Beste mensen,

Het is al een hele poos geleden dat ik jullie hulp heb moeten inroepen maar nu is het
zover.

AVG dedecteert een treat op onze pc. Ik zie bij AVG iets staan van Trojan Horse Generic 19AFJM
Deze treat wordt alleen gededecteerd wanneer er gesurft wordt via IE en niet via Google Chrome.
Ik heb Spybot Search & Destroy geinstaleerd en laten scannen maar ik krijg daarna nog steeds een threatmelding.
Hieronder een Hijachthis-logje.
Hopelijk kan er iemand van jullie mij helpen.
Alvast bedankt !


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:04, on 2-10-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\leo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\leo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\leo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [VMail] C:\Program Files\VMail\VMail\VMail.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262357175000
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49BEAD57-F20D-4D68-BC4C-674D3ADDD784}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{49BEAD57-F20D-4D68-BC4C-674D3ADDD784}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{49BEAD57-F20D-4D68-BC4C-674D3ADDD784}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

--
End of file - 9765 bytes

1) Zet TeaTimer van Spybot even uit tijdens de fix want hij kan veranderingen in de weg staan.
- Start Spybot S&D
- Ga naar het Mode menu en selecteer "Advanced Mode"
- Aan de linkerkant, kies "Tools"kies "Tools" (of gereedschap ) en klik op > Resident
- Uitvinken "Resident TeaTimer" en en sluit Spybot S&D.
- Herstart de computer.

2) Download het volgende naar je bureaublad: ResetTeaTimer.exe (http://home.kpn.nl/stefsmeenk/ResetTeaTimer.exe)
Dubbelklik daarna op ResetTeaTimer.exe
Dit zal de voorgaande items die je toegelaten hebt of geblokkeerd hebt via TeaTimer terug resetten.

(AVG8 actief)

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O17 - HKLM\System\CCS\Services\Tcpip\..\{49BEAD57-F20D-4D68-BC4C-674D3ADDD784}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{49BEAD57-F20D-4D68-BC4C-674D3ADDD784}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{49BEAD57-F20D-4D68-BC4C-674D3ADDD784}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Download MalwareBytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:

Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware

Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.

Alvast bedankt voor je snelle reactie, Juisterr.
Hieronder de gevraagde logjes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4733

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2-10-2010 22:07:24
mbam-log-2010-10-02 (22-07-24).txt

Scantype: Snelle scan
Objecten gescand: 176589
Verstreken tijd: 32 minuut/minuten, 13 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 8

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\cryptnet32.dll (Trojan.Delf) -> Quarantined and deleted successfully.
C:\Documents and Settings\leo\Local Settings\Temp\357vfp1v.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\leo\Local Settings\Temp\xvivwqxd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\leo\Local Settings\Temp\_3D9.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\leo\Local Settings\Temp\_3DA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\leo\Local Settings\Temp\_56F.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\leo\Local Settings\Temp\_570.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shimg.dll (Trojan.Agent) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:16, on 2-10-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\VMail\VMail\VMail.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\leo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\leo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [VMail] C:\Program Files\VMail\VMail\VMail.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262357175000
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

--
End of file - 8779 bytes

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) en sla deze op je Bureaublad op.


Dubbelklik op TFC.exe om het programma te openen.
Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
Klik op de knop Start om het programma te starten.
Als het programma klaar is, dan zal het je computer opnieuw opstarten.
Als dit niet gebeurt, start dan je computer handmatig opnieuw op.




Update je mbam scanner en doe een nieuwe scan, verwijder alles wat word gevonden en start opnieuw op.

Plaats een vers HijackThis logje en vertel even hoe het nu gaat aub.

Beste Juisterr,

Ik heb gedaan wat je vroeg, maar het mag niet zijn.......
Ik heb ff IE geopend en na een paar minuten kreeg ik de melding van AVG "Thread found"
Mbam scanner had bij de 2de scan nochtans niets meer gevonden. :-(

Hieronder de 3de Hijackthis log.
Sorry voor de last.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:44, on 2-10-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\VMail\VMail\VMail.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\leo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\leo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [VMail] C:\Program Files\VMail\VMail\VMail.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262357175000
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

--
End of file - 8824 bytes

Beste Juisterr,

Nu krijg ik een Threatmelding van AVG, 2 min. na het opstarten van de pc, zonder dat er verbinding is gemaakt
met het internet. Het is blijkbaar een taai beestje :-(

Ik denk eerder dat er in de quarantine box van AVG nog wat zit, wil je die box eerst even ledigen aub.

Beste Juisterr,

Ik heb alles leeggemaakt bij AVG maar krijg nog steeds de threatmeldingen :-(

Download ComboFix van één van deze locaties:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier (http://www.bleepingcomputer.com/forums/topic114351.html)

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.



http://www.bleepstatic.com/combofix/nl/cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

http://www.bleepstatic.com/combofix/nl/rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Hey Juisterr,

Hier ben ik weer.
Eerst en vooral bedankt voor zoveel moeite.
Ik heb gedaan wat je hierboven schreef en hieronder is de log van Combofix.

