Jan V.

Ik zal is een nieuwe virusscanner moeten kopen idd... Bedankt voor alle hulp! Dan is dit opgelost mvg, Jan

Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Norton AntiVirus 2006 (Symantec Corporation) Norton AntiVirus Help Norton AntiVirus 2006 Norton AntiVirus SYMLT MSI Norton AntiVirus Parent MSI Antivirus out of date! `````````````````````````````` Anti-malware/Other Utilities Check: HijackThis 2.0.2 CCleaner Java 6 Update 17 Java SE Runtime Environment 6 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 7.0 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Norton AntiVirus IWP NPFMntor.exe Norton AntiVirus navapsvc.exe `````````````````````````````` DNS Vulnerability Check: `````````End of Log```````````

Bedankt voor de hulp! Mijn problemen zijn hiermee nu blijkbaar opgelost. Is dit slechts tijdelijk of kan ik nog iets doen? Jan

En dan hier de combofix nog... ComboFix 09-11-15.01 - Vaeremans 15/11/2009 11:53.4.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1351 [GMT 1:00] Gestart vanuit: c:\documents and settings\Vaeremans\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Vaeremans\Bureaublad\CFScript.txt AV: Norton AntiVirus 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FILE :: "c:\windows\system32\csyohrc.dll" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\csyohrc.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_YXHPADXB -------\Service_yxhpadxb (((((((((((((((((((( Bestanden Gemaakt van 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))) . 2009-11-15 10:47 . 2009-11-15 10:47 -------- d-----w- c:\windows\LastGood.Tmp 2009-11-15 10:19 . 2009-11-15 10:19 -------- d-----w- c:\program files\Trend Micro 2009-11-14 14:32 . 2009-11-14 14:32 -------- d--h--r- c:\documents and settings\Vaeremans\Onlangs geopend 2009-11-14 14:28 . 2009-11-14 14:28 -------- d-----w- c:\program files\CCleaner 2009-11-14 14:22 . 2009-11-14 14:21 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-14 14:21 . 2009-11-14 14:21 152576 ----a-w- c:\documents and settings\Vaeremans\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-13 18:12 . 2009-11-13 18:12 -------- d-----w- c:\documents and settings\Vaeremans\Application Data\Malwarebytes 2009-11-13 18:12 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-13 18:12 . 2009-11-13 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-13 18:12 . 2009-11-13 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-13 18:12 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-03 15:07 . 2004-06-15 05:00 7680 ----a-w- c:\windows\system32\CNMVS61.DLL 2009-11-03 15:07 . 2004-06-15 05:00 116736 ----a-w- c:\windows\system32\CNMLM61.DLL 2009-11-03 14:55 . 2009-11-03 14:55 -------- d-----w- c:\windows\StartHtmico 2009-11-03 14:55 . 2009-11-03 14:55 -------- d-----w- c:\windows\IP4000,3000 2009-11-03 14:54 . 2009-11-03 14:54 -------- d-----w- c:\program files\Canon 2009-11-03 14:40 . 2009-11-03 14:40 -------- d-----w- c:\documents and settings\Vaeremans\Local Settings\Application Data\IsolatedStorage 2009-11-03 14:40 . 2009-11-03 14:40 -------- d-----w- c:\documents and settings\Vaeremans\Local Settings\Application Data\HP 2009-11-03 14:38 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-11-03 14:38 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys 2009-11-03 14:34 . 1997-05-26 13:55 23040 ----a-w- c:\windows\system32\irisco32.dll 2009-11-03 14:34 . 2009-11-03 14:34 -------- d-----w- c:\program files\Readiris Pro 9 2009-11-03 14:31 . 2009-11-03 14:32 -------- d-----w- c:\program files\Hewlett-Packard 2009-11-03 14:31 . 2009-11-03 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2009-11-03 14:31 . 2003-12-11 10:15 626960 ----a-r- c:\windows\system32\hpvaut32.dll 2009-11-03 14:31 . 2003-12-11 10:15 487424 ----a-r- c:\windows\system32\hpvcp70.dll 2009-11-03 14:31 . 2003-12-11 10:15 344064 ----a-r- c:\windows\system32\hpvcr70.dll 2009-11-03 14:31 . 2009-11-03 14:31 45056 ----a-r- c:\documents and settings\Vaeremans\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe 2009-11-03 14:30 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-11-03 14:30 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys 2009-11-03 14:29 . 2009-11-03 14:29 -------- d-----w- c:\program files\Common Files\HP 2009-11-03 14:29 . 2009-11-03 14:29 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2009-11-03 14:27 . 2009-11-03 14:27 -------- d-----w- c:\program files\HP 2009-11-03 14:27 . 2009-11-03 14:34 85284 ----a-w- c:\windows\hpgins01.dat 2009-11-03 14:27 . 