Deze laptop van een vriend had heel veel last van het uiterst hardnekkige "system tool'.

voorlopig strooit deze geen roet meer in het eten, maar toch graag een nazicht door iemand die daar meer van weet :bow:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:09, on 12/01/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Anneke\Desktop\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:23012
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQg BXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4 ADYARwA"&"inst=NwA3AC0AMwA5ADAAOAA0ADQAMwAwADYALQBUADEAMwAtA EIAQQArADEALQBLAFYAMwArADcALQBGAEwAKwA5AA"&"prod=90"&"ver=9.0.872
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E117 12C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing)
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 8178 bytes

Hallo,

Schakel tijdelijk Windows Defender uit
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)


Open Windows Defender > Klik Tools
Klik "General Settings" of Options
Scroll naar "Real Time Protection Options"
Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)


Start HijackThis op. Klik op "Do a system scan only". Selecteer, indien aanwezig, het volgende:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:23012
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQg BXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4 ADYARwA"&"inst=NwA3AC0AMwA5ADAAOAA0ADQAMwAwADYALQB UADEAMwAtAEIAQQArADEALQBLAFYAMwArADcALQBGAEwAKwA5A A"&"prod=90"&"ver=9.0.872
Klik op "Fix checked" en sluit HijackThis

Let op!!! Windows Vista & 7 gebruikers dienen HijackThis als administrator uit te voeren "Rechtermuisknop uitvoeren als", indien dit via de snelkoppeling niet lukt voert u HijackThis als administrator uit in de volgende directory (C:\Program Files\Trend Micro\HiJackThis)

Herstart je computer.


Download rkill via één van de onderstaande links naar het bureaublad.


rkill (exe) (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill (com) (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill (scr) (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill (pif) (http://download.bleepingcomputer.com/grinler/rkill.pif)


Dubbelklik op "rkill" om het te starten
Dit kan een beetje tijd in beslag nemen.
Indien er een melding komt dat rkill een infectie is kunt u dit negeren, het is namelijk een vals alarm.
Indien u problemen blijft houden qua meldingen download dan hier (http://download.bleepingcomputer.com/grinler/iExplore.exe) (iExplorer.exe) een hernoemde rkill versie naar uw bureaublad en voer deze uit.
Let op!!! Herstart niet de computer na het gebruik van rkill



Download MalwareBytes' Anti-Malware (http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:


Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware


Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Bij problemen!!! (Lees de onderstaande instructies)




Problemen bij het installeren van Malwarebytes' Anti-Malware (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=3419)
Problemen bij het updaten van Malwarebytes' Anti-Malware (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=3420)
Problemen bij het starten van Malwarebytes' Anti-Malware (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=3421)





Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.


Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


Download ComboFix van één van deze locaties:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen:)

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Woudje100

alles stap voor stap uitgevoerd, zoals voorgesteld
hier volgend het combofix log:
ComboFix 11-01-14.01 - Anneke 15/01/2011 11:36:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1812 [GMT 1:00]
Gestart vanuit: c:\users\Anneke\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\npclntax.xpt
c:\programdata\bGaDf01823
c:\programdata\bGaDf01823\bGaDf01823
c:\programdata\bGaDf01823\bGaDf01823.exe
c:\users\Anneke\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\System Tool
c:\windows\XSxS

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-12-15 to 2011-01-15 ))))))))))))))))))))))))))))))
.

2011-01-15 10:46 . 2011-01-15 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-15 10:13 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B523986E-6734-438A-B66E-7005ACEBB3CF}\mpengine.dll
2011-01-13 06:25 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-13 06:25 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-13 06:25 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-13 06:25 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-13 06:25 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-13 06:25 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-13 06:25 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 09:23 . 2011-01-12 09:23 388096 ----a-r- c:\users\Anneke\AppData\Roaming\Microsoft\Installe r\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-12 09:23 . 2011-01-12 09:23 -------- d-----w- c:\program files\Trend Micro
2011-01-12 09:06 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-12 09:06 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-24 05:48 . 2010-12-24 05:48 658696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2010-12-18 11:00 . 2010-11-02 05:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 11:00 . 2010-11-02 04:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-18 11:00 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-18 11:00 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-12-31 20:06 . 2010-12-01 05:51 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2010-12-01 05:51 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2010-12-01 05:52 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2010-12-01 05:52 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:56 . 2010-12-01 05:52 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2010-12-01 05:52 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-31 19:56 . 2010-12-01 05:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-10-19 09:41 . 2009-10-05 10:35 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-12 13:53 . 2008-09-28 10:26 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-02-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-18 8501792]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3 .dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-15 08:14 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2007-10-17 14:42 128296 ------w- c:\program files\HomeCinema\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-12 13:53 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\program files\HomeCinema\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-18 10:31 81920 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 11:35 94208 ----a-w- c:\windows\PLFSetL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 19:51 71216 ----a-w- c:\program files\HomeCinema\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-09 18:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 14:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-09-13 15:32 222504 ------w- c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.e xe

