Computer steeds trager.

[R.Scheijen]

Heel erg bedankt voor jullie reacties..

Ik kan ze echter pas zaterdagavond / zondagmorgen uitvoeren, omdat ik sinds gister deze week niet meer thuis ben. Ik zal waarschijnlijk zondag een berichtje sturen hoe het gegaan is!

Nogmaals bedankt

[R.Scheijen]

Dit is de scan van Combofix

ComboFix 10-11-12.06 - Ruud Scheijen 14-11-2010 8:21.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1014.515 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Ruud Scheijen\Mijn documenten\Downloads\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe

c:\documents and settings\All Users\Application Data\vlc-0.9.6-win32.exe

c:\documents and settings\Ruud Scheijen\Application Data\.#

c:\documents and settings\Ruud Scheijen\System

c:\documents and settings\Ruud Scheijen\System\win_qs8.jqx

c:\program files\Search Settings

c:\program files\Search Settings\kb128\SearchSettings.dll

c:\program files\Search Settings\kb128\SearchSettingsRes409.dll

c:\program files\Search Settings\SearchSettings.exe

c:\windows\system32\_004899_.tmp.dll

c:\windows\system32\_004900_.tmp.dll

c:\windows\system32\_004901_.tmp.dll

c:\windows\system32\_004902_.tmp.dll

c:\windows\system32\_004909_.tmp.dll

c:\windows\system32\_004910_.tmp.dll

c:\windows\system32\_004911_.tmp.dll

c:\windows\system32\_004912_.tmp.dll

c:\windows\system32\_004914_.tmp.dll

c:\windows\system32\_004915_.tmp.dll

c:\windows\system32\_004918_.tmp.dll

c:\windows\system32\_004919_.tmp.dll

c:\windows\system32\_004921_.tmp.dll

c:\windows\system32\_004922_.tmp.dll

c:\windows\system32\_004923_.tmp.dll

c:\windows\system32\_004925_.tmp.dll

c:\windows\system32\_004928_.tmp.dll

c:\windows\system32\_004929_.tmp.dll

c:\windows\system32\_004933_.tmp.dll

c:\windows\system32\_004934_.tmp.dll

c:\windows\system32\_004936_.tmp.dll

c:\windows\system32\_004939_.tmp.dll

c:\windows\system32\_004941_.tmp.dll

c:\windows\system32\_004942_.tmp.dll

c:\windows\system32\_004943_.tmp.dll

c:\windows\system32\_004944_.tmp.dll

c:\windows\system32\_004945_.tmp.dll

c:\windows\system32\_004948_.tmp.dll

c:\windows\system32\_004949_.tmp.dll

c:\windows\system32\_004950_.tmp.dll

c:\windows\system32\_004951_.tmp.dll

c:\windows\system32\_004952_.tmp.dll

c:\windows\system32\_004957_.tmp.dll

c:\windows\system32\_004959_.tmp.dll

c:\windows\system32\_004985_.tmp.dll

c:\windows\system32\_004986_.tmp.dll

c:\windows\system32\_004987_.tmp.dll

c:\windows\system32\_004988_.tmp.dll

c:\windows\system32\_004991_.tmp.dll

c:\windows\system32\_004992_.tmp.dll

c:\windows\system32\_004993_.tmp.dll

c:\windows\system32\_004994_.tmp.dll

c:\windows\system32\_004995_.tmp.dll

c:\windows\system32\_004996_.tmp.dll

c:\windows\system32\_004997_.tmp.dll

c:\windows\system32\_004998_.tmp.dll

c:\windows\system32\_004999_.tmp.dll

c:\windows\system32\_005000_.tmp.dll

c:\windows\system32\_005001_.tmp.dll

c:\windows\system32\_005002_.tmp.dll

c:\windows\system32\_005003_.tmp.dll

c:\windows\system32\_005004_.tmp.dll