2004-05-14 04:33 145 ------w- c:\windows\hpgmdl01.dat 2009-10-24 12:31 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2009-10-24 12:31 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-15 11:03 . 2006-09-05 04:34 12 ----a-w- c:\windows\bthservsdp.dat 2009-10-10 12:58 . 2009-10-08 20:59 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-10-10 12:58 . 2009-10-08 18:36 189744 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-10-08 18:35 . 2009-10-08 18:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-10-07 18:56 . 2009-10-07 18:56 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056] "ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-02 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 52840] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-12 7577600] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-12 86016] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256] "Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 14:55 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-14 149280] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-28 185896] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-12 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557] Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-3-15 53248] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-3-15 241664] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Call of Duty\\CoDUOMP.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\EPLAN\\Education\\1.9.5\\BIN\\W3u.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= "c:\\WINDOWS\\System32\\dpvsetup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5561:TCP"= 5561:TCP:uhllnhba R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [7/07/2004 12:17 200769] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/11/2006 17:25 102712] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [19/06/2006 12:20 1097728] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mbr . Inhoud van de 'Gedeelde Taken' map 2009-11-13 c:\windows\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Vaeremans.job - c:\progra~1\NORTON~1\Navw32.exe [2005-10-21 14:11] 2006-11-23 c:\windows\Tasks\Norton AntiVirus - Norton QuickScan uitvoeren - Vaeremans.job - c:\progra~1\NORTON~1\Navw32.exe [2005-10-21 14:11] 2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-11-15 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-11-09 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: &Ontvang alles met FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Ontvang met FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://download05.managerzone.com/soccer-3d/PowerLoader.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game10.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\Vaeremans\Application Data\Mozilla\Firefox\Profiles\k24ckdeq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-11-15 12:06 Windows 5.1.2600 Service Pack 3 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8A8827B8]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xBA603B40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xBA603B40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xBA603B40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xBA603B40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xBA603B40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xBA603B40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-283804551-1194520029-3076654520-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:31,35,c2,1a,d1,21,bb,68,b4,7c,37,64,f3,78,d7,b1,ec,14,ae,06,ee,80,85, e3,e6,1c,9a,ae,c4,cd,a1,01,df,e0,72,aa,ed,a3,d3,4b,e7,a5,a8,f5,ab,8e,e1,54,\ "??"=hex:e4,d1,ac,23,d3,f8,9e,5e,39,c1,8e,ec,b2,2d,0b,74 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(2348) c:\windows\system32\MSNChatHook.dll c:\windows\system32\sysenv.dll c:\windows\system32\MSVCR71.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\PC Connectivity Solution\ConnAPI.DLL c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\acer\Empowering Technology\admServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Norton AntiVirus\IWP\NPFMntor.exe c:\windows\system32\nvsvc32.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\windows\eHome\ehmsas.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\dllhost.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\PC Connectivity Solution\NclBTHandler.exe c:\docume~1\VAEREM~1\LOCALS~1\Temp\RtkBtMnt.exe c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE c:\program files\Messenger\msmsgs.exe c:\program files\Symantec\LiveUpdate\AUpdate.exe c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . ************************************************************************** . Voltooingstijd: 2009-11-15 12:10 - machine werd herstart ComboFix-quarantined-files.txt 2009-11-15 11:10 ComboFix2.txt 2009-11-13 19:23 ComboFix3.txt 2009-11-13 18:59 Pre-Run: 11.611.111.424 bytes beschikbaar Post-Run: 11.611.308.032 bytes beschikbaar - - End Of File - - 3CD1E4E7A16AB4821C5531322D0BE91D