R1 SASDIFSV;SASDIFSV;c:\users\Anneke\AppData\Local\Te mp\SuperAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Anneke\AppData\Local\Te mp\SuperAntiSpyware\SASKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-12 30192]
R3 nibitor;Lowlevel driver for NiBiTor;g:\nibitor.v3.6\NiBiTor.v3.6\nibitor.sys [x]
R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
R3 SASENUM;SASENUM;c:\users\Anneke\AppData\Local\Temp \SuperAntiSpyware\SASENUM.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2009-02-05 212520]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-12-31 51280]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:49]

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:49]

2011-01-15 c:\windows\Tasks\User_Feed_Synchronization-{8774985A-905B-47AF-88D3-958688A946B7}.job
- c:\windows\system32\msfeedssync.exe [2010-12-18 04:25]
.
.
------- Bijkomende Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E117 12C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Anneke\AppData\Roaming\Mozilla\Firefox\Pr ofiles\6jpkuy7z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b9da552&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=nl&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuestService: {F2DDDB92-1605-4260-9B25-45A4DAE87B50} - c:\program files\Mozilla Firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\users\Anneke\AppData\Local\Temp\Malwarebytes\mb am.exe
MSConfigStartUp-Norman ZANDA - c:\virusfighter\Bin\ZLH.EXE
MSConfigStartUp-Picasa Media Detector - c:\users\Anneke\Downloads\Picasa2\PicasaMediaDetec tor.exe
MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe
AddRemove-{466F76BB-39CC-49DE-9B43-965D6E82134E} - c:\virusfighter\NVC\BIN\DelNVC5.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-15 11:47
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Voltooingstijd: 2011-01-15 11:51:08
ComboFix-quarantined-files.txt 2011-01-15 10:51

Pre-Run: 54.149.607.424 bytes beschikbaar
Post-Run: 54.243.848.192 bytes beschikbaar

Current=3 Default=3 Failed=2 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 70E80478AAD3824DF69FDF40FB3F1547

Open Kladblok, kopiëer en plak het volgende in een leeg venster:

File::
c:\users\Anneke\AppData\Local\Temp\SuperAntiSpywar e\SASDIFSV.SYS
c:\users\Anneke\AppData\Local\Temp\SuperAntiSpywar e\SASKUTIL.sys
c:\users\Anneke\AppData\Local\Temp\SuperAntiSpywar e\SASENUM.SYS

Driver::
aswFsBlk
aswSP
SASENUM
SASKUTIL
SASDIFSVSla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://img517.imageshack.us/img517/8662/cfscript10uc2.gif

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Woudje100

hier zijn we dan :-)

ComboFix 11-01-15.01 - Anneke 16/01/2011 17:46:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1974 [GMT 1:00]
Gestart vanuit: c:\users\Anneke\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Anneke\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\users\Anneke\AppData\Local\Temp\SuperAntiSpywar e\SASDIFSV.SYS"
"c:\users\Anneke\AppData\Local\Temp\SuperAntiSpywar e\SASENUM.SYS"
"c:\users\Anneke\AppData\Local\Temp\SuperAntiSpywar e\SASKUTIL.sys"
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWFSBLK
-------\Legacy_ASWSP
-------\Legacy_SASDIFSV
-------\Legacy_SASKUTIL
-------\Service_aswFsBlk
-------\Service_aswSP
-------\Service_SASDIFSV
-------\Service_SASENUM
-------\Service_SASKUTIL


(((((((((((((((((((( Bestanden Gemaakt van 2010-12-16 to 2011-01-16 ))))))))))))))))))))))))))))))
.

2011-01-16 16:53 . 2011-01-16 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-15 10:13 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B523986E-6734-438A-B66E-7005ACEBB3CF}\mpengine.dll
2011-01-13 06:25 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-13 06:25 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-13 06:25 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-13 06:25 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-13 06:25 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-13 06:25 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-13 06:25 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 09:23 . 2011-01-12 09:23 388096 ----a-r- c:\users\Anneke\AppData\Roaming\Microsoft\Installe r\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-12 09:23 . 2011-01-12 09:23 -------- d-----w- c:\program files\Trend Micro
2011-01-12 09:06 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-12 09:06 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-24 05:48 . 2010-12-24 05:48 658696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2010-12-18 11:00 . 2010-11-02 05:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 11:00 . 2010-11-02 04:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-18 11:00 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-18 11:00 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-12-31 20:06 . 2010-12-01 05:51 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2010-12-01 05:51 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2010-12-01 05:52 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2010-12-01 05:52 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:56 . 2010-12-01 05:52 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2010-12-01 05:52 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-31 19:56 . 2010-12-01 05:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-10-19 09:41 . 2009-10-05 10:35 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-12 13:53 . 2008-09-28 10:26 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-02-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-18 8501792]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3 .dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-15 08:14 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2007-10-17 14:42 128296 ------w- c:\program files\HomeCinema\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-12 13:53 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\program files\HomeCinema\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-18 10:31 81920 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 11:35 94208 ----a-w- c:\windows\PLFSetL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 19:51 71216 ----a-w- c:\program files\HomeCinema\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-09 18:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 14:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-09-13 15:32 222504 ------w- c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.e xe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-12 30192]
R3 nibitor;Lowlevel driver for NiBiTor;g:\nibitor.v3.6\NiBiTor.v3.6\nibitor.sys [x]
R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2009-02-05 212520]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-12-31 51280]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:49]

