Mededeling

Collapse
No announcement yet.

spybot-search & destroy

Collapse
X
Collapse
  •  
  • Page of 2
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige 1 2 template Volgende
  • #1

    spybot-search & destroy

    ik heb het programma spybot-search & destroy op mijn laptop gezet maar ik geef altijd maar als antwoord wijzigingen toestaan bij het vinden van belangrijke register entry ontdekkingen, ik weet helemaal niet of ik hier goed aan doe.

    Bij Hijack This, voor een log voor jullie, vindt mijn AVG virus scanner een aantal Trojan horse dingen die hij niet wil verwijderen, en ik krijg nu meer en meer pokerpagina's en andere spyware tussen het surfen door, ik hoop dat jullie mij kunnen helpen.

    Groeten Ansje


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:21:57, on 7-3-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Wireless LAN Utility\Am772cfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: AM772CFG.lnk = ?
    O4 - Startup: IMVU.lnk = E:\spel\roy\IMVU\IMVUClient.exe
    O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
    O4 - Startup: UMScheduler 2.0.lnk = C:\Nokia\Update_Manager\bin\UMScheduler.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?NL (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Algemeen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.nl/s/v/27.44/uploader2.cab
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9591 bytes
    Labels: Geen
    • Citaat
  • #2
    Schakel tijdelijk Windows Defender uit
    Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
    * Open Windows Defender > Klik Tools
    * Klik "General Settings"
    * Scroll naar "Real Time Protection Options"
    * Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
    * Sluit Windows Defender
    (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)


    Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident TeaTimer en klik OK
    - Herstart de computer

    Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
    Als de computer schoon is, kun je TeaTimer weer aan zetten


    Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

    Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
    Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Windows 10 opstarten in Veilige Modus
    • Citaat

    Comment

    • #3
      ik heb alles gedaan maar ik blijf steken bij het downloaden van reset teatimer.
      ik krijg een zwart scherm met de tekst unsupported version.

      ik heb vista basic

      hoop van u te horen en alvast bedankt
      ansje
      • Citaat

      Comment

      • #4
        Zet spybot helemaal even uit en ga door met de rest van de fix aub.

        Windows 10 opstarten in Veilige Modus
        • Citaat

        Comment

        • #5
          ik heb spybot uitgedaan maar hetzelde probleem blijft zich voor doen,
          reset teatimer gaat niet verder dan een zwart beeld
          • Citaat

          Comment

          • #6
            vergeet t timer even en doe gewoon eerst de rest van de fix.

            Windows 10 opstarten in Veilige Modus
            • Citaat

            Comment

            • #7
              ok ik heb nu combo fix zijn werk laten doen en hieronder het resultaat, wel eng hoor

              ComboFix 08-03-10.1 - Algemeen 2008-03-10 20:07:23.1 - NTFSx86
              Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.315 [GMT 1:00]
              Gestart vanuit: C:\Users\Algemeen\Desktop\ComboFix.exe
              * Nieuw herstelpunt werd aangemaakt
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\temp\tn3
              C:\Windows\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden

              .
              (((((((((((((((((((( Bestanden Gemaakt van 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))
              .

