hijackthis log nakijken :trojan

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Driver::

mailKmd

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[Asus]

Een update betreffende de stand van zaken...

Unhide.exe opnieuw gerund...de eerste keer dat dit programma werd uitgevoerd gebeurde dit niet vanop bureaublad...resultaat = hetzelfde.

2e run Combofix : logje plaats ik hier onder.

In normale modus kan er geen ESET online scan uitgevoerd worden via IE...ook niet in veilige modus.

Dit lukt wel in veilige modus in Mozilla Firefox, deze scan loopt nu...resultaat post ik later.

Nadien volgt Dr.Web.

CF-logje :

ComboFix 11-10-06.03 - linda 06/10/2011 15:47:32.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1013.262 [GMT 2:00]

Gestart vanuit: c:\users\linda\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\linda\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-06 to 2011-10-06 ))))))))))))))))))))))))))))))

.

.

2011-10-06 14:30 . 2011-10-06 14:31 -------- d-----w- c:\users\linda\AppData\Local\temp

2011-10-06 14:30 . 2011-10-06 14:30 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-10-06 14:30 . 2011-10-06 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-06 13:09 . 2011-10-06 13:09 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8529818B-B1B6-4BBC-A50A-FA6A5CF7BFFE}\offreg.dll

2011-10-06 12:38 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8529818B-B1B6-4BBC-A50A-FA6A5CF7BFFE}\mpengine.dll

2011-09-29 11:48 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-09-08 14:07 . 2011-01-27 13:59 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4ED32741-C339-474C-84A0-25E8E563DB71}\gapaengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-12 23:14 . 2011-04-09 19:00 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-29 08:40 . 2011-07-29 08:40 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-25 17:31 . 2011-06-06 07:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-22 02:54 . 2011-08-12 07:15 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-12 07:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-12 07:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-13 03:39 . 2011-07-30 11:15 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-11 13:25 . 2011-08-24 06:59 2048 ----a-w- c:\windows\system32\tzres.dll

2011-10-04 19:47 . 2011-06-06 08:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-05_10.42.47 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-01-16 14:04 . 2011-10-05 07:54 72608 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2007-01-16 14:04 . 2011-10-06 13:10 72608 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2006-11-02 13:05 . 2011-10-05 07:54 99350 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2011-10-06 13:10 99350 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2007-03-03 21:31 . 2011-10-05 07:54 24450 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1737638517-1942631310-39755458-1000_UserData.bin

+ 2007-03-03 21:31 . 2011-10-06 13:10 24450 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1737638517-1942631310-39755458-1000_UserData.bin

+ 2011-10-06 12:22 . 2011-10-06 12:22 9560 c:\windows\System32\networklist\icons\{0EE06D98-27F9-441D-88B3-C70A33861AE0}_48.bin

+ 2011-10-06 12:22 . 2011-10-06 12:22 4280 c:\windows\System32\networklist\icons\{0EE06D98-27F9-441D-88B3-C70A33861AE0}_32.bin

+ 2011-10-06 12:22 . 2011-10-06 12:22 2456 c:\windows\System32\networklist\icons\{0EE06D98-27F9-441D-88B3-C70A33861AE0}_24.bin

+ 2011-10-06 13:08 . 2011-10-06 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-10-05 07:46 . 2011-10-05 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-06 13:08 . 2011-10-06 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-10-05 07:46 . 2011-10-05 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2007-01-16 11:45 . 2011-10-05 07:52 679288 c:\windows\System32\perfh013.dat

+ 2007-01-16 11:45 . 2011-10-06 13:14 679288 c:\windows\System32\perfh013.dat

- 2006-11-02 10:33 . 2011-10-05 07:52 598096 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2011-10-06 13:14 598096 c:\windows\System32\perfh009.dat

+ 2007-01-16 11:45 . 2011-10-06 13:14 131186 c:\windows\System32\perfc013.dat

- 2007-01-16 11:45 . 2011-10-05 07:52 131186 c:\windows\System32\perfc013.dat

+ 2006-11-02 10:33 . 2011-10-06 13:14 105070 c:\windows\System32\perfc009.dat

- 2006-11-02 10:33 . 2011-10-05 07:52 105070 c:\windows\System32\perfc009.dat

- 2010-10-02 21:11 . 2011-10-05 07:01 264644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-10-02 21:11 . 2011-10-06 13:05 264644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-06-27 15:44 . 2011-10-05 12:44 526636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1737638517-1942631310-39755458-1000-12288.dat