c:\windows\system32\_005005_.tmp.dll

c:\windows\system32\_005006_.tmp.dll

c:\windows\system32\_005007_.tmp.dll

c:\windows\system32\_005008_.tmp.dll

c:\windows\system32\_005009_.tmp.dll

c:\windows\system32\_005010_.tmp.dll

c:\windows\system32\_005011_.tmp.dll

c:\windows\system32\_005012_.tmp.dll

c:\windows\system32\_005013_.tmp.dll

c:\windows\system32\_005014_.tmp.dll

c:\windows\system32\_005015_.tmp.dll

c:\windows\system32\_005016_.tmp.dll

c:\windows\system32\_005017_.tmp.dll

c:\windows\system32\_005018_.tmp.dll

c:\windows\system32\_005019_.tmp.dll

c:\windows\system32\_005020_.tmp.dll

c:\windows\system32\_005021_.tmp.dll

c:\windows\system32\_005022_.tmp.dll

c:\windows\system32\_005023_.tmp.dll

c:\windows\system32\_005024_.tmp.dll

c:\windows\system32\_005025_.tmp.dll

c:\windows\system32\_005026_.tmp.dll

c:\windows\system32\_005027_.tmp.dll

c:\windows\system32\_005028_.tmp.dll

c:\windows\system32\_005029_.tmp.dll

c:\windows\system32\_005030_.tmp.dll

c:\windows\system32\_005031_.tmp.dll

c:\windows\system32\_005032_.tmp.dll

c:\windows\system32\_005033_.tmp.dll

c:\windows\system32\_005034_.tmp.dll

c:\windows\system32\_005035_.tmp.dll

c:\windows\system32\_005036_.tmp.dll

c:\windows\system32\_005037_.tmp.dll

c:\windows\system32\_005038_.tmp.dll

c:\windows\system32\_005039_.tmp.dll

c:\windows\system32\_005040_.tmp.dll

c:\windows\system32\_005041_.tmp.dll

c:\windows\system32\_005042_.tmp.dll

c:\windows\system32\_005043_.tmp.dll

c:\windows\system32\_005044_.tmp.dll

c:\windows\system32\_005045_.tmp.dll

c:\windows\system32\_005046_.tmp.dll

c:\windows\system32\_005047_.tmp.dll

c:\windows\system32\_005048_.tmp.dll

c:\windows\system32\_005049_.tmp.dll

c:\windows\system32\_005050_.tmp.dll

c:\windows\system32\_005051_.tmp.dll

c:\windows\system32\_005052_.tmp.dll

c:\windows\system32\_005053_.tmp.dll

c:\windows\system32\_005054_.tmp.dll

c:\windows\system32\_005055_.tmp.dll

c:\windows\system32\_005056_.tmp.dll

c:\windows\system32\_005057_.tmp.dll

c:\windows\system32\_005058_.tmp.dll

c:\windows\system32\_005059_.tmp.dll

c:\windows\system32\_005060_.tmp.dll

c:\windows\system32\_005061_.tmp.dll

c:\windows\system32\_005062_.tmp.dll

c:\windows\system32\_005063_.tmp.dll

c:\windows\system32\_005064_.tmp.dll

c:\windows\system32\_005065_.tmp.dll

c:\windows\system32\_005066_.tmp.dll

c:\windows\system32\_005067_.tmp.dll

c:\windows\system32\_005068_.tmp.dll

c:\windows\system32\_005069_.tmp.dll

c:\windows\system32\_005070_.tmp.dll

c:\windows\system32\_005071_.tmp.dll

c:\windows\system32\_005072_.tmp.dll

c:\windows\system32\_005073_.tmp.dll

c:\windows\system32\_005074_.tmp.dll

c:\windows\system32\_005075_.tmp.dll

c:\windows\system32\_005076_.tmp.dll

c:\windows\system32\_005077_.tmp.dll

c:\windows\system32\_005078_.tmp.dll

c:\windows\system32\_005079_.tmp.dll

c:\windows\system32\_005080_.tmp.dll

c:\windows\system32\_005081_.tmp.dll

c:\windows\system32\_005082_.tmp.dll

c:\windows\system32\_005083_.tmp.dll

c:\windows\system32\_005084_.tmp.dll