ComboFix 10-10-04.02 - leo 05-10-2010 19:54:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.197 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documenten\Server\admin.txt
c:\documents and settings\All Users\Documenten\Server\server.dat
c:\documents and settings\leo\Onlangs geopend\Thumbs.db
c:\windows\system32\crt.dat
c:\windows\system32\cryptnet32.dll
c:\windows\system32\shimg.dll
Besmet exemplaar van c:\windows\system32\drivers\imapi.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty had a snack :p
c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!
c:\windows\explorer.exe . . . is geïnfecteerd!!
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-05 to 2010-10-05 ))))))))))))))))))))))))))))))
.
2010-10-05 15:19 . 2010-10-05 15:19 4100960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-10-05 15:19 . 2010-10-05 15:19 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-10-05 15:19 . 2010-10-05 15:19 4394336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-10-01 17:56 . 2010-10-01 17:56 8975800 ----a-w- c:\documents and settings\leo\Application Data\Azureus\tmp\AZU8938929296252887391.tmp\Vuze_4 .5.0.4c_win32.exe
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-23 13:58 . 2010-09-23 13:58 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 13:58 . 2010-09-23 13:58 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 13:58 . 2010-09-23 13:58 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 13:58 . 2010-09-23 13:58 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 13:58 . 2010-09-23 13:58 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 13:58 . 2010-09-23 13:58 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 13:56 . 2010-09-23 13:56 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-08 14:07 . 2010-09-08 14:11 -------- d-----w- c:\program files\Windows Live Safety Center
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-10-05 18:11 . 2010-03-01 18:28 -------- d-----w- c:\documents and settings\leo\Application Data\LimeWire
2010-10-05 17:36 . 2010-01-03 16:19 -------- d-----w- c:\documents and settings\leo\Application Data\HPAppData
2010-10-05 17:31 . 2010-04-28 16:06 -------- d-----w- c:\program files\Norton Security Scan
2010-10-05 17:31 . 2010-03-14 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-10-05 17:31 . 2010-03-17 17:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-01 17:58 . 2010-04-25 11:37 -------- d-----w- c:\documents and settings\leo\Application Data\Azureus
2010-09-29 12:22 . 2009-12-29 22:29 84072 ----a-w- c:\documents and settings\leo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-29 11:07 . 2009-12-31 17:48 -------- d-----w- c:\program files\Google
2010-09-27 12:38 . 2010-03-01 20:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-05 10:01 . 2010-09-05 10:01 61440 ----a-w- c:\documents and settings\Evert\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-321009c8-n\decora-sse.dll
2010-09-05 10:01 . 2010-09-05 10:01 503808 ----a-w- c:\documents and settings\Evert\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-48aa3318-n\msvcp71.dll
2010-09-05 10:01 . 2010-09-05 10:01 348160 ----a-w- c:\documents and settings\Evert\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-48aa3318-n\msvcr71.dll
2010-09-05 10:01 . 2010-09-05 10:01 499712 ----a-w- c:\documents and settings\Evert\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-48aa3318-n\jmc.dll
2010-09-05 10:01 . 2010-09-05 10:01 12800 ----a-w- c:\documents and settings\Evert\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-321009c8-n\decora-d3d.dll
2010-08-09 12:38 . 2010-08-09 12:38 503808 ----a-w- c:\documents and settings\leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4caa099b-n\msvcp71.dll
2010-08-09 12:38 . 2010-08-09 12:38 348160 ----a-w- c:\documents and settings\leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4caa099b-n\msvcr71.dll
2010-08-09 12:38 . 2010-08-09 12:38 61440 ----a-w- c:\documents and settings\leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-66e39b4e-n\decora-sse.dll
2010-08-09 12:38 . 2010-08-09 12:38 499712 ----a-w- c:\documents and settings\leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4caa099b-n\jmc.dll
2010-08-09 12:38 . 2010-08-09 12:38 12800 ----a-w- c:\documents and settings\leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-66e39b4e-n\decora-d3d.dll
2010-07-24 12:01 . 2010-07-24 12:01 61440 ----a-w- c:\documents and settings\Bennert\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-4afaa843-n\decora-sse.dll
2010-07-24 12:01 . 2010-07-24 12:01 12800 ----a-w- c:\documents and settings\Bennert\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-4afaa843-n\decora-d3d.dll
2010-07-24 12:01 . 2010-07-24 12:01 503808 ----a-w- c:\documents and settings\Bennert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-7245bad8-n\msvcp71.dll
2010-07-24 12:01 . 2010-07-24 12:01 499712 ----a-w- c:\documents and settings\Bennert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-7245bad8-n\jmc.dll
2010-07-24 12:01 . 2010-07-24 12:01 348160 ----a-w- c:\documents and settings\Bennert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-7245bad8-n\msvcr71.dll
2010-07-16 10:07 . 2009-12-30 17:16 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 10:07 . 2010-07-16 10:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 10:01 . 2009-12-30 17:16 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-13 15:51 . 2004-08-04 12:00 498912 ----a-w- c:\windows\system32\perfh013.dat
2010-07-13 15:51 . 2004-08-04 12:00 91832 ----a-w- c:\windows\system32\perfc013.dat
.
------- Sigcheck -------
[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe
[-] 2004-08-04 . 146289E864457D60B8D409CA80DF58C5 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
[-] 2004-08-04 . 65F13FE1BF83B287E499631CACEC0410 . 1035776 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . 4EA419B6765344608E0C7D29E2F46C2D . 1035776 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 10:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30-12-2009 19:16 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30-12-2009 19:16 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16-7-2010 12:07 308136]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]
2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]
2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil 10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil1 0k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(2672)
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-10-05 20:17:28 - machine werd herstart
ComboFix-quarantined-files.txt 2010-10-05 18:17
Pre-Run: 31.838.318.592 bytes beschikbaar
Post-Run: 31.855.931.392 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - EAA3ECD9673A8751672746DC289E35CD

Downloadt TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand.

Post de inhoud van dit bestand.



Start de computer opnieuw.
Je ziet een keuzemenu waarin je de mogelijkheid hebt om je Windows te starten of de Recovery Console.

Start de Recovery Console.

In het zwarte scherm dat verschijnt druk je op Enter om je toetsenbordindeling te kiezen (standaard wordt een US-indeling gekozen).
Met de pijltjes-toetsen kan je eventueel de juiste toetsenbordlayout kiezen.
Bevestig je keuze met Enter.
Je krijgt een lijstje van de Windows installaties die aanwezig zijn op je computer.
Op de vraag 'Bij welke Windows-installatie wilt u zich aanmelden?', kies je de juiste installatie door het nummer in te tikken dat er voor staat. (meestal 1).

Daarna kan het zijn dat gevraagd wordt om het Administrator wachtwoord in te tikken.
Doe dit.
Indien je dit niet weet kan het zijn dat dit blanco gelaten is en dan druk je gewoon op Enter.
Achter de command prompt tik je dit commando in: fixmbr
Druk daarna op Enter.
Herstart de computer.

Zodra de computer is herstart voer je meteen Combofix uit (zonder CFScript) en plaats het logje van Combofix in je volgende antwoord.

Hier ben ik weer:

Report van TDSSkiller.

