 c:\windows\Tasks\NeroLiveEpgUpdate-pchuis_beernaert.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe []
.
.
------- Bijkomende Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion &pf=desktop
uInternet Settings,ProxyOverride = *.local
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 19:03:50
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2009-03-02 19:05:51
ComboFix-quarantined-files.txt 2009-03-02 18:05:47
ComboFix2.txt 2009-02-28 21:03:12

Pre-Run: 422.608.683.008 bytes beschikbaar
Post-Run: 421,741,748,224 bytes beschikbaar

259 --- E O F --- 2009-02-28 21:27:42

[Juisterr]

Dat is niet combofix verwijderen maar runnen ?

[michael84]

( Dat is niet combofix verwijderen maar runnen ? )
Sorry maar wat bedoeld u.

[Juisterr]

Doe dan dit.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U
Klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.