c:\windows\system32\_005085_.tmp.dll

c:\windows\system32\_005086_.tmp.dll

c:\windows\system32\_005087_.tmp.dll

c:\windows\system32\_005088_.tmp.dll

c:\windows\system32\_005089_.tmp.dll

c:\windows\system32\_005090_.tmp.dll

c:\windows\system32\_005091_.tmp.dll

c:\windows\system32\_005092_.tmp.dll

c:\windows\system32\_005093_.tmp.dll

c:\windows\system32\_005094_.tmp.dll

c:\windows\system32\_005095_.tmp.dll

c:\windows\system32\_005096_.tmp.dll

c:\windows\system32\_005097_.tmp.dll

c:\windows\system32\_005098_.tmp.dll

c:\windows\system32\_005099_.tmp.dll

c:\windows\system32\_005100_.tmp.dll

c:\windows\system32\_005101_.tmp.dll

c:\windows\system32\_005102_.tmp.dll

c:\windows\system32\_005103_.tmp.dll

c:\windows\system32\_005104_.tmp.dll

c:\windows\system32\_005105_.tmp.dll

c:\windows\system32\_005106_.tmp.dll

c:\windows\system32\_005107_.tmp.dll

c:\windows\system32\_005108_.tmp.dll

c:\windows\system32\_005109_.tmp.dll

c:\windows\system32\_005110_.tmp.dll

c:\windows\system32\_005111_.tmp.dll

c:\windows\system32\_005112_.tmp.dll

c:\windows\system32\_005113_.tmp.dll

c:\windows\system32\_005114_.tmp.dll

c:\windows\system32\_005115_.tmp.dll

c:\windows\system32\_005116_.tmp.dll

c:\windows\system32\_005117_.tmp.dll

c:\windows\system32\_005118_.tmp.dll

c:\windows\system32\_005119_.tmp.dll

c:\windows\system32\_005120_.tmp.dll

c:\windows\system32\_005121_.tmp.dll

c:\windows\system32\_005122_.tmp.dll

c:\windows\system32\_005123_.tmp.dll

c:\windows\system32\_005124_.tmp.dll

c:\windows\system32\_005125_.tmp.dll

c:\windows\system32\_005126_.tmp.dll

c:\windows\system32\_005127_.tmp.dll

c:\windows\system32\_005128_.tmp.dll

c:\windows\system32\_005129_.tmp.dll

c:\windows\system32\_005130_.tmp.dll

c:\windows\system32\_005131_.tmp.dll

c:\windows\system32\_005132_.tmp.dll

c:\windows\system32\_005133_.tmp.dll

c:\windows\system32\_005134_.tmp.dll

c:\windows\system32\_005135_.tmp.dll

c:\windows\system32\_005136_.tmp.dll

c:\windows\system32\_005137_.tmp.dll

c:\windows\system32\_005138_.tmp.dll

c:\windows\system32\_005139_.tmp.dll

c:\windows\system32\_005140_.tmp.dll

c:\windows\system32\_005141_.tmp.dll

c:\windows\system32\_005142_.tmp.dll

c:\windows\system32\_005143_.tmp.dll

c:\windows\system32\_005144_.tmp.dll

c:\windows\system32\_005145_.tmp.dll

c:\windows\system32\_005146_.tmp.dll

c:\windows\system32\_005147_.tmp.dll

c:\windows\system32\_005148_.tmp.dll

c:\windows\system32\_005149_.tmp.dll

c:\windows\system32\_005150_.tmp.dll

c:\windows\system32\_005152_.tmp.dll

c:\windows\system32\_005153_.tmp.dll

c:\windows\system32\_005154_.tmp.dll

c:\windows\system32\_005155_.tmp.dll

c:\windows\system32\_005156_.tmp.dll

c:\windows\system32\_005157_.tmp.dll

c:\windows\system32\_005158_.tmp.dll

c:\windows\system32\_005160_.tmp.dll

c:\windows\system32\_005161_.tmp.dll

c:\windows\system32\_005162_.tmp.dll

c:\windows\system32\_005163_.tmp.dll

c:\windows\system32\_005164_.tmp.dll

c:\windows\system32\_005165_.tmp.dll

c:\windows\system32\_005166_.tmp.dll