2010/10/08 20:25:50.0984 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/08 20:25:50.0984 ================================================== ==============================
2010/10/08 20:25:50.0984 SystemInfo:
2010/10/08 20:25:50.0984
2010/10/08 20:25:50.0984 OS Version: 5.1.2600 ServicePack: 2.0
2010/10/08 20:25:50.0984 Product type: Workstation
2010/10/08 20:25:50.0984 ComputerName: LEO-928BC3391CE
2010/10/08 20:25:50.0984 UserName: leo
2010/10/08 20:25:50.0984 Windows directory: C:\WINDOWS
2010/10/08 20:25:50.0984 System windows directory: C:\WINDOWS
2010/10/08 20:25:50.0984 Processor architecture: Intel x86
2010/10/08 20:25:50.0984 Number of processors: 1
2010/10/08 20:25:50.0984 Page size: 0x1000
2010/10/08 20:25:50.0984 Boot type: Normal boot
2010/10/08 20:25:50.0984 ================================================== ==============================
2010/10/08 20:25:51.0593 Initialize success
2010/10/08 20:26:17.0687 ================================================== ==============================
2010/10/08 20:26:17.0687 Scan started
2010/10/08 20:26:17.0687 Mode: Manual;
2010/10/08 20:26:17.0687 ================================================== ==============================
2010/10/08 20:26:18.0140 ACPI (12139c5b5d7366e54ef3029c65b8ca97) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/08 20:26:18.0265 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/08 20:26:18.0375 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/10/08 20:26:18.0515 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/10/08 20:26:18.0640 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/10/08 20:26:18.0750 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/08 20:26:19.0156 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/10/08 20:26:19.0296 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/08 20:26:19.0359 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/08 20:26:19.0500 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/08 20:26:19.0578 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/08 20:26:19.0718 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/10/08 20:26:19.0750 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/10/08 20:26:19.0859 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/10/08 20:26:19.0984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/08 20:26:20.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/08 20:26:20.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/08 20:26:20.0500 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/08 20:26:20.0609 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/08 20:26:20.0828 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/08 20:26:21.0000 dmboot (d9542b70560cda5c4f5e62b1eed412cd) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/08 20:26:21.0203 dmio (b5f7ac6bb9445e9c59e0686fe52a47e8) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/08 20:26:21.0343 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/08 20:26:21.0421 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/08 20:26:21.0546 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/08 20:26:21.0609 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/08 20:26:21.0750 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/08 20:26:21.0890 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/08 20:26:22.0000 Fips (dac8cab287a959c2f717d3748177374b) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/08 20:26:22.0078 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/08 20:26:22.0203 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/08 20:26:22.0328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/08 20:26:22.0437 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/08 20:26:22.0546 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/08 20:26:22.0687 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/08 20:26:22.0796 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/08 20:26:22.0906 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/08 20:26:22.0968 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/08 20:26:23.0093 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/08 20:26:23.0281 i8042prt (ddb567b5fe32d917a34b98de50b3c923) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/08 20:26:23.0406 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/08 20:26:23.0500 IntelIde (133b243ee5ccc607686a5648b807542d) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/08 20:26:23.0593 intelppm (17f6ae3cb6b478c6054e2e894a6d89bf) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/08 20:26:23.0671 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/08 20:26:23.0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/08 20:26:23.0875 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/08 20:26:23.0984 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/08 20:26:24.0031 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/08 20:26:24.0234 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/08 20:26:24.0359 isapnp (fd298ad13acb19fc43b627aca0806231) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/08 20:26:24.0484 Kbdclass (59549e9180ce29d832289e1a1d9e3c60) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/08 20:26:24.0546 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/08 20:26:24.0671 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/08 20:26:24.0765 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/08 20:26:24.0890 Modem (7151be7fe5bd6671bf8ab745c419a42e) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/08 20:26:24.0953 Mouclass (0ff36ca1ac0b7d2e46c291d30b516df1) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/08 20:26:25.0078 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/08 20:26:25.0156 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/08 20:26:25.0296 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/08 20:26:25.0421 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/08 20:26:25.0531 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/08 20:26:25.0625 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/08 20:26:25.0765 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/08 20:26:25.0859 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/08 20:26:25.0953 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/08 20:26:26.0078 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/08 20:26:26.0281 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/08 20:26:26.0406 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/08 20:26:26.0515 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/08 20:26:26.0593 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/08 20:26:26.0703 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/08 20:26:26.0781 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/08 20:26:26.0890 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/08 20:26:27.0031 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/08 20:26:27.0140 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/08 20:26:27.0281 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/08 20:26:27.0406 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/08 20:26:27.0593 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/08 20:26:27.0640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/08 20:26:27.0734 Parport (83a120f43a1424d9c51701fd91d3bc8e) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/08 20:26:27.0828 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/08 20:26:27.0890 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/08 20:26:28.0000 PCI (3060407163c2daf8b0dbc878c3052cf0) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/08 20:26:28.0062 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/10/08 20:26:28.0156 Pcmcia (8673108cad88d629ba0f7758ec5b1924) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/08 20:26:28.0484 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/08 20:26:28.0531 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/08 20:26:28.0593 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/08 20:26:28.0703 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/08 20:26:28.0859 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/08 20:26:28.0921 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/08 20:26:29.0046 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/08 20:26:29.0109 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/08 20:26:29.0312 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/08 20:26:29.0421 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/08 20:26:29.0515 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/08 20:26:29.0640 redbook (7bb9c58a13323f5edc89c88f98c80cba) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/08 20:26:29.0750 Secdrv (314a998b1732c1acd6b6459ec9961ad8) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/08 20:26:29.0890 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/08 20:26:29.0937 Serial (97e86d03d082d369cb025113b4b7b781) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/08 20:26:30.0031 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/08 20:26:30.0187 smwdm (8583e3dc5285eb3ddfb74fb646cdf295) C:\WINDOWS\system32\drivers\smwdm.sys
2010/10/08 20:26:30.0343 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/08 20:26:30.0453 sr (a859c2da6b06024c9b4d995b90fe8175) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/08 20:26:30.0546 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/08 20:26:30.0687 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2010/10/08 20:26:30.0750 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2010/10/08 20:26:30.0843 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2010/10/08 20:26:30.0921 ssm_bus (14622ae81c72b08691eedaabc1d4a129) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
2010/10/08 20:26:31.0031 ssm_mdfl (43ee5e9fda61a5e0eac4c1de699e6e4d) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
2010/10/08 20:26:31.0062 ssm_mdm (918cfd32c7feb174f356a0a6fad11f4b) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
2010/10/08 20:26:31.0140 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2010/10/08 20:26:31.0328 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/08 20:26:31.0390 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/08 20:26:31.0578 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/08 20:26:31.0671 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/08 20:26:31.0781 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/08 20:26:31.0812 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/08 20:26:31.0921 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/08 20:26:32.0046 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/08 20:26:32.0234 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/08 20:26:32.0359 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/08 20:26:32.0421 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/08 20:26:32.0546 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/08 20:26:32.0593 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/08 20:26:32.0687 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/08 20:26:32.0812 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/08 20:26:32.0921 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/08 20:26:32.0984 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/10/08 20:26:33.0187 VolSnap (4d90d2768b7d0902b011bf6707b10423) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/08 20:26:33.0281 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/08 20:26:33.0437 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/08 20:26:33.0703 ================================================== ==============================
2010/10/08 20:26:33.0703 Scan finished
2010/10/08 20:26:33.0703 ================================================== ==============================