2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:49]

2011-01-16 c:\windows\Tasks\User_Feed_Synchronization-{8774985A-905B-47AF-88D3-958688A946B7}.job
- c:\windows\system32\msfeedssync.exe [2010-12-18 04:25]
.
.
------- Bijkomende Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E117 12C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Anneke\AppData\Roaming\Mozilla\Firefox\Pr ofiles\6jpkuy7z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b9da552&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=nl&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuestService: {F2DDDB92-1605-4260-9B25-45A4DAE87B50} - c:\program files\Mozilla Firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 17:59
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(3476)
c:\program files\Softex\OmniPass\SCUREDLL.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
.
************************************************** ************************
.
Voltooingstijd: 2011-01-16 18:04:44 - machine werd herstart
ComboFix-quarantined-files.txt 2011-01-16 17:04
ComboFix2.txt 2011-01-15 10:51

Pre-Run: 54.098.677.760 bytes beschikbaar
Post-Run: 53.714.026.496 bytes beschikbaar

- - End Of File - - BC8DE4780DB60B9BCDFF3D48FD5FDF88



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:19:57, on 16/01/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E117 12C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3. dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing)
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 6781 bytes

Hallo,

Ga naar Start > Uitvoeren
en Geef hier het volgende in: SC STOP nibitor
Druk daarna op OK.
Ga naar Start > Uitvoeren
en Geef hier het volgende in: SC DELETE nibitor
Druk daarna op OK.

Uitvoeren kan ook gestart worden door de toetsencombinatie http://home.kpn.nl/stefsmeenk/W+R.jpg

Ondervind je nog problemen?

Woudje100

Alles lijkt tot nu toe normaal te werken.
Enig idee waar deze "System Tool" rotzooi zou kunnen gekomen zijn?

In ieder geval een welgemeende 'DANK U' van mijnentwege en uiteraard ook van de laptop-eigenaars !

:good::bow:(y)

Hallo,

Je kunt System Tool overal vandaan hebben. Een verkeerde download, misschien via de mail, etc.

1.) ComboFix verwijderen
Ga naar Start > Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.

Voorbeeld:

http://home.kpn.nl/stefsmeenk/CFUninstall.PNG

Uitvoeren kan ook gestart worden door de toetsencombinatie http://home.kpn.nl/stefsmeenk/W+R.jpg

2.) Ccleaner
Download CCleaner Slim (http://www.filehippo.com/download_ccleaner/)
Installeer CCleaner en start CCleaner op.



Klik in de linkse kolom op Cleaner.
Klik achtereenvolgens op Analyseren en Opschonen.
Klik vervolgens in de linkse kolom op Register en klik op Scan naar problemen.
Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK.
Dan krijg je de vraag om een back-up te maken, klik op JA. en kies dan Herstel alle geselecteerde fouten.
Sluit hierna CCleaner af.



3) Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier (http://www.malwareinfo.nl/handigetips/updates.html) lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier (http://www.malwareinfo.nl/handleidingen/secunia.html)

4.) Installeren van de MVPs (hosts) file
Door middel van het aanpassen van het "hosts" bestand kunt u uw computer nog beter beschermen, meer informatie over het aanpassen van het hosts bestand leest u hier (http://www.malwareinfo.nl/handleidingen/mvpshosts.html)

5.) Risico's bij het downloaden
Peer to Peer (P2P) netwerken en ook Usenet (nieuwsgroepen) zijn een grote bron op het internet wat betreft het verspreiden van malware, het aanbieden van 'gevaarlijke' software (malware) gebeurt vrijwel anoniem waardoor dit een veel gebruikte methode is voor het verspreiden van malware.
Meer informatie hierover leest u hier (http://www.malwareinfo.nl/artikelen/p2pnetwerken.html)

6.) Preventie informatie & het gebruik van beveiligings software.
Hier (http://www.malwareinfo.nl/malware/malwarepreventie.html) en hier (http://users.telenet.be/marcvn/spyware/1564073.htm) staat informatie hoe u een infectie kunt voorkomen, lees dit eens op uw gemak door.

Meer informatie over het gebruik van "beveiligings software" en "valse (nep) software" (rogueware) leest u hier (http://www.malwareinfo.nl/diversen/beveiligingssoftware.html)

Woudje100

Oops, ik dacht eigenlijk dat ik al klaar was :shy:
Geen probleem, ik zal de eigenaar op de hoogte brengen en ten stelligste aanraden uw richtlijnen op te volgen.

En ikzelf zal ook wel effe gebruik maken van de links, altijd goed om weten. THX Woudje 100 ! ;)