+ 2010-10-02 21:11 . 2011-10-06 13:05 1630646 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1737638517-1942631310-39755458-1000-8192.dat

- 2010-10-02 21:11 . 2011-10-05 07:01 1630646 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1737638517-1942631310-39755458-1000-8192.dat

+ 2011-04-17 10:42 . 2011-10-05 12:44 24177652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1737638517-1942631310-39755458-1000-4096.dat

- 2011-04-17 10:42 . 2011-10-05 07:01 24177652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1737638517-1942631310-39755458-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2011-05-13 4283256]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2008-11-04 1105920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-13 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-13 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-13 81920]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]

"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]

"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\Home Cinema\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTVRC.exe" [2008-11-04 1105920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 MpKsl03f5a4c6;MpKsl03f5a4c6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC858F7-0909-4086-BD3F-9E4544F906C9}\MpKsl03f5a4c6.sys [x]

R1 MpKsl0b84cfdb;MpKsl0b84cfdb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF913D5A-3D2E-4FDD-AE64-6F57B7CB073C}\MpKsl0b84cfdb.sys [x]

R1 MpKsl12359054;MpKsl12359054;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA383F37-FA30-4E60-827C-7B6D3A69EA05}\MpKsl12359054.sys [x]

R1 MpKsl16a50eae;MpKsl16a50eae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01DF8A64-F585-4F34-B0C0-D723F9D42683}\MpKsl16a50eae.sys [x]

R1 MpKsl1d011c29;MpKsl1d011c29;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1922506-764D-4A43-A737-973DB18D5336}\MpKsl1d011c29.sys [x]

R1 MpKsl1d5ab697;MpKsl1d5ab697;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D4D61ED-63FB-4533-A51D-364D9ECA84A7}\MpKsl1d5ab697.sys [x]

R1 MpKsl21eb8ec2;MpKsl21eb8ec2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9396D231-C4A3-4A47-9D79-8233FD3ECCEA}\MpKsl21eb8ec2.sys [x]

R1 MpKsl26e0fba1;MpKsl26e0fba1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FD02B55-1A94-4489-823B-8EB278C987CF}\MpKsl26e0fba1.sys [x]

R1 MpKsl2fa4c11a;MpKsl2fa4c11a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1922506-764D-4A43-A737-973DB18D5336}\MpKsl2fa4c11a.sys [x]

R1 MpKsl3599bf3d;MpKsl3599bf3d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A349517B-37A6-46F0-A4BA-9ACAC3FD8919}\MpKsl3599bf3d.sys [x]

R1 MpKsl360edca0;MpKsl360edca0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F02A6565-6697-4459-988D-0FF806770968}\MpKsl360edca0.sys [x]

R1 MpKsl398c4356;MpKsl398c4356;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33ED954F-5BF0-4172-8B52-9ACFFD67177E}\MpKsl398c4356.sys [x]

R1 MpKsl3de4f9a1;MpKsl3de4f9a1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3241408-E64A-4424-97FD-696B57B70801}\MpKsl3de4f9a1.sys [x]

R1 MpKsl4a07ea9a;MpKsl4a07ea9a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C708814-EE4E-46B2-B7EA-CBFEE85C8728}\MpKsl4a07ea9a.sys [x]

R1 MpKsl4b305d40;MpKsl4b305d40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CADB0872-8302-4407-ADAD-F32319FA296E}\MpKsl4b305d40.sys [x]

R1 MpKsl51b3786f;MpKsl51b3786f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DD261F0-5501-4491-83F2-A2CAA48B7D1D}\MpKsl51b3786f.sys [x]

R1 MpKsl54d7838c;MpKsl54d7838c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F02A6565-6697-4459-988D-0FF806770968}\MpKsl54d7838c.sys [x]

R1 MpKsl56229812;MpKsl56229812;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12A9FF5E-EE69-4EA7-921A-A95678B0FB2B}\MpKsl56229812.sys [x]