              Geen nieuwe bestanden aangemaakt in deze periode

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-03-10 08:12 --------- d-----w C:\Users\Algemeen\AppData\Roaming\AVG7
              2008-03-10 08:11 --------- d-----w C:\Program Files\Registry Defender
              2008-03-09 12:58 --------- d-----w C:\Program Files\Lavasoft
              2008-03-09 12:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
              2008-03-09 12:25 --------- d---a-w C:\ProgramData\TEMP
              2008-03-07 16:48 --------- d-----w C:\Users\Algemeen\AppData\Roaming\GlarySoft
              2008-03-07 16:40 --------- d-----w C:\Program Files\Glary Utilities
              2008-03-07 05:30 --------- d-----w C:\ProgramData\Avg7
              2008-03-06 21:48 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
              2008-03-06 21:48 --------- d-----w C:\ProgramData\Grisoft
              2008-03-05 21:42 --------- d-----w C:\Program Files\IObit
              2008-03-05 08:22 86,144 ----a-w C:\Windows\system32\drivers\umbuss.sys
              2008-03-05 08:21 86,144 ----a-w C:\Windows\system32\drivers\ULIAGPKXX.sys
              2008-03-05 08:21 86,144 ----a-w C:\Windows\system32\drivers\mpioo.sys
              2008-03-05 08:21 167,545 ----a-w C:\Windows\system32\drivers\core.cache.dsk
              2008-03-05 08:18 41,168,824 ----a-w C:\Windows\System32\avg75avwt_516a1225.exe
              2008-03-05 08:18 1,365,540 ----a-w C:\Windows\untd.exe
              2008-03-05 07:17 --------- d-----w C:\Program Files\Bingo Card Creator
              2008-02-24 20:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2008-02-24 19:31 --------- d-----w C:\Program Files\SpywareGuard
              2008-02-14 02:03 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
              2008-02-14 02:03 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
              2008-02-14 02:03 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
              2008-02-14 02:03 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
              2008-02-14 02:03 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
              2008-02-14 02:03 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
              2008-02-14 02:03 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
              2008-02-14 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
              2008-02-14 02:02 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
              2008-02-14 02:02 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
              2008-02-14 02:02 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
              2008-02-14 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
              2008-02-14 02:02 1,686,528 ----a-w C:\Windows\System32\gameux.dll
              2008-02-13 21:32 194,560 ----a-w C:\Windows\System32\WebClnt.dll
              2008-02-13 21:32 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
              2008-02-13 21:25 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
              2008-02-13 21:25 24,064 ----a-w C:\Windows\System32\netcfg.exe
              2008-02-13 21:25 22,016 ----a-w C:\Windows\System32\netiougc.exe
              2008-02-13 21:25 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
              2008-02-13 21:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
              2008-02-13 21:21 824,832 ----a-w C:\Windows\System32\wininet.dll
              2008-02-13 21:21 56,320 ----a-w C:\Windows\System32\iesetup.dll
              2008-02-13 21:21 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
              2008-02-13 21:21 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
              2008-02-12 20:36 --------- d-----w C:\Program Files\Picasa2
              2008-02-11 20:56 --------- d-----w C:\Program Files\Java
              2008-02-05 19:32 --------- d-----w C:\ProgramData\Lavasoft
              2008-02-04 21:21 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
              2008-02-04 21:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
              2008-02-04 20:51 --------- d-----w C:\Program Files\Trend Micro
              2008-02-04 19:46 --------- d-----w C:\ProgramData\Anvsoft
              2008-01-30 08:26 --------- d-----w C:\Program Files\MSECache
              2008-01-29 21:57 --------- d-----w C:\Program Files\Windows Mail
              2008-01-29 21:53 8,704 ----a-w C:\Windows\System32\hcrstco.dll
              2008-01-29 21:53 8,704 ----a-w C:\Windows\System32\hccoin.dll
              2008-01-29 21:53 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
              2008-01-29 21:53 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
              2008-01-29 21:53 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
              2008-01-29 21:53 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
              2008-01-29 21:53 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
              2008-01-29 21:53 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
              2008-01-29 21:52 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
              2008-01-16 22:27 --------- d-----w C:\Users\Algemeen\AppData\Roaming\Uniblue
              2008-01-16 18:43 --------- d-----w C:\Program Files\Maxis
              2008-01-16 18:29 --------- d-----w C:\ProgramData\Sophos
              2008-01-14 22:26 --------- d-----w C:\Users\Algemeen\AppData\Roaming\Ahead
              2008-01-14 22:13 --------- d-----w C:\Users\Algemeen\AppData\Roaming\NCH Swift Sound
              2008-01-14 21:54 --------- d-----w C:\Users\Algemeen\AppData\Roaming\Recordpad
              2008-01-14 21:54 --------- d-----w C:\ProgramData\NCH Swift Sound
              2008-01-14 21:54 --------- d-----w C:\Program Files\NCH Software
              2008-01-12 11:58 --------- d-----w C:\Program Files\Windows Sidebar
              2008-01-12 08:31 11,776 ----a-w C:\Windows\System32\sbunattend.exe
              2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
              2007-12-13 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
              2007-12-13 02:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
              2007-12-13 02:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
              2007-12-12 16:12 249,856 ------w C:\Windows\Setup1.exe
              2007-12-12 16:11 73,216 ----a-w C:\Windows\ST6UNST.EXE
              2007-09-05 21:54 174 --sha-w C:\Program Files\desktop.ini
              2006-08-02 11:58 3,811,643 ----a-w C:\Users\Algemeen\USB_driver.exe
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 09:31 1232896]
              "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 10:57 413696]
              "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 20:25 90191]
              "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 20:25 7766016]
              "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 20:25 81920]
              "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 13:50 815104]
              "RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 14:50 3772416 C:\Windows\RtHDVCpl.exe]
              "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 17:11 577536]
              "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 09:02 98304]
              "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 09:05 106496]
              "Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 09:02 81920]
              "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
              "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-06 22:50 579072]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-06 22:48 219136]

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
              "LogonHoursAction"= 2 (0x2)
              "DontDisplayLogonHoursWarnings"= 1 (0x1)

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
              avgwlntf.dll 2008-03-06 22:48 9216 C:\Windows\System32\avgwlntf.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
              "Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
              "AntiVirusOverride"=dword:00000001
              "AntiSpywareOverride"=dword:00000001

