kheb een logje gemaakt over mijn probleem
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:59, on 28/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Users\Sandro\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/ (http://www.hln.be/)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://be.msn.com/?lang=nl-be (http://be.msn.com/?lang=nl-be)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/?lang=nl-be (http://be.msn.com/?lang=nl-be)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com (http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PrintUtil] C:\Program Files\HP\HP Print Utility\PrintUtil.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab (http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab (http://express.foto.com/ImageUploader5.cab)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab (http://download.bitdefender.com/resources/scan8/oscan8.cab)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab (http://express.foto.com/Newuploader/ImageUploader4.cab)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab)
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata...SUploader4.cab (http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata...SUploader4.cab (http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab (http://www.adobe.com/products/acrobat/nos/gp.cab)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...38/mcfscan.cab (http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5438/mcfscan.cab)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10005 bytes

mijn probleem is als ik hem opstart steeds een melding krijg van computerprobleem oplossen en ook een melding van dat sommige opstartprogramma's worden geblokkeerd. ik kan ook soms niet op sommige internet pagina"s

Download MBAM (Malwarebytes' Anti-Malware) via hier (http://www.besttechie.net/tools/mbam-setup.exe) of hier (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html).
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Malwarebytes' Anti-Malware 1.31
Database versie: 1565
Windows 6.0.6001 Service Pack 1
29/12/2008 20:58:00
mbam-log-2008-12-29 (20-58-00).txt
Scan type: Snelle Scan
Objecten gescand: 51482
Verstreken tijd: 5 minute(s), 5 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)


ik krijg nog steeds die meldingen wanneer ik mijn pc opstart

mvg sandro

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.Post dit logje in je volgende antwoord.[/quote]

kheb hier het logje maar heb deze gescand zonder de recovery cd, anders moet ik deze morgen es zoeken en opnieuw proberen
kzit wel met de vista versie en kweetnie of ik deze wel heb

ComboFix 08-12-28.04 - Sandro 2008-12-29 22:20:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1013.235 [GMT 1:00]
Gestart vanuit: c:\users\Sandro\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-11-28 to 2008-12-29 ))))))))))))))))))))))))))))))
.
2008-12-29 22:01 . 2008-12-29 22:00 318,976 --a------ c:\windows\System32\CF1812.exe
2008-12-29 20:43 . 2008-12-29 20:43 <DIR> d-------- c:\users\Sandro\AppData\Roaming\Malwarebytes
2008-12-29 20:43 . 2008-12-29 20:43 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-29 20:43 . 2008-12-29 20:43 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-29 20:43 . 2008-12-29 20:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-29 20:43 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-29 20:43 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-29 19:19 . 2008-12-29 19:19 <DIR> d-------- c:\program files\Lavasoft
2008-12-29 19:17 . 2008-12-29 19:17 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-25 01:39 . 2008-12-25 01:40 <DIR> d-------- c:\users\Sandro\Incomplete
2008-12-21 11:18 . 2008-12-21 11:17 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-14 22:25 . 2008-12-14 22:25 <DIR> d-------- c:\program files\Panasonic
2008-12-14 22:25 . 2006-02-27 11:45 36,864 --a------ c:\windows\System32\SDDEVMGR.dll
2008-12-13 10:55 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 20:31 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 20:31 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 20:31 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-11 20:28 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 20:28 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 20:28 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 20:26 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 20:26 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-01 21:10 . 2008-12-28 21:45 <DIR> d-------- c:\users\Sandro\AppData\Roaming\TuxPaint
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-29 18:19 --------- d-----w c:\programdata\Lavasoft
2008-12-28 19:27 --------- d-----w c:\users\Sandro\AppData\Roaming\Azureus
2008-12-24 20:11 --------- d-----w c:\users\Sandro\AppData\Roaming\Screenshot Sender
2008-12-21 10:17 --------- d-----w c:\program files\Java
2008-12-14 21:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 10:16 --------- d-----w c:\program files\Windows Mail
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-23 21:18 --------- d-----w c:\program files\Alwil Software
2008-11-23 21:11 --------- d-----w c:\programdata\McAfee
2008-11-22 21:08 --------- d-----w c:\program files\Softwin
2008-11-22 21:08 --------- d-----w c:\program files\Common Files\Softwin
2008-11-22 21:07 81,984 ----a-w c:\windows\System32\bdod.bin
2008-11-21 21:11 --------- d-----w c:\programdata\Eisoo
2008-11-20 20:32 --------- d-----w c:\users\Sandro\AppData\Roaming\AVG7
2008-11-20 20:32 --------- d-----w c:\programdata\avg7
2008-11-18 20:43 --------- d-----w c:\users\Sandro\AppData\Roaming\Lavasoft
2008-11-18 20:13 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-18 20:13 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-16 13:06 --------- d-----w c:\program files\Common Files\Adobe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-23 20:00 410,778 ----a-w c:\windows\MarioForever_Toolbar_Uninstaller_906.ex e
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-08-05 08:31 174 --sha-w c:\program files\desktop.ini
2008-08-04 20:44 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
2008-08-04 20:44 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-04 20:44 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"????r"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-20 244512]
"AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-20 754712]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"PrintUtil"="c:\program files\HP\HP Print Utility\PrintUtil.exe" [2008-01-02 663552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-30 113664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-11 528384]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{08CF0699-23F5-4DE4-BBB5-649F11F14103}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{3FBED029-26F5-44EB-9354-84D0964D1832}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{61BC55AB-5A44-4F83-B855-FFD746ACD9A0}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A524D153-9FB8-4D3D-BC87-703213BED779}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{FF8D62EF-EC67-4FC3-A0A4-20034951A892}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{AB681C83-A085-451B-A47C-2FA622166DB1}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{0145B6F3-9AA5-42B5-8CC7-217BE20E00EA}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{0AF98E9F-F53A-430E-8CFC-4244A5E56283}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{AF00D10F-7A46-49E5-BCF2-4E8FD71FFD09}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{74AFC287-ACED-4141-A64E-B4640B3F83FC}c:\\program files\\bittornado\\btdownloadgui.exe"= UDP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{D41BDFF5-2370-4C30-BB61-EA7AD9BDFC9F}c:\\program files\\bittornado\\btdownloadgui.exe"= TCP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"{DAB28AAE-EA63-4330-81EC-F8C6532CE393}"= Disabled:UDP:c:\program files\IncrediMail\bin\IMApp.exe:IncrediMail
"{2F2DFB18-77AA-42BC-B2E1-44A58AF91D02}"= Disabled:TCP:c:\program files\IncrediMail\bin\IMApp.exe:IncrediMail
"{3DA25E2D-860F-461A-9F54-21901291BF6D}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{3BFB4C0A-E852-4E95-AAE4-622634D49A08}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{C315D875-0270-4C1C-9215-B0432DE24C42}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F919B5C6-9998-4871-92EF-40FD21E75190}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
R0 AFS;AFS;c:\windows\system32\drivers\AFS.sys [2007-08-03 77004]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-23 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswF sBlk.sys [2008-11-23 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\as wMonFlt.sys [2008-11-23 51792]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDrive r.sys [2008-04-03 46112]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-12-11 847392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-12-11 31232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe

************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 22:25:12
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'Explorer.exe'(5292)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Voltooingstijd: 2008-12-29 22:30:50
ComboFix-quarantined-files.txt 2008-12-29 21:30:43
Pre-Run: 20,426,432,512 bytes beschikbaar
Post-Run: 24,159,150,080 bytes beschikbaar
184 --- E O F --- 2008-12-29 16:34:41

Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
c:\windows\System32\CF1812.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"????r"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]


Sla dit op op je Bureaublad als CFScript .

Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :


http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif


Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

ComboFix 08-12-28.04 - Sandro 2008-12-30 20:16:02.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1013.155 [GMT 1:00]
Gestart vanuit: c:\users\Sandro\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Sandro\Desktop\CFSCRIPT.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\windows\System32\CF1812.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\System32\CF1812.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-11-28 to 2008-12-30 ))))))))))))))))))))))))))))))
.
2008-12-29 20:43 . 2008-12-29 20:43 <DIR> d-------- c:\users\Sandro\AppData\Roaming\Malwarebytes
2008-12-29 20:43 . 2008-12-29 20:43 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-29 20:43 . 2008-12-29 20:43 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-29 20:43 . 2008-12-29 20:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-29 20:43 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-29 20:43 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-29 19:19 . 2008-12-29 19:19 <DIR> d-------- c:\program files\Lavasoft
2008-12-29 19:17 . 2008-12-29 19:17 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-25 01:39 . 2008-12-25 01:40 <DIR> d-------- c:\users\Sandro\Incomplete
2008-12-21 11:18 . 2008-12-21 11:17 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-14 22:25 . 2008-12-14 22:25 <DIR> d-------- c:\program files\Panasonic
2008-12-14 22:25 . 2006-02-27 11:45 36,864 --a------ c:\windows\System32\SDDEVMGR.dll
2008-12-13 10:55 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 20:31 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 20:31 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 20:31 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-11 20:28 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 20:28 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 20:28 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 20:26 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 20:26 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-01 21:10 . 2008-12-28 21:45 <DIR> d-------- c:\users\Sandro\AppData\Roaming\TuxPaint
2008-11-26 19:08 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 19:08 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 19:08 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 19:08 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 19:08 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-23 22:18 . 2008-11-23 22:18 <DIR> d-------- c:\program files\Alwil Software
2008-11-23 22:18 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-11-23 22:11 . 2008-11-23 22:11 <DIR> d-------- c:\users\All Users\McAfee
2008-11-23 22:11 . 2008-11-23 22:11 <DIR> d-------- c:\programdata\McAfee
2008-11-23 21:49 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-23 21:49 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-23 21:49 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-23 21:49 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-23 21:48 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-23 21:48 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-23 21:48 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-23 21:48 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-23 21:48 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-21 22:11 . 2008-11-21 22:11 <DIR> d-------- c:\users\All Users\Eisoo
2008-11-21 22:11 . 2008-11-21 22:11 <DIR> d-------- c:\programdata\Eisoo
2008-11-21 22:02 . 2008-11-22 22:07 81,984 --a------ c:\windows\System32\bdod.bin
2008-11-21 21:51 . 2008-11-22 22:08 <DIR> d-------- c:\program files\Softwin
2008-11-20 21:29 . 2008-11-22 22:08 <DIR> d-------- c:\program files\Common Files\Softwin
2008-11-19 21:49 . 2008-11-19 21:49 <DIR> d-------- c:\windows\McAfee.com
2008-11-19 21:36 . 2008-11-19 21:36 <DIR> d-------- c:\windows\BDOSCAN8
2008-11-18 21:58 . 2008-12-29 19:19 <DIR> d-------- c:\users\All Users\Lavasoft
2008-11-18 21:58 . 2008-12-29 19:19 <DIR> d-------- c:\programdata\Lavasoft
2008-11-18 21:13 . 2008-11-18 21:13 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-18 21:13 . 2008-11-18 21:13 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-12 17:37 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 17:37 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 17:37 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-01 08:31 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-01 08:31 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-01 08:31 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-01 08:31 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-01 08:31 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-28 19:27 --------- d-----w c:\users\Sandro\AppData\Roaming\Azureus
2008-12-24 20:11 --------- d-----w c:\users\Sandro\AppData\Roaming\Screenshot Sender
2008-12-21 10:17 --------- d-----w c:\program files\Java
2008-12-14 21:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 10:16 --------- d-----w c:\program files\Windows Mail
2008-11-20 20:32 --------- d-----w c:\users\Sandro\AppData\Roaming\AVG7
2008-11-20 20:32 --------- d-----w c:\programdata\avg7
2008-11-18 20:43 --------- d-----w c:\users\Sandro\AppData\Roaming\Lavasoft