Start de computer opnieuw.
Je ziet een keuzemenu waarin je de mogelijkheid hebt om je Windows te starten of de Recovery Console.

Sorry Juisterr maar hier kan ik niks kiezen. De pc start gewoon op :(

Start de computer opnieuw.
Tijdens het opstarten hou je de F8-toets ingedrukt tot het opstartmenu verschijnt.
In dit menu kies je de optie Recovery Console.

Ok, ik heb het gevonden.
Maar ik krijg deze waarschuwing en ik wil eerst wachten op een goedkeuring van jou
alvorens door te gaan.

Waarschuwing:

Het lijkt erop dt deze computer een niet-standaard of ongeldige MBR heeft.
FIXMBR kan de partitietabellen beschadigen als u doorgaat.
Hierdoor kunnen alle partities van de actieve vaste schijf ontoegankelijk worden.
Ga niet door ls u geen problemen hebt met het verkrijgen van toegang tot het station.

Mag ik verdergaan?

Ja hoor.

Hey Juisterr,

Ondertussen werkt IE niet meer,'k krijg geen verbinding en bovenaan verschijnt " IE reageert niet" , met Google Chrome geen problemen.....

Hieronder Combofix-log

ComboFix 10-10-11.01 - leo 11-10-2010 18:46:03.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.213 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
AV: Smart Security *On-access scanning enabled* (Updated) {FEF35447-A250-4F74-9CD7-0287B42C4589}
FW: Smart Security *enabled* {7684DB6E-061A-4C47-9A52-FA4980B9E7BA}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\d73ee3
c:\documents and settings\All Users\Application Data\d73ee3\1413.mof
c:\documents and settings\All Users\Application Data\d73ee3\BackUp\Adobe Reader Snelle start.lnk
c:\documents and settings\All Users\Application Data\d73ee3\BackUp\HP Digital Imaging Monitor.lnk
c:\documents and settings\All Users\Application Data\d73ee3\BackUp\LimeWire On Startup.lnk
c:\documents and settings\All Users\Application Data\d73ee3\d73ee359303c8011f1eb98a63ae4ff57.ocx
c:\documents and settings\All Users\Application Data\d73ee3\jjxeeextjxej.ini
c:\documents and settings\All Users\Application Data\d73ee3\SMd73_231.exe
c:\documents and settings\All Users\Application Data\d73ee3\SMS.ico
c:\documents and settings\leo\Onlangs geopend\ANTIGEN.dll
c:\documents and settings\leo\Onlangs geopend\ANTIGEN.exe
c:\documents and settings\leo\Onlangs geopend\ANTIGEN.sys
c:\documents and settings\leo\Onlangs geopend\ANTIGEN.tmp
c:\documents and settings\leo\Onlangs geopend\cb.dll
c:\documents and settings\leo\Onlangs geopend\cb.drv
c:\documents and settings\leo\Onlangs geopend\cb.exe
c:\documents and settings\leo\Onlangs geopend\cb.sys
c:\documents and settings\leo\Onlangs geopend\cb.tmp
c:\documents and settings\leo\Onlangs geopend\cid.exe
c:\documents and settings\leo\Onlangs geopend\cid.sys
c:\documents and settings\leo\Onlangs geopend\cid.tmp
c:\documents and settings\leo\Onlangs geopend\CLSV.dll
c:\documents and settings\leo\Onlangs geopend\CLSV.drv
c:\documents and settings\leo\Onlangs geopend\CLSV.exe
c:\documents and settings\leo\Onlangs geopend\CLSV.sys
c:\documents and settings\leo\Onlangs geopend\DBOLE.dll
c:\documents and settings\leo\Onlangs geopend\DBOLE.drv
c:\documents and settings\leo\Onlangs geopend\DBOLE.tmp
c:\documents and settings\leo\Onlangs geopend\ddv.exe
c:\documents and settings\leo\Onlangs geopend\ddv.sys
c:\documents and settings\leo\Onlangs geopend\ddv.tmp
c:\documents and settings\leo\Onlangs geopend\eb.dll
c:\documents and settings\leo\Onlangs geopend\eb.drv
c:\documents and settings\leo\Onlangs geopend\eb.tmp
c:\documents and settings\leo\Onlangs geopend\energy.dll
c:\documents and settings\leo\Onlangs geopend\energy.drv
c:\documents and settings\leo\Onlangs geopend\energy.tmp
c:\documents and settings\leo\Onlangs geopend\exec.dll
c:\documents and settings\leo\Onlangs geopend\exec.drv
c:\documents and settings\leo\Onlangs geopend\exec.exe
c:\documents and settings\leo\Onlangs geopend\exec.sys
c:\documents and settings\leo\Onlangs geopend\fan.dll
c:\documents and settings\leo\Onlangs geopend\fan.drv
c:\documents and settings\leo\Onlangs geopend\fan.tmp
c:\documents and settings\leo\Onlangs geopend\fix.drv
c:\documents and settings\leo\Onlangs geopend\fix.exe
c:\documents and settings\leo\Onlangs geopend\fix.sys
c:\documents and settings\leo\Onlangs geopend\FS.dll
c:\documents and settings\leo\Onlangs geopend\FS.tmp
c:\documents and settings\leo\Onlangs geopend\hymt.exe
c:\documents and settings\leo\Onlangs geopend\hymt.tmp
c:\documents and settings\leo\Onlangs geopend\kernel32.dll
c:\documents and settings\leo\Onlangs geopend\kernel32.exe
c:\documents and settings\leo\Onlangs geopend\kernel32.tmp
c:\documents and settings\leo\Onlangs geopend\pal.drv
c:\documents and settings\leo\Onlangs geopend\pal.exe
c:\documents and settings\leo\Onlangs geopend\pal.sys
c:\documents and settings\leo\Onlangs geopend\PE.dll
c:\documents and settings\leo\Onlangs geopend\PE.drv
c:\documents and settings\leo\Onlangs geopend\PE.exe
c:\documents and settings\leo\Onlangs geopend\PE.sys
c:\documents and settings\leo\Onlangs geopend\PE.tmp
c:\documents and settings\leo\Onlangs geopend\ppal.dll
c:\documents and settings\leo\Onlangs geopend\ppal.drv
c:\documents and settings\leo\Onlangs geopend\ppal.sys
c:\documents and settings\leo\Onlangs geopend\ppal.tmp
c:\documents and settings\leo\Onlangs geopend\runddl.tmp
c:\documents and settings\leo\Onlangs geopend\runddlkey.exe
c:\documents and settings\leo\Onlangs geopend\runddlkey.sys
c:\documents and settings\leo\Onlangs geopend\runddlkey.tmp
c:\documents and settings\leo\Onlangs geopend\SICKBOY.exe
c:\documents and settings\leo\Onlangs geopend\SICKBOY.tmp
c:\documents and settings\leo\Onlangs geopend\sld.exe
c:\documents and settings\leo\Onlangs geopend\sld.tmp
c:\documents and settings\leo\Onlangs geopend\SM.exe
c:\documents and settings\leo\Onlangs geopend\SM.tmp
c:\documents and settings\leo\Onlangs geopend\snl2w.exe
c:\documents and settings\leo\Onlangs geopend\snl2w.sys
c:\documents and settings\leo\Onlangs geopend\std.sys
c:\documents and settings\leo\Onlangs geopend\tempdoc.exe
c:\documents and settings\leo\Onlangs geopend\tempdoc.sys
c:\documents and settings\leo\Onlangs geopend\tempdoc.tmp
c:\documents and settings\leo\Onlangs geopend\tjd.dll
c:\documents and settings\leo\Onlangs geopend\tjd.drv
c:\documents and settings\leo\Onlangs geopend\tjd.exe
c:\documents and settings\leo\Onlangs geopend\tjd.sys
c:\documents and settings\leo\Onlangs geopend\tjd.tmp