c:\windows\system32\_005167_.tmp.dll

c:\windows\system32\_005168_.tmp.dll

c:\windows\system32\_005169_.tmp.dll

c:\windows\system32\_005170_.tmp.dll

c:\windows\system32\_005171_.tmp.dll

c:\windows\system32\_005172_.tmp.dll

c:\windows\system32\_005173_.tmp.dll

c:\windows\system32\_005174_.tmp.dll

c:\windows\system32\_005175_.tmp.dll

c:\windows\system32\_005177_.tmp.dll

c:\windows\system32\_005178_.tmp.dll

c:\windows\system32\_005179_.tmp.dll

c:\windows\system32\_005180_.tmp.dll

c:\windows\system32\_005182_.tmp.dll

c:\windows\system32\_005184_.tmp.dll

c:\windows\system32\_005185_.tmp.dll

c:\windows\system32\_005186_.tmp.dll

c:\windows\system32\_005187_.tmp.dll

c:\windows\system32\_005188_.tmp.dll

c:\windows\system32\_005189_.tmp.dll

c:\windows\system32\_005190_.tmp.dll

c:\windows\system32\_005192_.tmp.dll

c:\windows\system32\_005193_.tmp.dll

c:\windows\system32\_005194_.tmp.dll

c:\windows\system32\_005195_.tmp.dll

c:\windows\system32\_005196_.tmp.dll

c:\windows\system32\_005197_.tmp.dll

c:\windows\system32\_005198_.tmp.dll

c:\windows\system32\_005199_.tmp.dll

c:\windows\system32\_005200_.tmp.dll

c:\windows\system32\_005201_.tmp.dll

c:\windows\system32\_005202_.tmp.dll

c:\windows\system32\_005203_.tmp.dll

c:\windows\system32\_005204_.tmp.dll

c:\windows\system32\_005205_.tmp.dll

c:\windows\system32\_005206_.tmp.dll

c:\windows\system32\_005207_.tmp.dll

c:\windows\system32\_005209_.tmp.dll

c:\windows\system32\_005210_.tmp.dll

c:\windows\system32\_005211_.tmp.dll

c:\windows\system32\_005212_.tmp.dll

c:\windows\system32\_005214_.tmp.dll

c:\windows\system32\_005216_.tmp.dll

c:\windows\system32\_005217_.tmp.dll

c:\windows\system32\_005218_.tmp.dll

c:\windows\system32\_005219_.tmp.dll

c:\windows\system32\_005220_.tmp.dll

c:\windows\system32\_005221_.tmp.dll

c:\windows\system32\_005222_.tmp.dll

c:\windows\system32\_005224_.tmp.dll

c:\windows\system32\_005225_.tmp.dll

c:\windows\system32\_005226_.tmp.dll

c:\windows\system32\_005227_.tmp.dll

c:\windows\system32\_005228_.tmp.dll

c:\windows\system32\_005229_.tmp.dll

c:\windows\system32\_005230_.tmp.dll

c:\windows\system32\_005231_.tmp.dll

c:\windows\system32\_005233_.tmp.dll

c:\windows\system32\_005234_.tmp.dll

c:\windows\system32\_005237_.tmp.dll

c:\windows\system32\_005238_.tmp.dll

c:\windows\system32\_005242_.tmp.dll

c:\windows\system32\_005243_.tmp.dll

c:\windows\system32\_005245_.tmp.dll

c:\windows\system32\_005248_.tmp.dll

c:\windows\system32\_005250_.tmp.dll

c:\windows\system32\_005251_.tmp.dll

c:\windows\system32\_005252_.tmp.dll

c:\windows\system32\_005253_.tmp.dll

c:\windows\system32\_005256_.tmp.dll

c:\windows\system32\_005257_.tmp.dll

c:\windows\system32\_005258_.tmp.dll

c:\windows\system32\_005259_.tmp.dll

c:\windows\system32\_005260_.tmp.dll

c:\windows\system32\_005265_.tmp.dll

c:\windows\system32\_005267_.tmp.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

(((((((((((((((((((( Bestanden Gemaakt van 2010-10-14 to 2010-11-14 ))))))))))))))))))))))))))))))

.