2008-11-16 13:06 --------- d-----w c:\program files\Common Files\Adobe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-23 20:00 410,778 ----a-w c:\windows\MarioForever_Toolbar_Uninstaller_906.ex e
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-08-05 08:31 174 --sha-w c:\program files\desktop.ini
2008-08-04 20:44 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
2008-08-04 20:44 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-04 20:44 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-29_22.25.49.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-29 20:01:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2008-12-30 17:59:19 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2008-12-29 20:01:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2008-12-30 17:59:19 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2008-12-29 21:25:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-30 18:01:12 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-12-29 20:03:59 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-12-30 18:02:28 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-12-30 18:02:28 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
- 2008-12-29 20:01:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-12-30 19:05:57 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-12-29 20:01:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-30 19:05:57 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-29 20:01:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-30 19:05:57 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-16 19:51:34 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-30 18:12:03 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-16 19:51:34 126,854 ----a-w c:\windows\System32\perfc013.dat
+ 2008-12-30 18:12:03 126,854 ----a-w c:\windows\System32\perfc013.dat
- 2008-12-16 19:51:34 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-30 18:12:03 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-16 19:51:34 667,352 ----a-w c:\windows\System32\perfh013.dat
+ 2008-12-30 18:12:03 667,352 ----a-w c:\windows\System32\perfh013.dat
- 2008-12-29 20:03:48 11,640 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3978875828-3625826887-2795598368-1000_UserData.bin
+ 2008-12-30 18:02:23 11,640 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3978875828-3625826887-2795598368-1000_UserData.bin
- 2008-12-29 20:03:48 77,732 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-12-30 18:02:22 77,818 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2008-12-29 20:03:46 64,296 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2008-12-30 18:02:11 64,296 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2008-12-26 14:57:46 264,274 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S4.bin
+ 2008-12-30 18:55:52 264,548 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S4.bin
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"????r"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-20 244512]
"AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-20 754712]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"PrintUtil"="c:\program files\HP\HP Print Utility\PrintUtil.exe" [2008-01-02 663552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-30 113664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-11 528384]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{08CF0699-23F5-4DE4-BBB5-649F11F14103}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{3FBED029-26F5-44EB-9354-84D0964D1832}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{61BC55AB-5A44-4F83-B855-FFD746ACD9A0}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A524D153-9FB8-4D3D-BC87-703213BED779}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{FF8D62EF-EC67-4FC3-A0A4-20034951A892}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{AB681C83-A085-451B-A47C-2FA622166DB1}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{0145B6F3-9AA5-42B5-8CC7-217BE20E00EA}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{0AF98E9F-F53A-430E-8CFC-4244A5E56283}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{AF00D10F-7A46-49E5-BCF2-4E8FD71FFD09}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{74AFC287-ACED-4141-A64E-B4640B3F83FC}c:\\program files\\bittornado\\btdownloadgui.exe"= UDP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{D41BDFF5-2370-4C30-BB61-EA7AD9BDFC9F}c:\\program files\\bittornado\\btdownloadgui.exe"= TCP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"{DAB28AAE-EA63-4330-81EC-F8C6532CE393}"= Disabled:UDP:c:\program files\IncrediMail\bin\IMApp.exe:IncrediMail
"{2F2DFB18-77AA-42BC-B2E1-44A58AF91D02}"= Disabled:TCP:c:\program files\IncrediMail\bin\IMApp.exe:IncrediMail
"{3DA25E2D-860F-461A-9F54-21901291BF6D}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{3BFB4C0A-E852-4E95-AAE4-622634D49A08}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{C315D875-0270-4C1C-9215-B0432DE24C42}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F919B5C6-9998-4871-92EF-40FD21E75190}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
R0 AFS;AFS;c:\windows\system32\drivers\AFS.sys [2007-08-03 77004]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-23 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswF sBlk.sys [2008-11-23 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\as wMonFlt.sys [2008-11-23 51792]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDrive r.sys [2008-04-03 46112]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-12-11 847392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-12-11 31232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 20:19:47
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-12-30 20:25:35
ComboFix-quarantined-files.txt 2008-12-30 19:25:31
ComboFix2.txt 2008-12-29 21:30:51
Pre-Run: 24.062.140.416 bytes beschikbaar
Post-Run: 23,616,282,624 bytes beschikbaar
228 --- E O F --- 2008-12-29 16:34:41