R1 MpKsl5630ced9;MpKsl5630ced9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{839C2A4D-85E1-4EE4-8762-7A8C7DBC55D0}\MpKsl5630ced9.sys [x]

R1 MpKsl5a783958;MpKsl5a783958;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3A35199-EEC0-434E-9062-668B4AB9DB99}\MpKsl5a783958.sys [x]

R1 MpKsl6216926e;MpKsl6216926e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F05EAD51-8837-40F5-96E9-64636F6AA587}\MpKsl6216926e.sys [x]

R1 MpKsl73336033;MpKsl73336033;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E892959-BD3C-4663-ACE8-67C9A2CD48A5}\MpKsl73336033.sys [x]

R1 MpKsl74549250;MpKsl74549250;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC858F7-0909-4086-BD3F-9E4544F906C9}\MpKsl74549250.sys [x]

R1 MpKsl7508087f;MpKsl7508087f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33ED954F-5BF0-4172-8B52-9ACFFD67177E}\MpKsl7508087f.sys [x]

R1 MpKsl88630869;MpKsl88630869;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7FDD00B-C7C9-4E4E-995C-E1802BEB1042}\MpKsl88630869.sys [x]

R1 MpKsl89c034e4;MpKsl89c034e4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C87A8CD5-4476-470E-8B52-9C9F521E75C1}\MpKsl89c034e4.sys [x]

R1 MpKsl8ea3637a;MpKsl8ea3637a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA0476B1-7648-4CE4-A3D2-DBBE1DDC9926}\MpKsl8ea3637a.sys [x]

R1 MpKsl91e11db0;MpKsl91e11db0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9AFF4D4-D7B1-4E02-A19C-4339223B37FF}\MpKsl91e11db0.sys [x]

R1 MpKsl94446ab6;MpKsl94446ab6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC4AF3A3-820B-4644-84CC-F5A3F7A38E7D}\MpKsl94446ab6.sys [x]

R1 MpKsla66d3c3f;MpKsla66d3c3f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9396D231-C4A3-4A47-9D79-8233FD3ECCEA}\MpKsla66d3c3f.sys [x]

R1 MpKsla8482fd1;MpKsla8482fd1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC858F7-0909-4086-BD3F-9E4544F906C9}\MpKsla8482fd1.sys [x]

R1 MpKslaf234721;MpKslaf234721;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21B9013D-39C4-429F-8930-0C5547C9C33B}\MpKslaf234721.sys [x]

R1 MpKslb0e5daab;MpKslb0e5daab;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7D5E319-C450-4000-BC7A-B640DEDD2120}\MpKslb0e5daab.sys [x]

R1 MpKslb933b368;MpKslb933b368;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E892959-BD3C-4663-ACE8-67C9A2CD48A5}\MpKslb933b368.sys [x]

R1 MpKslbc29cbf3;MpKslbc29cbf3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC858F7-0909-4086-BD3F-9E4544F906C9}\MpKslbc29cbf3.sys [x]

R1 MpKslbd051e09;MpKslbd051e09;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A349517B-37A6-46F0-A4BA-9ACAC3FD8919}\MpKslbd051e09.sys [x]

R1 MpKslc020974c;MpKslc020974c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54AE0B3D-5419-49A7-A6E8-790A50F5C3B0}\MpKslc020974c.sys [x]

R1 MpKslc072e3e3;MpKslc072e3e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54AE0B3D-5419-49A7-A6E8-790A50F5C3B0}\MpKslc072e3e3.sys [x]

R1 MpKslcb1fd233;MpKslcb1fd233;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E892959-BD3C-4663-ACE8-67C9A2CD48A5}\MpKslcb1fd233.sys [x]

R1 MpKsld229e1ad;MpKsld229e1ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC858F7-0909-4086-BD3F-9E4544F906C9}\MpKsld229e1ad.sys [x]

R1 MpKsld7c37111;MpKsld7c37111;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCF3B3C2-56A8-4E00-A9D2-CDEC890E0957}\MpKsld7c37111.sys [x]

R1 MpKslf4ada7fd;MpKslf4ada7fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E892959-BD3C-4663-ACE8-67C9A2CD48A5}\MpKslf4ada7fd.sys [x]