c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!

c:\windows\explorer.exe . . . is geïnfecteerd!!

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-11 to 2010-10-11 ))))))))))))))))))))))))))))))
.

2010-10-08 06:48 . 2010-10-08 06:48 -------- d-sh--w- c:\documents and settings\leo\Application Data\Smart Security
2010-10-08 06:48 . 2010-10-08 06:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMHAAKS
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.

------- Sigcheck -------

[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe
[-] 2004-08-04 . 146289E864457D60B8D409CA80DF58C5 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
[-] 2004-08-04 . 65F13FE1BF83B287E499631CACEC0410 . 1035776 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . 4EA419B6765344608E0C7D29E2F46C2D . 1035776 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map

2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]

2010-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25469
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-Smart Security - c:\documents and settings\All Users\Application Data\d73ee3\SMd73_231.exe


.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil 10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil1 0k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2010-10-11 19:04:03
ComboFix-quarantined-files.txt 2010-10-11 17:04
ComboFix2.txt 2010-10-11 12:37
ComboFix3.txt 2010-10-05 18:17

Pre-Run: 31.678.242.816 bytes beschikbaar
Post-Run: 31.684.780.032 bytes beschikbaar

- - End Of File - - A1B890AAE3D7BDBAAD705A512A52BAC6

Je print de volgende instructies beter uit omdat we in Recovery Console gaan werken waarin je geen internet hebt.
Indien er vragen zijn mag je die gerust stellen voordat je aan deze stappen begint.



Plaats de Microsoft Windows XP CD in de computer.
Herstart de computer en ga in de BIOS (waarschijnlijk met de DEL toets).
Ga naar de Boot Device Priority, zet daar je CDROM DRIVE op 1 en HDD (harde schijf) op 2. Druk daarna op de Save & Exit toets (waarschijnlijk F10).

Wanneer de computer herstart zal je normaal de melding krijgen om op een toets te drukken om via de cd op te starten. Druk dus op een willekeurige toets.

In het Microsoft Windows XP setup menu druk je op de R toets om de recovery console te starten.

Kies je besturingssysteem dat herstelt moet worden en geef het administrator wachtwoord (druk gewoon op enter als er geen wachtwoord is).
Type één voor één de onderstaande regels over gevolgd door enter.
Let op: Verander D in de letter van het cdrom station. Na D:\I386\bestand.ex_ komt eerst een spatie en dan pas c:\windows\ of c:\windows\system32

Type expand D:\I386\winlogon.ex_ C:\Windows\System32\
Type expand D:\I386\explorer.ex_ C:\Windows\

Je zal gevraagd worden of je het bestand wilt overschrijven, druk op Y en daarna op enter om dit toe te staan.

Type exit om de computer te herstarten.



Noot: neem elk commando EXACT over, dus ook bijvoorbeeld de spaties. Anders werkt het niet.

Succes.

En even ter informatie.
Op jouw PC staat de nieuwste versie van de zgn TDL3 Rootkit.

Hey Juisterr,

Ik durf het bijna niet meer te schrijven maar IE werkt terug.
Ik heb de pc nog eens laten scannen met MalWarebytes en nadien deed IE het weer.
Nu moet ik een andere procedure volgen zeker?