2010-11-14 06:59 . 2010-11-14 07:10 -------- d-----w- c:\documents and settings\Ruud Scheijen\Application Data\Mijn The Lord of the Rings, The Rise of the Witch-king-bestanden

2010-11-13 23:06 . 2010-11-13 23:47 -------- d-----w- c:\program files\Electronic Arts

2010-11-07 11:08 . 2010-11-07 11:08 -------- d-----w- C:\Restoration

2010-11-04 14:13 . 2010-04-28 06:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2010-11-04 14:11 . 2010-11-04 14:11 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-11-04 14:07 . 2010-11-04 14:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-11-04 14:02 . 2010-11-04 14:02 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-11-04 14:00 . 2010-11-04 14:13 -------- d-----w- c:\program files\Windows Live

2010-11-03 09:37 . 2010-11-03 09:37 3584 ----a-r- c:\documents and settings\Ruud Scheijen\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2010-11-03 09:37 . 2010-11-03 09:37 -------- d-----w- c:\program files\Windows Installer Clean Up

2010-11-01 14:45 . 2010-11-01 14:46 -------- d-----w- c:\program files\Speccy

2010-10-27 21:24 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-10-25 12:11 . 2010-11-14 07:19 -------- d--h--r- c:\documents and settings\Ruud Scheijen\Onlangs geopend

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-10 09:19 . 2010-08-15 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-10 09:19 . 2010-08-15 15:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-19 20:51 . 2009-10-03 06:41 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-18 10:23 . 2004-09-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-09-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-09-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-09-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:52 . 2006-03-04 03:35 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:52 . 2004-09-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:52 . 2004-09-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-01 11:52 . 2004-09-02 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57 . 2010-08-09 09:06 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03 . 2004-09-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:55 . 2010-08-09 09:06 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-26 13:39 . 2010-08-09 09:06 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-23 16:13 . 2010-08-09 09:06 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2004-09-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2004-09-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Google Update"="c:\documents and settings\Ruud Scheijen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-09-02 44544]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office 2002 XP\Office10\OSA.EXE [2001-2-13 83360]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Ruud Scheijen^Menu Start^Programma's^Opstarten^OpenOffice.org 3.2 .lnk]

path=c:\documents and settings\Ruud Scheijen\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk

backup=c:\windows\pss\OpenOffice.org 3.2 .lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MSK80Service"=2 (0x2)

"mfevtp"=2 (0x2)

"mfefire"=2 (0x2)

"McShield"=2 (0x2)

"McProxy"=2 (0x2)

"McODS"=3 (0x3)

"McNASvc"=2 (0x2)

"McNaiAnn"=2 (0x2)

"mcmscsvc"=2 (0x2)

"McAfee SiteAdvisor Service"=2 (0x2)

"McrdSvc"=2 (0x2)

"McMPFSvc"=2 (0x2)

"iPod Service"=3 (0x3)

"gupdate"=2 (0x2)

"ehSched"=2 (0x2)

"ehRecvr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\DNA\\btdna.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Electronic Arts\\The Rise of the Witch-king\\game.dat"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14-10-2009 19:18 36880]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-7-2008 19:03 691696]

R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [3-9-2010 12:02 582992]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2-10-2009 17:39 19472]

R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [3-9-2010 12:02 206608]

S0 kyqugm;kyqugm;c:\windows\system32\drivers\fjuacmv.sys --> c:\windows\system32\drivers\fjuacmv.sys [?]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 727fe9c8;727fe9c8;c:\windows\system32\drivers\727fe9c8.sys --> c:\windows\system32\drivers\727fe9c8.sys [?]