R1 MpKslf741d28d;MpKslf741d28d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB564CF4-7841-413C-8C9C-64E36E053C05}\MpKslf741d28d.sys [x]

R1 MpKslfa9d4557;MpKslfa9d4557;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{772275C3-FFD9-4288-B329-E2AE16FE4EF1}\MpKslfa9d4557.sys [x]

R1 MpKslfe84df0e;MpKslfe84df0e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33ED954F-5BF0-4172-8B52-9ACFFD67177E}\MpKslfe84df0e.sys [x]

R1 MpKslffa336cc;MpKslffa336cc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FD02B55-1A94-4489-823B-8EB278C987CF}\MpKslffa336cc.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 PhilCap;PhilCap service;c:\windows\system32\DRIVERS\PhilCap.sys [2006-10-12 1053824]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2007-01-08 449024]

S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]

S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-06 c:\windows\Tasks\User_Feed_Synchronization-{3A41416E-9B0D-4DCE-9287-1A19D78E389D}.job

- c:\windows\system32\msfeedssync.exe [2011-04-17 09:42]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hln.be/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://breedband.telenet.be

mWindow Title = Telenet Internet

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: .directnet

Trusted Zone: dexia.be\www

TCP: DhcpNameServer = 195.130.131.1 195.130.130.129

FF - ProfilePath - c:\users\linda\AppData\Roaming\Mozilla\Firefox\Profiles\v104507\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://mirostart.com/?cfg=2-365-0-2YJNE

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=nl-be&FORM=MICJE7&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-06 16:31

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(3256)

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll

.

Voltooingstijd: 2011-10-06 16:49:04

ComboFix-quarantined-files.txt 2011-10-06 14:48

ComboFix2.txt 2011-10-05 16:53

ComboFix3.txt 2011-10-05 11:00

.

Pre-Run: 47.050.514.432 bytes beschikbaar

Post-Run: 47.642.083.328 bytes beschikbaar

.

- - End Of File - - 35A3DAB9C3EB0382222FD64112D93DD3

[djibbie]

bedankt voor de moeite

[kape]

Logje Combofix is nu alvast OK.

[Asus]

Update : resultaten van ESET online scan :

C:\ProgramData\MYPCTuneUp\MYPCTuneUp\InstallCache\{239D136B-FF3C-40E2-AE19-21257BDE6D2F}\MYPCTuneUp.msi a variant of Win32/SlowPCfighter application deleted - quarantined

C:\Users\linda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3864d0c-5ca1adaf Java/Agent.DR trojan deleted - quarantined

C:\Users\linda\Downloads\registrybooster(2).exe a variant of Win32/RegistryBooster application deleted - quarantined

C:\Users\linda\Downloads\registrybooster(3).exe a variant of Win32/RegistryBooster application deleted - quarantined

C:\Users\linda\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application deleted - quarantined

Nu de volgende stap : Dr.Web...wordt vervolgd...

[kape]

Toch weer RegistryBooster ... tja. Laat de rest maar komen !

[Asus]

Dr.Web heeft geen infecties meer gevonden.

ComboFix en Qoobox zijn verwijderd, net als de map die Dr.Web had aangemaakt...idem voor de oude herstelpunten.

MSE verwijderd en Avast geïnstalleerd (dit is nu het eerste nieuw herstelpunt)...een scan met Avast = clean.

Er zijn geen meldingen meer in Windows Beveiligingscentrum...idem voor apparaatbeheer.

Ccleaner verwijderde meer dan 1 GB...

IE9 en Firefox 7.0.1 lopen perfect, net als Messenger en Windows Live Mail.

De meest noodzakelijke snelkoppelingen staan weer op bureaublad, werkbalk snel starten werd ook in orde gemaakt.

Opstarters onder handen genomen.

Straks nog een laatste complete check en een ontstofbeurt...en dan denk ik dat alle aanwezige problemen grondig opgelost zijn en we een meer-dan-dolblije Djibbie gaan te zien krijgen... ;-)

[kape]

Dit klinkt als muziek in de oren xD

Daar kan alleen maar een tevreden PC-gebruiker uit volgen

[Asus]

Zeker weten !...

Als toemaatje nog een defragmentatie uitgevoerd.

Bedankt nog voor de keurige assistentie...

Bij deze : case closed... ;-)