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
              "{C2EF154B-7B7C-4053-8F3D-D536B767C8DC}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
              "{F01F0B43-EEE1-4A88-A995-A6BD4F671A21}"= UDP:990:LocalSubnet:LocalSubnet|IF={30056627-5685-4683-AA64-A6D3942CD5B9}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr%systemroot%\WindowsMobile\wmdSync.exe,-4001|[email protected]%systemroot%\WindowsMobile\wmdSync.exe,-4001
              "{51EA60B2-8BE1-459B-BBF2-EA68D9DB0A5B}"= UDP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
              "{4DB86B19-CCEC-4282-A653-E190B629DAD9}"= TCP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
              "{0CFEA678-5FB6-4767-9879-E404A4C3CA28}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
              "{84F07519-9B23-49C3-991D-D103F5BAB056}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
              "{78EE1B5E-917B-409A-8D51-F257B05CBF89}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
              "{72B69131-CD8B-47F9-8179-957C0A3ECF4F}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
              "{5DD2141F-3420-44D7-AA82-7720795408B0}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
              "{38D62F5D-F5FE-4E4D-8C56-60D24C2AFB32}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
              "{68C8079C-2FAA-4C80-AF75-0FBB21498DB8}"= Disabled:UDP:C:\Users\Algemeen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR81HLVJ\incredimail_install[1].exe:IncrediMail Installer
              "{96A4682E-7E4A-45B0-ADBF-F32E661B4EB5}"= Disabled:TCP:C:\Users\Algemeen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR81HLVJ\incredimail_install[1].exe:IncrediMail Installer
              "{4C3C42ED-C68A-40DA-825C-22FF2D60B47B}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
              "{C8039CDC-ABD5-42DD-A7AB-44E570BC4931}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
              "{EE8E78F3-97DD-4DC4-9133-83866BF42C55}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
              "{B4CBEB64-C303-4F1E-B490-29D95D10F970}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
              "{1A9BDD25-0050-4DC0-B705-9A12F4472674}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
              "{D5068BEA-82EF-4C14-8739-C99C40F0DAD8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
              "TCP Query User{80BAD2BA-7CCD-493E-B116-EE8F04FE159B}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
              "UDP Query User{961669C9-6792-420A-8922-6B97DC7D1683}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
              "{6E248201-A5E9-44CE-BE6C-A2FCE694B9D1}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
              "{0DE4C762-943A-4E72-972D-CAE0EBDE8684}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
              "{652FB428-47C9-40CF-9C15-7E79E361397E}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
              "{D4168C54-EE98-4A8F-BA06-3F0F3AC07660}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
              "{E4B7E5EC-3E99-4921-8A9B-D1FAD28DB1C7}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
              "{96C6EE1C-D70A-4133-AD67-73B8044D9FB9}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
              "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

              R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 05:34]
              R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 22:11]
              R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 10:29]
              R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
              S3 NETw3v32;Stuurprogramma voor Intel(R) PRO/Wireless 3945ABG-adapter onder Windows Vista 32-bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 09:42]
              S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
              S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32]
              S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-02-14 18:50]
              S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-02-14 18:41]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
              LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
              WindowsMobile REG_MULTI_SZ wcescomm rapimgr
              LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc534b22-f3f1-11db-8226-00a0d16d96e0}]
              \shell\AutoRun\command - D:\OnSpcLCK.exe

              .
              Inhoud van de 'Gedeelde Taken' map
              "2008-03-10 19:15:00 C:\Windows\Tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job"
              - C:\Windows\system32\msfeedssync.exe
              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-03-10 20:13:18
              Windows 6.0.6000 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              ------------------------ Other Running Processes ------------------------
              .
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\Windows\system32\agrsmsvc.exe
              C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
              C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
              C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
              C:\Windows\system32\TODDSrv.exe
              C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
              C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
              C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
              C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
              C:\Windows\system32\conime.exe
              C:\Windows\System32\rundll32.exe
              C:\Program Files\Grisoft\AVG7\avgcc.exe
              C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              C:\Program Files\Wireless LAN Utility\Am772cfg.exe
              C:\Program Files\Synaptics\SynTP\SynToshiba.exe
              C:\Program Files\Windows Media Player\wmpnetwk.exe
              .
              **************************************************************************
              .
              Voltooingstijd: 2008-03-10 20:15:25 - machine was rebooted
              ComboFix-quarantined-files.txt 2008-03-10 19:15:18
              .
              2008-03-07 10:43:16 --- E O F ---
              • Citaat

              Comment

              • #8
                Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

                • File::
                  C:\Windows\system32\drivers\umbuss.sys
                  C:\Windows\system32\drivers\ULIAGPKXX.sys
                  C:\Windows\system32\drivers\mpioo.sys
                  C:\Windows\system32\drivers\core.cache.dsk

                Sla dit op op je Bureaublad als CFScript.txt.

                Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                Dit zal ComboFix doen herstarten.

                Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

                Windows 10 opstarten in Veilige Modus
                • Citaat

                Comment

                • #9
                  hier komt het


                  ComboFix 08-03-10.1 - Algemeen 2008-03-10 20:41:52.2 - NTFSx86
                  Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.273 [GMT 1:00]
                  Gestart vanuit: C:\Users\Algemeen\Desktop\ComboFix.exe
                  Command switches used :: C:\Users\Algemeen\Desktop\CFScript.txt
                  * Nieuw herstelpunt werd aangemaakt

                  FILE ::
                  C:\Windows\system32\drivers\core.cache.dsk
                  C:\Windows\system32\drivers\mpioo.sys
                  C:\Windows\system32\drivers\ULIAGPKXX.sys
                  C:\Windows\system32\drivers\umbuss.sys
                  .

                  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                  .

                  C:\temp\tn3
                  C:\Windows\system32\drivers\core.cache.dsk
                  C:\Windows\system32\drivers\mpioo.sys
                  C:\Windows\system32\drivers\ULIAGPKXX.sys
                  C:\Windows\system32\drivers\umbuss.sys

                  .
                  (((((((((((((((((((( Bestanden Gemaakt van 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))
                  .