't Is blijkbaar een heel taai beestje. Pffffff.
Ik prijs me gelukkig dat ik deskundige hulp krijg van jou.
1000 x bedankt al en sorry voor zoveel last.

Dit is zeker een taaie, wil je combofix eens laten runnen aub en de volledige uitslag weer neerzetten.

ComboFix 10-10-11.01 - leo 13-10-2010 17:51:31.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.280 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
AV: Smart Security *On-access scanning enabled* (Updated) {FEF35447-A250-4F74-9CD7-0287B42C4589}
FW: Smart Security *enabled* {7684DB6E-061A-4C47-9A52-FA4980B9E7BA}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!

c:\windows\explorer.exe . . . is geïnfecteerd!!

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-13 to 2010-10-13 ))))))))))))))))))))))))))))))
.

2010-10-12 15:19 . 2010-10-12 15:19 -------- d-----w- c:\documents and settings\Bennert\Local Settings\Application Data\Identities
2010-10-12 15:17 . 2010-10-12 15:17 -------- d-----w- c:\documents and settings\Bennert\Application Data\Malwarebytes
2010-10-12 07:51 . 2010-10-12 07:51 2256 ----a-w- c:\documents and settings\leo\Application Data\hyghghjhjghjhj.bat
2010-10-12 07:51 . 2010-10-12 07:51 168 ----a-w- c:\documents and settings\leo\Application Data\dsfsds.bat
2010-10-12 04:43 . 2010-10-12 04:43 -------- d-----w- c:\documents and settings\leo\Application Data\download
2010-10-08 06:48 . 2010-10-08 06:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMHAAKS
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.

------- Sigcheck -------

[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe
[-] 2004-08-04 . 146289E864457D60B8D409CA80DF58C5 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
[-] 2004-08-04 . 65F13FE1BF83B287E499631CACEC0410 . 1035776 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . 4EA419B6765344608E0C7D29E2F46C2D . 1035776 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-11_16.58.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-13 05:46 . 2010-10-13 05:46 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat
+ 2009-12-29 22:01 . 2010-10-12 14:43 313968 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25469
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil 10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil1 0k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2010-10-13 18:07:14
ComboFix-quarantined-files.txt 2010-10-13 16:07
ComboFix2.txt 2010-10-12 17:03
ComboFix3.txt 2010-10-11 17:04

Pre-Run: 32.623.366.144 bytes beschikbaar
Post-Run: 32.639.229.952 bytes beschikbaar

- - End Of File - - 822534A914E33BA6F69C1AC9C3963C02

Het wil nog niet erg lukken.

We gaan wat proberen.

Start de computer opnieuw.
Je ziet een keuzemenu waarin je de mogelijkheid hebt om je windows te starten of de Recovery Console.
Start de Recovery Console.
In het zwarte scherm dat verschijnt druk je op Enter om je toetsenbordindeling te kiezen (standaard wordt een US-indeling gekozen). Met de pijltjes-toetsen kan je eventueel de juiste toetsenbordlayout kiezen. Bevestig je keuze met Enter.
Je krijgt een lijstje van de windows installaties die aanwezig zijn op je computer.
Op de vraag 'Bij welke Windows-installatie wilt u zich aanmelden?', kies je de juiste installatie door het nummer in te tikken dat er voor staat. (meestal 1).
Daarna kan het zijn dat gevraagd wordt om het Administrator wachtwoord in te tikken. Doe dit. Indien je dit niet weet kan het zijn dat dit blanco gelaten is en dan druk je gewoon op Enter.
Achter de command prompt tik je dit commando in: fixmbr
Druk daarna op Enter.
Herstart de computer.

Zodra de computer is herstart voer je meteen Combofix uit (zonder CFScript) en plaats het logje van Combofix in je volgende antwoord.

ComboFix 10-10-11.01 - leo 13-10-2010 19:21:05.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.286 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
AV: Smart Security *On-access scanning enabled* (Updated) {FEF35447-A250-4F74-9CD7-0287B42C4589}
FW: Smart Security *enabled* {7684DB6E-061A-4C47-9A52-FA4980B9E7BA}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!

c:\windows\explorer.exe . . . is geïnfecteerd!!

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-13 to 2010-10-13 ))))))))))))))))))))))))))))))
.

2010-10-12 15:19 . 2010-10-12 15:19 -------- d-----w- c:\documents and settings\Bennert\Local Settings\Application Data\Identities
2010-10-12 15:17 . 2010-10-12 15:17 -------- d-----w- c:\documents and settings\Bennert\Application Data\Malwarebytes
2010-10-12 07:51 . 2010-10-12 07:51 2256 ----a-w- c:\documents and settings\leo\Application Data\hyghghjhjghjhj.bat
2010-10-12 07:51 . 2010-10-12 07:51 168 ----a-w- c:\documents and settings\leo\Application Data\dsfsds.bat
2010-10-12 04:43 . 2010-10-12 04:43 -------- d-----w- c:\documents and settings\leo\Application Data\download
2010-10-08 06:48 . 2010-10-08 06:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMHAAKS
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.

------- Sigcheck -------

[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe
[-] 2004-08-04 . 146289E864457D60B8D409CA80DF58C5 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
[-] 2004-08-04 . 65F13FE1BF83B287E499631CACEC0410 . 1035776 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . 4EA419B6765344608E0C7D29E2F46C2D . 1035776 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-11_16.58.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-13 05:46 . 2010-10-13 05:46 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat
+ 2009-12-29 22:01 . 2010-10-12 14:43 313968 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25469
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil 10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil1 0k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2010-10-13 19:36:53
ComboFix-quarantined-files.txt 2010-10-13 17:36
ComboFix2.txt 2010-10-13 16:07
ComboFix3.txt 2010-10-12 17:03
ComboFix4.txt 2010-10-11 17:04

Pre-Run: 32.648.384.512 bytes beschikbaar
Post-Run: 32.634.802.176 bytes beschikbaar

- - End Of File - - BF0D6D36467AE3258269FDCBF055BF15

1. Ga naar Start -> Configuratiescherm -> Software (Add or remove programms).
Deinstalleer alle Java onderdelen die zich in de lijst bevinden. Bijvoorbeeld: Java (TM) 6 Update 18.

