weet niet waar mijn vraag thuis hoort,

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Diana1965]

ik wist niet dat dit bericht bij Jack020 terecht zou komen.(foutje)

gr.Diana

[kweezie wabbit]

Best al je reactie hier plaatsen, dan kunnen we allemaal meekijken en zoeken naar een oplossing.

Heb je combofix al uitgevoerd? Kan je dan het logje plaatsen.

[Diana1965]

je zou mij 20-04 een berichtje hebben gestuurt??

ik kan em niet vinden.

gr.Diana

---------- Post toegevoegd om 09:25 ---------- Vorige post was om 09:23 ----------

combofix?

[Diana1965]

snap niet veel van engels en snap niet hoe ik mijn anti-virus moet uit schakelen.

combofix wil niet verder gaan.

wat nu?

[kweezie wabbit]

combofix?

Zie bovenaan deze pagina bericht nr 11 van Kape.

[Diana1965]

heb t geprobeert maar kom er niet uit,ben niet zo goed in engels(srry)

[kape]

Je hebt NOD32 als virusscanner. Die moet je normaal niet verwijderen om Combofix te kunnen gebruiken. Werk gewoon uit wat in het bericht over Combofix staat? Eerst downloaden naar bureaublad, dan laten scannen en daarna het log in je volgende bericht hangen.

[Diana1965]

het is gelukt.

hier komt het logje;

ComboFix 11-04-22.03 - HP_Administrator 23-04-2011 15:48:02.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.586 [GMT 2:00]

Gestart vanuit: c:\documents and settings\HP_Administrator\Bureaublad\ComboFix.exe

AV: ESET NOD32 antivirus system 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\desktop.ini

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Diana\WINDOWS

c:\documents and settings\Gast\WINDOWS

c:\documents and settings\HP_Administrator\Application Data\PriceGong

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\1.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\a.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\b.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\c.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\d.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\e.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\f.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\g.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\h.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\i.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\J.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\k.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\l.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\m.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\n.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\o.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\p.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\q.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\r.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\s.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\t.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\u.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\v.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\w.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\x.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\y.xml

c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\z.xml

c:\documents and settings\HP_Administrator\WINDOWS

c:\documents and settings\Jaco\Application Data\PriceGong

c:\documents and settings\Jaco\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Jaco\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Jaco\WINDOWS

c:\documents and settings\Kimberley\Application Data\PriceGong

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Kimberley\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Kimberley\WINDOWS

c:\documents and settings\Samantha\Application Data\PriceGong

c:\documents and settings\Samantha\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Samantha\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Samantha\WINDOWS

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\winlogon.txt

D:\Autorun.inf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-03-23 to 2011-04-23 ))))))))))))))))))))))))))))))

.

.

2011-04-19 07:49 . 2011-04-19 07:49 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-04-18 08:59 . 2011-04-18 08:59 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Conduit

2011-04-18 08:59 . 2011-04-18 08:59 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\DVDVideoSoftTB

2011-04-06 13:26 . 2011-04-06 13:26 -------- d--h--r- c:\documents and settings\HP_Administrator\Onlangs geopend

2011-04-06 13:21 . 2011-04-06 13:21 -------- d-----w- c:\documents and settings\Samantha\Local Settings\Application Data\Conduit

2011-04-06 13:21 . 2011-04-16 21:40 -------- d-----w- c:\documents and settings\Samantha\Local Settings\Application Data\DVDVideoSoftTB

2011-04-05 21:31 . 2011-04-05 21:31 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\Conduit

2011-04-05 21:31 . 2011-04-05 21:32 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\DVDVideoSoftTB

2011-04-05 20:22 . 2011-04-05 20:22 -------- d-----w- c:\program files\Conduit

2011-04-05 20:22 . 2011-04-12 20:57 -------- d-----w- c:\documents and settings\Kimberley\Local Settings\Application Data\DVDVideoSoftTB

2011-04-05 20:22 . 2011-04-05 20:22 -------- d-----w- c:\documents and settings\Kimberley\Local Settings\Application Data\Conduit

2011-04-05 20:22 . 2011-04-05 20:22 -------- d-----w- c:\documents and settings\Kimberley\Local Settings\Application Data\Temp

2011-04-05 19:42 . 2011-04-05 20:21 -------- d-----w- c:\documents and settings\Kimberley\Application Data\DVDVideoSoftIEHelpers

2011-04-05 19:42 . 2011-04-05 20:22 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2011-04-05 19:42 . 2011-04-05 20:21 -------- d-----w- c:\program files\DVDVideoSoft

2011-04-05 15:54 . 2011-04-05 15:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2004-09-02 04:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:36 . 2004-09-02 04:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:53 . 2004-09-02 04:00 1858048 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:07 . 2004-09-02 04:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:07 . 2004-09-02 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:07 . 2004-09-02 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:43 . 2004-09-02 04:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2004-09-02 04:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2004-09-02 04:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2004-09-02 04:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-11 14:44 . 2006-09-18 10:33 236544 ----a-w- c:\windows\system32\fxscover.exe

2011-02-08 13:33 . 2004-09-02 04:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2004-09-02 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-04 16:48 . 2004-09-02 04:00 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 16:48 . 2004-09-02 04:00 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-02 07:58 . 2004-09-02 04:00 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2004-09-02 04:00 677888 ----a-w- c:\windows\system32\mstsc.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7622656]

"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-01-17 950664]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]

"nwiz"="nwiz.exe" [2006-06-20 1519616]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]

.

c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-18 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-18 27136]

.

c:\documents and settings\Samantha\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-18 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-18 27136]

.

c:\documents and settings\Gast\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-18 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-18 27136]

.

c:\documents and settings\Jaco\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-18 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-18 27136]

.

c:\documents and settings\Kimberley\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-18 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-18 27136]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

ReSchedHPSU.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-18 27136]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

.

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17-1-2007 22:34 15424]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18-9-2006 12:29 2829696]

R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [18-9-2006 12:29 468768]

S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24-2-2005 12:29 162176]

.

Inhoud van de 'Gedeelde Taken' map

.

2007-04-12 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job

- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-12-19 00:06]

.

2011-04-23 c:\windows\Tasks\User_Feed_Synchronization-{326B0915-341A-4459-B58D-B91933B8218E}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

2011-04-23 c:\windows\Tasks\User_Feed_Synchronization-{9C80AB28-ED18-4B61-B20F-2A180E985BAA}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

2011-04-23 c:\windows\Tasks\User_Feed_Synchronization-{BFD7279D-9644-4660-B138-2256273FA232}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

2011-04-23 c:\windows\Tasks\User_Feed_Synchronization-{C9CFBB39-834F-42FF-848B-12B9DA89AFD6}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

2011-04-23 c:\windows\Tasks\User_Feed_Synchronization-{FDC95A5D-F72F-4AF9-9011-4E40EE94456D}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/mypcchoice

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\imon.dll

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

HKLM-Run-PCDrProfiler - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-23 15:59

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'lsass.exe'(892)

c:\windows\system32\imon.dll

.

Voltooingstijd: 2011-04-23 16:02:41

ComboFix-quarantined-files.txt 2011-04-23 14:02

.

Pre-Run: 120.516.550.656 bytes beschikbaar

Post-Run: 125.332.303.872 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - DD121D056B577527EF8957CBD0C850C0

groetjes van Diana

ps. er kwam toen combo-fix bezig was een melding via nod32 dat er een treat was en die is in quarantaine gezet, moet ik dat verwijderen???

23 april 2011 aangepast door Diana1965

[kape]

Combofix heeft behoorlijk wat rotzooi van de PC verwijderd.

Volgende vetgedrukte mappen mag je nog manueel verwijderen :

c:\documents and settings\HP_Administrator\Local Settings\Application Data\Conduit

c:\documents and settings\Samantha\Local Settings\Application Data\Conduit

c:\documents and settings\Jaco\Local Settings\Application Data\Conduit

c:\program files\Conduit

c:\documents and settings\Kimberley\Local Settings\Application Data\Conduit

... en laat dan eens weten hoe het nu met de problemen staat ?

Ontdekte bestand mag je in de quarantaine laten staan.