OP EEN GEGEVEN MOMENT ZEGT HIJ FIND STRING UTILITY WERKT NIET MEER

GREETZ

Nog problemen?

jep kheb net es heropgestart en krijg nog steeds die 2 meldingen, tis toch raar é
en ik kan soms op sommige sites niet en dan weer wel

greetz sandro

* Leeg de Cache and Cookies in IE: Sluit Internet Explorer.
Ga naar Configuratiescherm > Internet Opties > tab Algemeen
Klik de Cookies verwijderen knop
Klik op de Bestanden verwijderen knop ernaast
Vink aan: Ook alle off line items verwijderen, klik OK* Leeg de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is): Ga naar Extra > Opties.
Klik Privacy in het menu.
Klik op de knop Wissen (Geschiedenis, Cookies, Cache).
Klik OK om het venster opnieuw te sluiten. * Leeg andere Temporary files + Prullenbak Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
Laat het je systeem scannen op bestanden die moeten verwijderd worden
Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden'en 'prullenbak'staan aangevinkt.
Klik daarna op OK.
* Defragmenteer de harde schijf eens
Dit raad ik je aan om in veilige modus (http://users.pandora.be/marcvn/spyware/1378056.htm) te doen. Indien je opstart in veilige modus is handig dat je al het onderstaande opslaat en/of uit print omdat je de verdere instructies niet kunt terug vinden in veilige modus:
Ga naar Start -- Uitvoeren
Typ in: dfrg.msc en druk op Ok.
Druk nu op 'Defragmenteren'.
Als dit klaar is kan je de PC weer herstarten.

kheb alles gedaan maar als ik opstart in veilige modus dan vind hij dat niet van dfrg.msc

kheb alles gedaan maar als ik opstart in veilige modus dan vind hij dat niet van dfrg.msc

Mag ook in normale modus hoor.

in normale modus vindt hij dat ook niet

Heb je nog problemen nu?

ik krijg nog steeds die meldingen als ik hem opstart en die defragmentatie, dat doet hij automatisch voor mij

mvg sandro

wat is er eigenlijk gaande met mijn pc

Kun je nog eens een scan met MBAM doen en deze log hier posten.

Malwarebytes' Anti-Malware 1.32
Database versie: 1632
Windows 6.0.6001 Service Pack 1
8/01/2009 20:51:01
mbam-log-2009-01-08 (20-51-01).txt
Scan type: Snelle Scan
Objecten gescand: 50469
Verstreken tijd: 3 minute(s), 51 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Raar dat MBAM niets vind. Kun je het defragmenteren niet uitschakelen?

ja ik kan dat maar wat is de bedoeling daarvan?

ja ik kan dat maar wat is de bedoeling daarvan?

Stel deze vraag even in het software forum, aub. Ik heb ooit geweten hoe je dit kon stoppen maar vind het niet direct terug. Ik blijf alvast verder zoeken.