Dit is al het eerste logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:19:42, on 15/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\ElkCtrl.exe C:\DOCUME~1\VAEREM~1\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://download05.managerzone.com/soccer-3d/PowerLoader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextnl.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 15879 bytes

Hallo, ik heb hetzelfde probleem als in deze post http://www.pc-helpforum.be/f182/site-van-microsoft-en-msn-19168/. Ik heb dan ook de stappen daar doorlopen maar het probleem heeft zich nog niet opgelost. Dit is de log van combofix: ComboFix 09-11-13.06 - Vaeremans 13/11/2009 20:12.2.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1439 [GMT 1:00] Gestart vanuit: c:\documents and settings\Vaeremans\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Vaeremans\Bureaublad\CFScript.txt AV: Norton AntiVirus 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FILE :: "c:\windows\system32\03.tmp" "c:\windows\system32\04.tmp" "c:\windows\system32\dxovxqsm.dll" . (((((((((((((((((((( Bestanden Gemaakt van 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))) . 2009-11-13 18:12 . 2009-11-13 18:12 -------- d-----w- c:\documents and settings\Vaeremans\Application Data\Malwarebytes 2009-11-13 18:12 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-13 18:12 . 2009-11-13 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-13 18:12 . 2009-11-13 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-13 18:12 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-03 15:07 . 2004-06-15 05:00 7680 ----a-w- c:\windows\system32\CNMVS61.DLL 2009-11-03 15:07 . 2004-06-15 05:00 116736 ----a-w- c:\windows\system32\CNMLM61.DLL 2009-11-03 14:55 . 2009-11-03 14:55 -------- d-----w- c:\windows\StartHtmico 2009-11-03 14:55 . 2009-11-03 14:55 -------- d-----w- c:\windows\IP4000,3000 2009-11-03 14:54 . 2009-11-03 14:54 -------- d-----w- c:\program files\Canon 2009-11-03 14:40 . 2009-11-03 14:40 -------- d-----w- c:\documents and settings\Vaeremans\Local Settings\Application Data\IsolatedStorage 2009-11-03 14:40 . 2009-11-03 14:40 -------- d-----w- c:\documents and settings\Vaeremans\Local Settings\Application Data\HP 2009-11-03 14:38 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-11-03 14:38 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys 2009-11-03 14:34 . 1997-05-26 13:55 23040 ----a-w- c:\windows\system32\irisco32.dll 2009-11-03 14:34 . 2009-11-03 14:34 -------- d-----w- c:\program files\Readiris Pro 9 2009-11-03 14:31 . 2009-11-03 14:32 -------- d-----w- c:\program files\Hewlett-Packard 2009-11-03 14:31 . 2009-11-03 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2009-11-03 14:31 . 2003-12-11 10:15 626960 ----a-r- c:\windows\system32\hpvaut32.dll 2009-11-03 14:31 . 2003-12-11 10:15 487424 ----a-r- c:\windows\system32\hpvcp70.dll 2009-11-03 14:31 . 2003-12-11 10:15 344064 ----a-r- c:\windows\system32\hpvcr70.dll 2009-11-03 14:31 . 2009-11-03 14:31 45056 ----a-r- c:\documents and settings\Vaeremans\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe 2009-11-03 14:30 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-11-03 14:30 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys 2009-11-03 14:29 . 2009-11-03 14:29 -------- d-----w- c:\program files\Common Files\HP 2009-11-03 14:29 . 2009-11-03 14:29 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2009-11-03 14:27 . 2009-11-03 14:27 -------- d-----w- c:\program files\HP 2009-11-03 14:27 . 2009-11-03 14:34 85284 ----a-w- c:\windows\hpgins01.dat 2009-11-03 14:27 . 2004-05-14 04:33 145 ------w- c:\windows\hpgmdl01.dat 2009-10-24 12:31 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2009-10-24 12:31 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-13 18:51 . 2006-09-05 04:34 12 ----a-w- c:\windows\bthservsdp.dat 2009-10-10 12:58 . 2009-10-08 20:59 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-10-10 12:58 . 