                  Geen nieuwe bestanden aangemaakt in deze periode

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-03-10 08:12 --------- d-----w C:\Users\Algemeen\AppData\Roaming\AVG7
                  2008-03-10 08:11 --------- d-----w C:\Program Files\Registry Defender
                  2008-03-09 12:58 --------- d-----w C:\Program Files\Lavasoft
                  2008-03-09 12:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                  2008-03-09 12:25 --------- d---a-w C:\ProgramData\TEMP
                  2008-03-07 16:48 --------- d-----w C:\Users\Algemeen\AppData\Roaming\GlarySoft
                  2008-03-07 16:40 --------- d-----w C:\Program Files\Glary Utilities
                  2008-03-07 05:30 --------- d-----w C:\ProgramData\Avg7
                  2008-03-06 21:48 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
                  2008-03-06 21:48 --------- d-----w C:\ProgramData\Grisoft
                  2008-03-05 21:42 --------- d-----w C:\Program Files\IObit
                  2008-03-05 08:18 41,168,824 ----a-w C:\Windows\System32\avg75avwt_516a1225.exe
                  2008-03-05 08:18 1,365,540 ----a-w C:\Windows\untd.exe
                  2008-03-05 07:17 --------- d-----w C:\Program Files\Bingo Card Creator
                  2008-02-24 20:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
                  2008-02-24 19:31 --------- d-----w C:\Program Files\SpywareGuard
                  2008-02-14 02:03 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
                  2008-02-14 02:03 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
                  2008-02-14 02:03 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
                  2008-02-14 02:03 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
                  2008-02-14 02:03 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
                  2008-02-14 02:03 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
                  2008-02-14 02:03 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
                  2008-02-14 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
                  2008-02-14 02:02 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
                  2008-02-14 02:02 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
                  2008-02-14 02:02 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
                  2008-02-14 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
                  2008-02-14 02:02 1,686,528 ----a-w C:\Windows\System32\gameux.dll
                  2008-02-13 21:32 194,560 ----a-w C:\Windows\System32\WebClnt.dll
                  2008-02-13 21:32 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
                  2008-02-13 21:25 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
                  2008-02-13 21:25 24,064 ----a-w C:\Windows\System32\netcfg.exe
                  2008-02-13 21:25 22,016 ----a-w C:\Windows\System32\netiougc.exe
                  2008-02-13 21:25 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
                  2008-02-13 21:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
                  2008-02-13 21:21 824,832 ----a-w C:\Windows\System32\wininet.dll
                  2008-02-13 21:21 56,320 ----a-w C:\Windows\System32\iesetup.dll
                  2008-02-13 21:21 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
                  2008-02-13 21:21 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
                  2008-02-12 20:36 --------- d-----w C:\Program Files\Picasa2
                  2008-02-11 20:56 --------- d-----w C:\Program Files\Java
                  2008-02-05 19:32 --------- d-----w C:\ProgramData\Lavasoft
                  2008-02-04 21:21 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
                  2008-02-04 21:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
                  2008-02-04 20:51 --------- d-----w C:\Program Files\Trend Micro
                  2008-02-04 19:46 --------- d-----w C:\ProgramData\Anvsoft
                  2008-01-30 08:26 --------- d-----w C:\Program Files\MSECache
                  2008-01-29 21:57 --------- d-----w C:\Program Files\Windows Mail
                  2008-01-29 21:53 8,704 ----a-w C:\Windows\System32\hcrstco.dll
                  2008-01-29 21:53 8,704 ----a-w C:\Windows\System32\hccoin.dll
                  2008-01-29 21:53 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
                  2008-01-29 21:53 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
                  2008-01-29 21:53 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
                  2008-01-29 21:53 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
                  2008-01-29 21:53 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
                  2008-01-29 21:53 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
                  2008-01-29 21:52 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
                  2008-01-16 22:27 --------- d-----w C:\Users\Algemeen\AppData\Roaming\Uniblue
                  2008-01-16 18:43 --------- d-----w C:\Program Files\Maxis
                  2008-01-16 18:29 --------- d-----w C:\ProgramData\Sophos
                  2008-01-14 22:26 --------- d-----w C:\Users\Algemeen\AppData\Roaming\Ahead
                  2008-01-14 22:13 --------- d-----w C:\Users\Algemeen\AppData\Roaming\NCH Swift Sound
                  2008-01-14 21:54 --------- d-----w C:\Users\Algemeen\AppData\Roaming\Recordpad
                  2008-01-14 21:54 --------- d-----w C:\ProgramData\NCH Swift Sound
                  2008-01-14 21:54 --------- d-----w C:\Program Files\NCH Software
                  2008-01-12 11:58 --------- d-----w C:\Program Files\Windows Sidebar
                  2008-01-12 08:31 11,776 ----a-w C:\Windows\System32\sbunattend.exe
                  2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
                  2007-12-13 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
                  2007-12-13 02:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
                  2007-12-13 02:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
                  2007-12-12 16:12 249,856 ------w C:\Windows\Setup1.exe
                  2007-12-12 16:11 73,216 ----a-w C:\Windows\ST6UNST.EXE
                  2007-09-05 21:54 174 --sha-w C:\Program Files\desktop.ini
                  2006-08-02 11:58 3,811,643 ----a-w C:\Users\Algemeen\USB_driver.exe
                  .

                  ((((((((((((((((((((((((((((( [email protected]_20.14.56.10 )))))))))))))))))))))))))))))))))))))))))
                  .
                  - 2008-03-10 19:12:32 67,584 --s-a-w C:\Windows\bootstat.dat
                  + 2008-03-10 19:45:47 67,584 --s-a-w C:\Windows\bootstat.dat
                  - 2008-03-10 18:32:27 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
                  + 2008-03-10 19:33:38 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
                  - 2008-03-10 19:13:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
                  + 2008-03-10 19:46:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
                  + 2008-03-10 19:46:23 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
                  - 2008-03-10 19:07:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
                  + 2008-03-10 19:41:22 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
                  - 2008-03-10 19:13:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
                  + 2008-03-10 19:46:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
                  - 2008-03-10 08:13:44 9,562 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-989567600-88910159-973224903-1000_UserData.bin
                  + 2008-03-10 19:14:39 9,826 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-989567600-88910159-973224903-1000_UserData.bin
                  - 2008-03-10 08:13:44 61,414 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
                  + 2008-03-10 19:14:39 61,618 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
                  - 2008-03-10 08:16:30 49,070 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
                  + 2008-03-10 19:14:33 49,496 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
                  - 2008-03-10 18:29:41 296,008 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
                  + 2008-03-10 19:33:25 296,274 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 09:31 1232896]
                  "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 10:57 413696]
                  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 20:25 90191]
                  "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 20:25 7766016]
                  "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 20:25 81920]
                  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 13:50 815104]
                  "RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 14:50 3772416 C:\Windows\RtHDVCpl.exe]
                  "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 17:11 577536]
                  "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 09:02 98304]
                  "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 09:05 106496]
                  "Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 09:02 81920]
                  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
                  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
                  "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-06 22:50 579072]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-06 22:48 219136]

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                  "LogonHoursAction"= 2 (0x2)
                  "DontDisplayLogonHoursWarnings"= 1 (0x1)

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
                  avgwlntf.dll 2008-03-06 22:48 9216 C:\Windows\System32\avgwlntf.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
                  "Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
                  "DisableMonitoring"=dword:00000001

                  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                  "DisableMonitoring"=dword:00000001

                  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
                  "DisableMonitoring"=dword:00000001

                  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
                  "AntiVirusOverride"=dword:00000001
                  "AntiSpywareOverride"=dword:00000001

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
                  "{C2EF154B-7B7C-4053-8F3D-D536B767C8DC}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
                  "{F01F0B43-EEE1-4A88-A995-A6BD4F671A21}"= UDP:990:LocalSubnet:LocalSubnet|IF={30056627-5685-4683-AA64-A6D3942CD5B9}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr%systemroot%\WindowsMobile\wmdSync.exe,-4001|[email protected]%systemroot%\WindowsMobile\wmdSync.exe,-4001
                  "{51EA60B2-8BE1-459B-BBF2-EA68D9DB0A5B}"= UDP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
                  "{4DB86B19-CCEC-4282-A653-E190B629DAD9}"= TCP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
                  "{0CFEA678-5FB6-4767-9879-E404A4C3CA28}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
                  "{84F07519-9B23-49C3-991D-D103F5BAB056}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
                  "{78EE1B5E-917B-409A-8D51-F257B05CBF89}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
                  "{72B69131-CD8B-47F9-8179-957C0A3ECF4F}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
                  "{5DD2141F-3420-44D7-AA82-7720795408B0}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
                  "{38D62F5D-F5FE-4E4D-8C56-60D24C2AFB32}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
                  "{68C8079C-2FAA-4C80-AF75-0FBB21498DB8}"= Disabled:UDP:C:\Users\Algemeen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR81HLVJ\incredimail_install[1].exe:IncrediMail Installer
                  "{96A4682E-7E4A-45B0-ADBF-F32E661B4EB5}"= Disabled:TCP:C:\Users\Algemeen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR81HLVJ\incredimail_install[1].exe:IncrediMail Installer
                  "{4C3C42ED-C68A-40DA-825C-22FF2D60B47B}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
                  "{C8039CDC-ABD5-42DD-A7AB-44E570BC4931}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
                  "{EE8E78F3-97DD-4DC4-9133-83866BF42C55}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
                  "{B4CBEB64-C303-4F1E-B490-29D95D10F970}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
                  "{1A9BDD25-0050-4DC0-B705-9A12F4472674}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
                  "{D5068BEA-82EF-4C14-8739-C99C40F0DAD8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
                  "TCP Query User{80BAD2BA-7CCD-493E-B116-EE8F04FE159B}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
                  "UDP Query User{961669C9-6792-420A-8922-6B97DC7D1683}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
                  "{6E248201-A5E9-44CE-BE6C-A2FCE694B9D1}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
                  "{0DE4C762-943A-4E72-972D-CAE0EBDE8684}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
                  "{652FB428-47C9-40CF-9C15-7E79E361397E}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
                  "{D4168C54-EE98-4A8F-BA06-3F0F3AC07660}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
                  "{E4B7E5EC-3E99-4921-8A9B-D1FAD28DB1C7}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
                  "{96C6EE1C-D70A-4133-AD67-73B8044D9FB9}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
                  "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

                  R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
                  R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 22:40]
                  R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 05:34]
                  R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 22:11]
                  R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 10:29]
                  R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
                  S2 RapiMgr;Op Windows Mobile gebaseerde apparaatverbinding;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
                  S2 WcesComm;Op Windows Mobile 2003 gebaseerde apparaatverbinding;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
                  S3 NETw3v32;Stuurprogramma voor Intel(R) PRO/Wireless 3945ABG-adapter onder Windows Vista 32-bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 09:42]
                  S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
                  S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32]
                  S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-02-14 18:50]
                  S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-02-14 18:41]

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                  LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
                  WindowsMobile REG_MULTI_SZ wcescomm rapimgr
                  LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc534b22-f3f1-11db-8226-00a0d16d96e0}]
                  \shell\AutoRun\command - D:\OnSpcLCK.exe

                  .
                  Inhoud van de 'Gedeelde Taken' map
                  "2008-03-10 19:39:59 C:\Windows\Tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job"
                  - C:\Windows\system32\msfeedssync.exe
                  .
                  **************************************************************************

                  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-03-10 20:46:27
                  Windows 6.0.6000 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  Scan succesvol afgerond
                  verborgen bestanden: 0

                  **************************************************************************
                  .
                  ------------------------ Other Running Processes ------------------------
                  .
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\Windows\system32\agrsmsvc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
                  C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
                  C:\Windows\system32\TODDSrv.exe
                  C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
                  C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                  C:\Windows\system32\conime.exe
                  C:\Program Files\Grisoft\AVG7\avgcc.exe
                  C:\Program Files\Synaptics\SynTP\SynToshiba.exe
                  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  C:\Windows\System32\rundll32.exe
                  C:\Program Files\Wireless LAN Utility\Am772cfg.exe
                  C:\Program Files\Windows Media Player\wmpnetwk.exe
                  .
                  **************************************************************************
                  .
                  Voltooingstijd: 2008-03-10 20:48:40 - machine was rebooted
                  ComboFix-quarantined-files.txt 2008-03-10 19:48:34
                  ComboFix2.txt 2008-03-10 19:15:26
                  .
                  2008-03-07 10:43:16 --- E O F ---
                  • Citaat

                  Comment

                  • #10
                    Doe dit ook nog ff

                    Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in
                    een leeg venster:


                    • Driver::
                      umbuss
                      ULIAGPKXX
                      mpioo

                    Sla dit op op je Bureaublad als CFScript.txt.

                    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                    Dit zal ComboFix doen herstarten.

                    Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

                    Windows 10 opstarten in Veilige Modus
                    • Citaat

                    Comment

                    • #11
                      hier komt het:

                      ComboFix 08-03-10.1 - Algemeen 2008-03-10 21:20:24.3 - NTFSx86
                      Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.244 [GMT 1:00]
                      Gestart vanuit: C:\Users\Algemeen\Desktop\ComboFix.exe
                      Command switches used :: C:\Users\Algemeen\Desktop\CFScript.txt
                      * Nieuw herstelpunt werd aangemaakt
                      .

                      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))
                      .

                      Geen nieuwe bestanden aangemaakt in deze periode

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-03-10 08:12 --------- d-----w C:\Users\Algemeen\AppData\Roaming\AVG7
                      2008-03-10 08:11 --------- d-----w C:\Program Files\Registry Defender
                      2008-03-09 12:58 --------- d-----w C:\Program Files\Lavasoft
                      2008-03-09 12:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                      2008-03-09 12:25 --------- d---a-w C:\ProgramData\TEMP
                      2008-03-07 16:48 --------- d-----w C:\Users\Algemeen\AppData\Roaming\GlarySoft
                      2008-03-07 16:40 --------- d-----w C:\Program Files\Glary Utilities
                      2008-03-07 05:30 --------- d-----w C:\ProgramData\Avg7
                      2008-03-06 21:48 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
                      2008-03-06 21:48 --------- d-----w C:\ProgramData\Grisoft
                      2008-03-05 21:42 --------- d-----w C:\Program Files\IObit
                      2008-03-05 08:18 41,168,824 ----a-w C:\Windows\System32\avg75avwt_516a1225.exe
                      2008-03-05 08:18 1,365,540 ----a-w C:\Windows\untd.exe
                      2008-03-05 07:17 --------- d-----w C:\Program Files\Bingo Card Creator
                      2008-02-24 20:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
                      2008-02-24 19:31 --------- d-----w C:\Program Files\SpywareGuard
                      2008-02-14 02:03 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
                      2008-02-14 02:03 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
                      2008-02-14 02:03 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
                      2008-02-14 02:03 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
                      2008-02-14 02:03 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
                      2008-02-14 02:03 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
                      2008-02-14 02:03 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
                      2008-02-14 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
                      2008-02-14 02:02 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
                      2008-02-14 02:02 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
                      2008-02-14 02:02 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
                      2008-02-14 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
                      2008-02-14 02:02 1,686,528 ----a-w C:\Windows\System32\gameux.dll
                      2008-02-13 21:32 194,560 ----a-w C:\Windows\System32\WebClnt.dll
                      2008-02-13 21:32 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
                      2008-02-13 21:25 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
                      2008-02-13 21:25 24,064 ----a-w C:\Windows\System32\netcfg.exe
                      2008-02-13 21:25 22,016 ----a-w C:\Windows\System32\netiougc.exe
                      2008-02-13 21:25 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
                      2008-02-13 21:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
                      2008-02-13 21:21 824,832 ----a-w C:\Windows\System32\wininet.dll
                      2008-02-13 21:21 56,320 ----a-w C:\Windows\System32\iesetup.dll
                      2008-02-13 21:21 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
                      2008-02-13 21:21 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
                      2008-02-12 20:36 --------- d-----w C:\Program Files\Picasa2
                      2008-02-11 20:56 --------- d-----w C:\Program Files\Java
                      2008-02-05 19:32 --------- d-----w C:\ProgramData\Lavasoft
                      2008-02-04 21:21 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
                      2008-02-04 21:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
                      2008-02-04 20:51 --------- d-----w C:\Program Files\Trend Micro
                      2008-02-04 19:46 --------- d-----w C:\ProgramData\Anvsoft
                      2008-01-30 08:26 --------- d-----w C:\Program Files\MSECache
                      2008-01-29 21:57 --------- d-----w C:\Program Files\Windows Mail
                      2008-01-29 21:53 8,704 ----a-w C:\Windows\System32\hcrstco.dll
                      2008-01-29 21:53 8,704 ----a-w C:\Windows\System32\hccoin.dll
                      2008-01-29 21:53 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
                      2008-01-29 21:53 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
                      2008-01-29 21:53 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
                      2008-01-29 21:53 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
                      2008-01-29 21:53 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
                      2008-01-29 21:53 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
                      2008-01-29 21:52 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
                      2008-01-16 22:27 --------- d-----w C:\Users\Algemeen\AppData\Roaming\Uniblue
                      2008-01-16 18:43 --------- d-----w C:\Program Files\Maxis
                      2008-01-16 18:29 --------- d-----w C:\ProgramData\Sophos
                      2008-01-14 22:26 --------- d-----w C:\Users\Algemeen\AppData\Roaming\Ahead
                      2008-01-14 22:13 --------- d-----w C:\Users\Algemeen\AppData\Roaming\NCH Swift Sound
                      2008-01-14 21:54 --------- d-----w C:\Users\Algemeen\AppData\Roaming\Recordpad
                      2008-01-14 21:54 --------- d-----w C:\ProgramData\NCH Swift Sound
                      2008-01-14 21:54 --------- d-----w C:\Program Files\NCH Software
                      2008-01-12 11:58 --------- d-----w C:\Program Files\Windows Sidebar
                      2008-01-12 08:31 11,776 ----a-w C:\Windows\System32\sbunattend.exe
                      2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
                      2007-12-13 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
                      2007-12-13 02:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
                      2007-12-13 02:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
                      2007-12-12 16:12 249,856 ------w C:\Windows\Setup1.exe
                      2007-12-12 16:11 73,216 ----a-w C:\Windows\ST6UNST.EXE
                      2007-09-05 21:54 174 --sha-w C:\Program Files\desktop.ini
                      2006-08-02 11:58 3,811,643 ----a-w C:\Users\Algemeen\USB_driver.exe
                      .

                      ((((((((((((((((((((((((((((( [email protected]_20.14.56.10 )))))))))))))))))))))))))))))))))))))))))
                      .
                      - 2008-03-10 19:12:32 67,584 --s-a-w C:\Windows\bootstat.dat
                      + 2008-03-10 20:25:04 67,584 --s-a-w C:\Windows\bootstat.dat
                      + 2000-08-31 07:00:00 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
                      - 2008-03-10 18:32:27 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
                      + 2008-03-10 20:00:57 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
                      - 2008-03-10 19:13:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
                      + 2008-03-10 20:25:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
                      + 2008-03-10 20:25:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
                      - 2008-03-10 19:07:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
                      + 2008-03-10 20:19:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
                      - 2008-03-10 19:13:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
                      + 2008-03-10 20:25:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
                      + 2008-03-10 20:25:40 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
                      - 2008-03-10 08:13:44 9,562 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-989567600-88910159-973224903-1000_UserData.bin
                      + 2008-03-10 19:47:52 9,874 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-989567600-88910159-973224903-1000_UserData.bin
                      - 2008-03-10 08:13:44 61,414 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
                      + 2008-03-10 19:47:52 61,698 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
                      - 2008-03-10 08:16:30 49,070 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
                      + 2008-03-10 19:47:48 49,652 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
                      - 2008-03-10 18:29:41 296,008 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
                      + 2008-03-10 19:33:25 296,274 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
                      .
                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 09:31 1232896]
                      "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 10:57 413696]
                      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 20:25 90191]
                      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 20:25 7766016]
                      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 20:25 81920]
                      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 13:50 815104]
                      "RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 14:50 3772416 C:\Windows\RtHDVCpl.exe]
                      "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 17:11 577536]
                      "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 09:02 98304]
                      "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 09:05 106496]
                      "Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 09:02 81920]
                      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
                      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-06 22:50 579072]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-06 22:48 219136]

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                      "LogonHoursAction"= 2 (0x2)
                      "DontDisplayLogonHoursWarnings"= 1 (0x1)

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
                      avgwlntf.dll 2008-03-06 22:48 9216 C:\Windows\System32\avgwlntf.dll

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
                      "Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
                      "DisableMonitoring"=dword:00000001

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                      "DisableMonitoring"=dword:00000001

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
                      "DisableMonitoring"=dword:00000001

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
                      "AntiVirusOverride"=dword:00000001
                      "AntiSpywareOverride"=dword:00000001

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
                      "{C2EF154B-7B7C-4053-8F3D-D536B767C8DC}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
                      "{F01F0B43-EEE1-4A88-A995-A6BD4F671A21}"= UDP:990:LocalSubnet:LocalSubnet|IF={30056627-5685-4683-AA64-A6D3942CD5B9}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr%systemroot%\WindowsMobile\wmdSync.exe,-4001|[email protected]%systemroot%\WindowsMobile\wmdSync.exe,-4001
                      "{51EA60B2-8BE1-459B-BBF2-EA68D9DB0A5B}"= UDP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
                      "{4DB86B19-CCEC-4282-A653-E190B629DAD9}"= TCP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
                      "{0CFEA678-5FB6-4767-9879-E404A4C3CA28}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
                      "{84F07519-9B23-49C3-991D-D103F5BAB056}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
                      "{78EE1B5E-917B-409A-8D51-F257B05CBF89}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
                      "{72B69131-CD8B-47F9-8179-957C0A3ECF4F}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
                      "{5DD2141F-3420-44D7-AA82-7720795408B0}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
                      "{38D62F5D-F5FE-4E4D-8C56-60D24C2AFB32}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
                      "{68C8079C-2FAA-4C80-AF75-0FBB21498DB8}"= Disabled:UDP:C:\Users\Algemeen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR81HLVJ\incredimail_install[1].exe:IncrediMail Installer
                      "{96A4682E-7E4A-45B0-ADBF-F32E661B4EB5}"= Disabled:TCP:C:\Users\Algemeen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR81HLVJ\incredimail_install[1].exe:IncrediMail Installer
                      "{4C3C42ED-C68A-40DA-825C-22FF2D60B47B}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
                      "{C8039CDC-ABD5-42DD-A7AB-44E570BC4931}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
                      "{EE8E78F3-97DD-4DC4-9133-83866BF42C55}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
                      "{B4CBEB64-C303-4F1E-B490-29D95D10F970}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
                      "{1A9BDD25-0050-4DC0-B705-9A12F4472674}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
                      "{D5068BEA-82EF-4C14-8739-C99C40F0DAD8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
                      "TCP Query User{80BAD2BA-7CCD-493E-B116-EE8F04FE159B}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
                      "UDP Query User{961669C9-6792-420A-8922-6B97DC7D1683}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
                      "{6E248201-A5E9-44CE-BE6C-A2FCE694B9D1}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
                      "{0DE4C762-943A-4E72-972D-CAE0EBDE8684}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
                      "{652FB428-47C9-40CF-9C15-7E79E361397E}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
                      "{D4168C54-EE98-4A8F-BA06-3F0F3AC07660}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
                      "{E4B7E5EC-3E99-4921-8A9B-D1FAD28DB1C7}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
                      "{96C6EE1C-D70A-4133-AD67-73B8044D9FB9}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
                      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

                      R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 05:34]
                      R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 22:11]
                      R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 10:29]
                      R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
                      S3 NETw3v32;Stuurprogramma voor Intel(R) PRO/Wireless 3945ABG-adapter onder Windows Vista 32-bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 09:42]
                      S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
                      S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-02-14 18:50]
                      S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-02-14 18:41]

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                      LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
                      WindowsMobile REG_MULTI_SZ wcescomm rapimgr
                      LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc534b22-f3f1-11db-8226-00a0d16d96e0}]
                      \shell\AutoRun\command - D:\OnSpcLCK.exe

                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2008-03-10 20:19:59 C:\Windows\Tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job"
                      - C:\Windows\system32\msfeedssync.exe
                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-03-10 21:25:45
                      Windows 6.0.6000 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      ------------------------ Other Running Processes ------------------------
                      .
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\Windows\system32\agrsmsvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
                      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
                      C:\Windows\system32\TODDSrv.exe
                      C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
                      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
                      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                      C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
                      C:\Windows\system32\conime.exe
                      C:\Windows\System32\rundll32.exe
                      C:\Program Files\Grisoft\AVG7\avgcc.exe
                      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      C:\Program Files\Wireless LAN Utility\Am772cfg.exe
                      C:\Program Files\Synaptics\SynTP\SynToshiba.exe
                      C:\Program Files\Windows Media Player\wmpnetwk.exe
                      .
                      **************************************************************************
                      .
                      Voltooingstijd: 2008-03-10 21:27:42 - machine was rebooted
                      ComboFix-quarantined-files.txt 2008-03-10 20:27:34
                      ComboFix2.txt 2008-03-10 19:48:41
                      ComboFix3.txt 2008-03-10 19:15:26
                      .
                      2008-03-07 10:43:16 --- E O F ---
                      • Citaat

                      Comment

                      • #12
                        Prima, hoe gaat het nu met je pc ?

                        Windows 10 opstarten in Veilige Modus
                        • Citaat

                        Comment

                        • #13
                          ik zal eens gaan surfen en kijken of ik nog pop ups krijg, ik laat binnen 5 minuten van me horen tot nu toe zie ik niets
                          • Citaat

                          Comment

                          • #14
                            tjonge ik kan het niet geloven ik denk dat het opgelost is, normaal gezien had ik al wel 5 casino dingen gehad.
                            mag ik vragen om ervan te leren had ik nu last van een virus?
                            en kan ik bij vragen van spybot altijd wijzigingen toestaan doen?
                            ik hoop weer een reaktie en wil u bedanken voor het oplossen van mijn probleem, ik stel het zeer op prijs
                            groeten ansje
                            • Citaat

                            Comment

                            • #15
                              Malware.

                              Verwijder ComboFix, kopiëer het volgende commando:
                              Combofix /U

                              Klik Start -> Uitvoeren, en plak (Ctrl-V) het commando, toets vervolgens Ctrl + Shift + Enter.
                              Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.


                              Hier nog wat tips. Beveiligings Tips

                              ene graag gedaan

                              Windows 10 opstarten in Veilige Modus
                              • Citaat

                              Comment

                              Vorige 1 2 template Volgende
                              Sorry, you are not authorized to view this page
                              Working...
                              X