Dit omdat de malware zich in Java heeft genesteld.

2. Download het Windows XP Service Pack 3 (https://www.microsoft.com/downloads/en/details.aspx?FamilyId=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en) en sla het op op je D schijf (of andere externe harde schijf). Indien dit niet mogelijk is op de C schijf.

Dubbelklik op de installer. Deze begint zichzelf nu uit te pakken. Zodra deze volledig is uitgepakt laat je het setup schermpje voor wat het is. Deze gebruiken we later.

Indien je usb sticks hebt gebruikt in de periode van de besmetting plaats je deze in de computer. Deze zijn zeer waarschijnlijk besmet en gaan we proberen te desinfecteren.

Herstart nu je computer

Start combofix en doe een nieuwe scan, plaats de uitslag aub.

Alles van Java verwijderd.

En dan..... :-(
Windows XP Service Pack 3 opgeslagen op externe harde schrijf - dubbelklik - het pakt uit en dan krijg ik het volgende :-(

Setup cannot update your windows XP files because the language installed on your system is different from the update language.

'k Heb English en Dutch geprobeerd.

Probeer het downloaden van de update handmatig http://www.downloadonline.nl/Windows-XP-Service-Pack-3.html

Via die link lukte het wel - alles uitgevoerd zoals beschreven en hieronder de log van Combofix.
1 ding is al opgelost.... de pc startte tergend traag op en is nu terug supersnel in het opstarten.
Dat is al iets hé :-)


ComboFix 10-10-11.01 - leo 14-10-2010 16:11:53.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.277 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
AV: Smart Security *On-access scanning enabled* (Updated) {FEF35447-A250-4F74-9CD7-0287B42C4589}
FW: Smart Security *enabled* {7684DB6E-061A-4C47-9A52-FA4980B9E7BA}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!

c:\windows\explorer.exe . . . is geïnfecteerd!!

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-14 to 2010-10-14 ))))))))))))))))))))))))))))))
.

2010-10-12 15:19 . 2010-10-12 15:19 -------- d-----w- c:\documents and settings\Bennert\Local Settings\Application Data\Identities
2010-10-12 15:17 . 2010-10-12 15:17 -------- d-----w- c:\documents and settings\Bennert\Application Data\Malwarebytes
2010-10-12 07:51 . 2010-10-12 07:51 2256 ----a-w- c:\documents and settings\leo\Application Data\hyghghjhjghjhj.bat
2010-10-12 07:51 . 2010-10-12 07:51 168 ----a-w- c:\documents and settings\leo\Application Data\dsfsds.bat
2010-10-12 04:43 . 2010-10-12 04:43 -------- d-----w- c:\documents and settings\leo\Application Data\download
2010-10-08 06:48 . 2010-10-08 06:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMHAAKS
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.

------- Sigcheck -------

[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe
[-] 2004-08-04 . 146289E864457D60B8D409CA80DF58C5 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
[-] 2004-08-04 . 65F13FE1BF83B287E499631CACEC0410 . 1035776 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . 4EA419B6765344608E0C7D29E2F46C2D . 1035776 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-11_16.58.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-29 22:01 . 2010-10-12 14:43 313968 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25469
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil 10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil1 0k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2010-10-14 16:27:13
ComboFix-quarantined-files.txt 2010-10-14 14:27
ComboFix2.txt 2010-10-13 17:36
ComboFix3.txt 2010-10-13 16:07
ComboFix4.txt 2010-10-12 17:03
ComboFix5.txt 2010-10-14 14:10

Pre-Run: 32.184.123.392 bytes beschikbaar
Post-Run: 32.177.819.648 bytes beschikbaar

- - End Of File - - D2D5B679B8E3E6BBE2DDCD466A1A16D8

Ok dat is dus al iets, ik kijk zo wel even hoe we die twee besmette bestanden moeten vervangen.

Download dit en pak het uit en sla het op in je root > C:\files\

http://www.malwareinfo.nl/files/Files.rar

Open een kladblok kopieer en plak de onderstaande code:



Fcopy::
c:\files\winlogon.exe | c:\windows\system32\dllcache\winlogon.exe
c:\files\winlogon.exe | c:\windows\system32\winlogon.exe
c:\files\explorer.exe | c:\windows\system32\dllcache\explorer.exe
c:\files\explorer.exe | c:\windows\explorer.exe



Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://crew.nucia.eu/smeenk/CFScript.gif

Dit zal ComboFix doen herstarten, post het nieuwe Combofix logje in je volgende antwoord.

ComboFix 10-10-11.01 - leo 15-10-2010 16:42:12.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.253 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\leo\Bureaublad\CFScript..txt
AV: Smart Security *On-access scanning enabled* (Updated) {FEF35447-A250-4F74-9CD7-0287B42C4589}
FW: Smart Security *enabled* {7684DB6E-061A-4C47-9A52-FA4980B9E7BA}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!

c:\windows\explorer.exe . . . is geïnfecteerd!!

.
--------------- FCopy ---------------

c:\files\winlogon.exe --> c:\windows\system32\dllcache\winlogon.exe
c:\files\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\files\explorer.exe --> c:\windows\system32\dllcache\explorer.exe
c:\files\explorer.exe --> c:\windows\explorer.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-15 to 2010-10-15 ))))))))))))))))))))))))))))))
.

2010-10-15 14:33 . 2010-10-15 14:33 -------- d-----w- C:\Files
2010-10-12 15:19 . 2010-10-12 15:19 -------- d-----w- c:\documents and settings\Bennert\Local Settings\Application Data\Identities
2010-10-12 15:17 . 2010-10-12 15:17 -------- d-----w- c:\documents and settings\Bennert\Application Data\Malwarebytes
2010-10-12 07:51 . 2010-10-12 07:51 2256 ----a-w- c:\documents and settings\leo\Application Data\hyghghjhjghjhj.bat
2010-10-12 07:51 . 2010-10-12 07:51 168 ----a-w- c:\documents and settings\leo\Application Data\dsfsds.bat
2010-10-12 04:43 . 2010-10-12 04:43 -------- d-----w- c:\documents and settings\leo\Application Data\download
2010-10-08 06:48 . 2010-10-08 06:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMHAAKS
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.

------- Sigcheck -------

[-] 2008-04-15 . 290E0BB7732FC8CECB6C3AEF5D3385FF . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe

[-] 2008-04-15 . 3389FE7739162068206141F57ACA337E . 1037312 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-11_16.58.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-29 22:01 . 2010-10-12 14:43 313968 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25469
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil 10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil1 0k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2010-10-15 16:56:10
ComboFix-quarantined-files.txt 2010-10-15 14:56
ComboFix2.txt 2010-10-14 14:27
ComboFix3.txt 2010-10-13 17:36
ComboFix4.txt 2010-10-13 16:07
ComboFix5.txt 2010-10-15 14:40

Pre-Run: 32.139.141.120 bytes beschikbaar
Post-Run: 32.125.763.584 bytes beschikbaar

- - End Of File - - 31EF467562BFA0AD68E9098F43A86667

Start je pc opnieuw op en doe dan een nieuw scan met combofix, plaats de nieuwe uitslag aub.

ComboFix 10-10-11.01 - leo 16-10-2010 6:54.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.285 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
AV: Smart Security *On-access scanning enabled* (Updated) {FEF35447-A250-4F74-9CD7-0287B42C4589}
FW: Smart Security *enabled* {7684DB6E-061A-4C47-9A52-FA4980B9E7BA}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!

c:\windows\explorer.exe . . . is geïnfecteerd!!

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-16 to 2010-10-16 ))))))))))))))))))))))))))))))
.

2010-10-15 14:33 . 2010-10-15 14:33 -------- d-----w- C:\Files
2010-10-12 15:19 . 2010-10-12 15:19 -------- d-----w- c:\documents and settings\Bennert\Local Settings\Application Data\Identities
2010-10-12 15:17 . 2010-10-12 15:17 -------- d-----w- c:\documents and settings\Bennert\Application Data\Malwarebytes
2010-10-12 07:51 . 2010-10-12 07:51 2256 ----a-w- c:\documents and settings\leo\Application Data\hyghghjhjghjhj.bat
2010-10-12 07:51 . 2010-10-12 07:51 168 ----a-w- c:\documents and settings\leo\Application Data\dsfsds.bat
2010-10-12 04:43 . 2010-10-12 04:43 -------- d-----w- c:\documents and settings\leo\Application Data\download
2010-10-08 06:48 . 2010-10-08 06:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMHAAKS
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.

------- Sigcheck -------

[-] 2008-04-15 . 290E0BB7732FC8CECB6C3AEF5D3385FF . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe

[-] 2008-04-15 . 3389FE7739162068206141F57ACA337E . 1037312 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-11_16.58.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-29 22:01 . 2010-10-12 14:43 313968 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25469
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil 10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil1 0k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2010-10-16 07:09:07
ComboFix-quarantined-files.txt 2010-10-16 05:09
ComboFix2.txt 2010-10-15 14:56
ComboFix3.txt 2010-10-14 14:27
ComboFix4.txt 2010-10-13 17:36
ComboFix5.txt 2010-10-16 04:53

Pre-Run: 32.011.231.232 bytes beschikbaar
Post-Run: 32.047.226.880 bytes beschikbaar

- - End Of File - - 19F76AA49FB32B13423B1D2C8CD5E5E1

En hoe werkt alles nu ?

Opstarten gaat razendsnel.
De problemen met IE lijken nog niet verholpen.
Wanneer ik met IE surf, word ik regelmatig doorgelinkt naar een of andere duistere site en krijg dan een melding van Windows Security Alert en wanneer ik dan ok klik, begint dat te scannen en dit is het resultaat: Shared Documents: 5 viruses found - Hard Drive C: 5 viruses found :-(
Ik krijg dan een lijst met de namen van die beestjes, moet ik die eens posten?
Of geven we het op en moet ik overgaan tot Format C?

formateren kan altijd nog !

Update de Malwarebytes (Mbma) scanner en voer een nieuwe scan uit, verwijder alles wat gevonden word en start opnieuw op. Plaats enkel een nieuw HijackThis logje aub.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:58, on 16-10-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMail\VMail\VMail.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:25469
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VMail] C:\Program Files\VMail\VMail\VMail.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262357175000
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)

--
End of file - 6784 bytes

Download HIER (http://www.microsoft.com/downloads/details.aspx?FamilyID=2fcde6ce-b5fb-4488-8c50-fe22559d164e&DisplayLang=nl) SP3. En installeer het.

Lukt het niet.
Brand het bestand op een cd en installeer daarna via die cd SP3.

Bestand op CD geschreven, gestart en alles verliep vlot tot zo ongeveer 1/4 voor voltooing.
Het balkje gaat niet meer vooruit (ongeveer 1 1/2 u gewacht)
Bij details staat : 'Opruimen' en daar blijft hij hangen. 3 maal opnieuw geprobeerd :-(

Hoeveel ruimte heb je vrij op je harde schijf ?

Gebruikt : 90. 0 GB
Beschikbaar: 21.7 GB

Hoeveel virtueel geheugen? 512 Mb?

Ja, 512Mb.
Maar ik heb goed nieuws ...... het probleem lijkt opgelost na de installatie (of poging tot) Windows Service Pack 3.
Ik word niet meer doorgelinkt naar die duistere sites en surfen via IE is nu een plezier ..... zo 'n snelheid :-)
Zou het zo zijn of ben ik te vlug blij?

Bijna, je zal er 512 mb moeten bijsteken want dit is veel te weinig. Een extra geheugenbankje doet wonderen.

Weet ik, Juisterr maar het is de bedoeling om deze pc binnenkort te vervangen door een nieuwe maar we zijn der nog niet uit welke het zal worden. Dus voorlopig moet deze het nog wat blijven doen.
1000 x bedankt voor de hulp.

Druk dan maar 1000 x op de bedank knop :D :D :D

Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.

Voorbeeld:

http://home.kpn.nl/stefsmeenk/CFUninstall.PNG

Uitvoeren kan ook gestart worden door de toetsencombinatie http://home.kpn.nl/stefsmeenk/W+R.jpg

Combofix is verwijderd en nog eens bedankt voor je geduld - volharding en de duidelijke uitleg.

Graag gedaan hoor.