S1 ajhwxxwm;ajhwxxwm;\??\c:\windows\system32\drivers\ajhwxxwm.sys --> c:\windows\system32\drivers\ajhwxxwm.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14-9-2009 12:42 32272]

S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [3-9-2010 12:02 206608]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2-9-2004 13:00 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504]

S4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-12-2009 21:29 133104]

S4 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Inhoud van de 'Gedeelde Taken' map

2010-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 20:29]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 20:29]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3556961487-2084710088-1128744442-1005Core.job

- c:\documents and settings\Ruud Scheijen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-09 06:43]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3556961487-2084710088-1128744442-1005UA.job

- c:\documents and settings\Ruud Scheijen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-09 06:43]

2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{6B52D93B-5281-4442-82A5-3A53269E1FBF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MIBA4D~1\Office10\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

IE: Toevoegen aan Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

.

- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe

MSConfigStartUp-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

**************************************************************************

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden:

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(1400)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\dllhost.exe

c:\windows\eHome\ehmsas.exe

c:\program files\iPod\bin\iPodService.exe

c:\documents and settings\Ruud Scheijen\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe

.

**************************************************************************

.

Voltooingstijd: 2010-11-14 08:54:46 - machine werd herstart

ComboFix-quarantined-files.txt 2010-11-14 07:54

Pre-Run: 74.639.200.256 bytes beschikbaar

Post-Run: 80.836.403.200 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=1,2,4,14

- - End Of File - - E51CB5CCB2FF0F6FA1CC33645177FB2F

Ik zal zo even kijken voor de programma's die starten bij t opstarten!

---------- Post toegevoegd om 11:25 ---------- Vorige post was om 11:17 ----------

Bij de programma's die opstarten heb ik er 2 uitgeschakeld, dus daar zal het niet aan liggen. Over bovenstaande log kan ik weinig zelf mee, want ik zie niet zo snel of er iets schadelijks tussen zit/zat.

[kape]

Combofix heeft een behoorlijk pakket "ongewenste" bestanden en mappen verwijderd. Maar we zijn er nog niet helemaal :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\fjuacmv.sys

c:\windows\system32\drivers\727fe9c8.sys

c:\windows\system32\drivers\ajhwxxwm.sys

c:\windows\system32\drivers\hitmanpro3.sys

Driver::

727fe9c8

kyqugm

ajhwxxwm

hitmanpro3

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[R.Scheijen]

Bij deze..

ComboFix 10-11-12.06 - Ruud Scheijen 14-11-2010 12:26:58.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1014.636 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Ruud Scheijen\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Ruud Scheijen\Bureaublad\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::

"c:\windows\system32\drivers\727fe9c8.sys"

"c:\windows\system32\drivers\ajhwxxwm.sys"

"c:\windows\system32\drivers\fjuacmv.sys"

"c:\windows\system32\drivers\hitmanpro3.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_HITMANPRO3

-------\Service_727fe9c8

-------\Service_ajhwxxwm

-------\Service_hitmanpro3

-------\Service_kyqugm

(((((((((((((((((((( Bestanden Gemaakt van 2010-10-14 to 2010-11-14 ))))))))))))))))))))))))))))))

.

2010-11-14 06:59 . 2010-11-14 07:10 -------- d-----w- c:\documents and settings\Ruud Scheijen\Application Data\Mijn The Lord of the Rings, The Rise of the Witch-king-bestanden

2010-11-13 23:06 . 2010-11-13 23:47 -------- d-----w- c:\program files\Electronic Arts

2010-11-07 11:08 . 2010-11-07 11:08 -------- d-----w- C:\Restoration

2010-11-04 14:13 . 2010-04-28 06:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2010-11-04 14:11 . 2010-11-04 14:11 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-11-04 14:07 . 2010-11-04 14:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-11-04 14:02 . 2010-11-04 14:02 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-11-04 14:00 . 2010-11-04 14:13 -------- d-----w- c:\program files\Windows Live

2010-11-03 09:37 . 2010-11-03 09:37 3584 ----a-r- c:\documents and settings\Ruud Scheijen\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2010-11-03 09:37 . 2010-11-03 09:37 -------- d-----w- c:\program files\Windows Installer Clean Up

2010-11-01 14:45 . 2010-11-01 14:46 -------- d-----w- c:\program files\Speccy

2010-10-27 21:24 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-10-25 12:11 . 2010-11-14 11:15 -------- d--h--r- c:\documents and settings\Ruud Scheijen\Onlangs geopend