2009-10-08 18:36 189744 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-10-08 18:35 . 2009-10-08 18:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-10-07 18:56 . 2009-10-07 18:56 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory 2009-09-07 18:17 . 2008-04-20 21:44 488968 ----a-w- c:\documents and settings\Vaeremans\Application Data\Real\Update\setup\setup.exe 2009-03-21 15:10 . 2004-09-02 13:00 158775 --sh--r- c:\windows\system32\csyohrc.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056] "ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-02 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 52840] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-12 7577600] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-12 86016] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256] "Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 14:55 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-01-21 77824] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-28 185896] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-12 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557] Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-3-15 53248] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-3-15 241664] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Call of Duty\\CoDUOMP.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\EPLAN\\Education\\1.9.5\\BIN\\W3u.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= "c:\\WINDOWS\\System32\\dpvsetup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5561:TCP"= 5561:TCP:uhllnhba R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [7/07/2004 12:17 200769] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/11/2006 17:25 102712] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [19/06/2006 12:20 1097728] S2 yxhpadxb;bmpteu;c:\windows\system32\svchost.exe -k netsvcs [2/09/2004 13:00 14336] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - MBR *Deregistered* - mbr *Deregistered* - PROCEXP113 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs yxhpadxb . Inhoud van de 'Gedeelde Taken' map 2009-11-13 c:\windows\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Vaeremans.job - c:\progra~1\NORTON~1\Navw32.exe [2005-10-21 14:11] 2006-11-23 c:\windows\Tasks\Norton AntiVirus - Norton QuickScan uitvoeren - Vaeremans.job - c:\progra~1\NORTON~1\Navw32.exe [2005-10-21 14:11] 2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-11-13 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-11-09 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: &Ontvang alles met FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Ontvang met FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://download05.managerzone.com/soccer-3d/PowerLoader.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game10.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\Vaeremans\Application Data\Mozilla\Firefox\Profiles\k24ckdeq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-11-13 20:21 Windows 5.1.2600 Service Pack 3 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8A8827B8]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xBA603B40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xBA603B40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xBA603B40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xBA603B40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xBA603B40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xBA603B40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yxhpadxb] "ServiceDll"="c:\windows\system32\csyohrc.dll" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-283804551-1194520029-3076654520-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:31,35,c2,1a,d1,21,bb,68,b4,7c,37,64,f3,78,d7,b1,ec,14,ae,06,ee,80,85, e3,e6,1c,9a,ae,c4,cd,a1,01,df,e0,72,aa,ed,a3,d3,4b,e7,a5,a8,f5,ab,8e,e1,54,\ "??"=hex:e4,d1,ac,23,d3,f8,9e,5e,39,c1,8e,ec,b2,2d,0b,74 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(6084) c:\windows\system32\MSNChatHook.dll c:\windows\system32\sysenv.dll c:\windows\system32\MSVCR71.dll c:\acer\Empowering Technology\ePower\SysHook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2009-11-13 20:23 ComboFix-quarantined-files.txt 2009-11-13 19:23 ComboFix2.txt 2009-11-13 18:59 Pre-Run: 11.713.970.176 bytes beschikbaar Post-Run: 11.697.651.712 bytes beschikbaar - - End Of File - - C3A0AB13AE5C33CB065D6226E414B941 Kan iemand me hiermee verder helpen? mvg, Jan