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-10 09:19 . 2010-08-15 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-10 09:19 . 2010-08-15 15:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-19 20:51 . 2009-10-03 06:41 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-18 10:23 . 2004-09-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-09-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-09-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-09-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:52 . 2006-03-04 03:35 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:52 . 2004-09-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:52 . 2004-09-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-01 11:52 . 2004-09-02 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57 . 2010-08-09 09:06 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03 . 2004-09-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:55 . 2010-08-09 09:06 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-26 13:39 . 2010-08-09 09:06 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-23 16:13 . 2010-08-09 09:06 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2004-09-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Google Update"="c:\documents and settings\Ruud Scheijen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-09-02 44544]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office 2002 XP\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ruud Scheijen^Menu Start^Programma's^Opstarten^OpenOffice.org 3.2 .lnk]

path=c:\documents and settings\Ruud Scheijen\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk

backup=c:\windows\pss\OpenOffice.org 3.2 .lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMRUBottedTray]

2008-11-06 09:33 288088 ----a-w- c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MSK80Service"=2 (0x2)

"mfevtp"=2 (0x2)

"mfefire"=2 (0x2)

"McShield"=2 (0x2)

"McProxy"=2 (0x2)

"McODS"=3 (0x3)

"McNASvc"=2 (0x2)

"McNaiAnn"=2 (0x2)

"mcmscsvc"=2 (0x2)

"McAfee SiteAdvisor Service"=2 (0x2)

"McrdSvc"=2 (0x2)

"McMPFSvc"=2 (0x2)

"iPod Service"=3 (0x3)

"gupdate"=2 (0x2)

"ehSched"=2 (0x2)

"ehRecvr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\DNA\\btdna.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Electronic Arts\\The Rise of the Witch-king\\game.dat"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14-10-2009 19:18 36880]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-7-2008 19:03 691696]

R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [3-9-2010 12:02 582992]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2-10-2009 17:39 19472]

R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [3-9-2010 12:02 206608]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14-9-2009 12:42 32272]

S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [3-9-2010 12:02 206608]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2-9-2004 13:00 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504]

S4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-12-2009 21:29 133104]

S4 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Inhoud van de 'Gedeelde Taken' map

2010-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 20:29]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 20:29]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3556961487-2084710088-1128744442-1005Core.job

- c:\documents and settings\Ruud Scheijen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-09 06:43]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3556961487-2084710088-1128744442-1005UA.job

- c:\documents and settings\Ruud Scheijen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-09 06:43]

2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{6B52D93B-5281-4442-82A5-3A53269E1FBF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MIBA4D~1\Office10\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

IE: Toevoegen aan Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-11-14 12:44

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(1620)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

c:\windows\system32\wscntfy.exe

c:\windows\eHome\ehmsas.exe

c:\documents and settings\Ruud Scheijen\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe

.

**************************************************************************

.

Voltooingstijd: 2010-11-14 12:51:46 - machine werd herstart

ComboFix-quarantined-files.txt 2010-11-14 11:51

ComboFix2.txt 2010-11-14 07:54

Pre-Run: 80.830.906.368 bytes beschikbaar

Post-Run: 80.821.964.800 bytes beschikbaar

Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=1,2,4,14

- - End Of File - - 0DFFCA5A869FBBA73BF4FBFDE2C3FD85

[kape]

Mooi zo ... en hoe staat het nu met de snelheid ?

[R.Scheijen]

Nou tot nu toe heb ik er geen problemen mee gehad!

Ook een leuke bijkomstigheid is dat Kapersky weer dingen laat zien dat hij actief is.. zoals meldingen of dingen die je opent schadelijk zijn en of deze vertrouwd moeten worden. Ook de updates van Kapersky gaan veel sneller, en tijdens de updates kan ik ook gewoon weer andere dingen doen.

Heel erg bedankt allemaal! Jullie hebben hier een blij persoon zitten, die jullie erg dankbaar is!

Bedankt dat jullie mij geholpen hebben!

[kape]

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !