Ga naar inhoud

Aanbevolen berichten

Geplaatst:

hallo,

op de laptop van mijn vriendin heb ik hetzelfde probleem als enkele anderen hier op het forum. Ze kreeg ook de melding dat haar foto's gepubliceerd werden en heeft daar nietsvermoedend op geklikt. Haar pc gaat nu stukken trager en ze stuurt zelf het virus verder rond. Ik heb al een log gemaakt, welke stappen moet ik nu ondernemen.

Alvast bedankt voor de hulp,

log=

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:30:09, on 28/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\17PHolmes1423.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\WINDOWS\System32\svchost.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\DOCUME~1\Maxime\LOCALS~1\Temp\RtkBtMnt.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\mrofinu1423.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\WINDOWS\17PHolmes1423.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Maxime\LOCALS~1\Temp\services.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {47649891-2355-73FA-0215-2800C9C9DF9E} - C:\WINDOWS\system32\eeejc.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Maxime\LOCALS~1\Temp\services.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Hepc] "C:\DOCUME~1\Maxime\MIJNDO~1\SEMBLY~1\taskmgr.exe" -vt yazb

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maximesleurs.spaces.live.com/PhotoUpload/MsnPUpld.cab

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--

End of file - 11285 bytes

Geplaatst:

Verwijder MSN (en alle andere Messengers).

Download SDFix en klik op "uitvoeren".

Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

F2 - REGystem.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUM E~1\Maxime\LOCALS~1\Temp\services.exe

O2 - BHO: (no name) - {47649891-2355-73FA-0215-2800C9C9DF9E} - C:\WINDOWS\system32\eeejc.dll (file missing)

O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Maxime\LOCALS~1\Temp\services.exe

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092C BD44BD8689220221DD3257

O4 - HKCU\..\Run: [Hepc] "C:\DOCUME~1\Maxime\MIJNDO~1\SEMBLY~1\taskmgr. exe" -vt yazb

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte bestanden met Windows Verkenner.

C:\WINDOWS\17PHolmes1423.exe

C:\WINDOWS\mrofinu1423.exe

Herstart je PC in veilige modus.

Open de SDFix map en dubbelklik op RunThis.bat om het tooltje te starten.

Typ Y om het schoonmaakproces te starten.

Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.

De computer zal dan herstarten (dit duurt langer dan gewoonlijk).

Wanneer de pc herstart zal het tooltje opnieuw runnen en het verwijderingsproces vervolgen, tot de melding Finished getoond wordt. Druk dan op eender welke toets om het script te beëindigen en je bureaubladiconen weer te laden.

Wanneer je bureaubladiconen verschijnen zal het rapportje van SDFix openen. Dit zal dan ook te vinden zijn in de SDFix map als Report.txt.

Kopieer en plak nu de inhoud van dat rapportje met een nieuw HJT-log. in je volgende bericht.

Geplaatst:

hallo,

alvast bedankt voor de snelle reactie. Ik heb de stappen proberen te volgen, maar er was een bestandje dat ik niet verwijderd kreeg via de verkenner. Ik heb alle andere stappen toch maar doorlopen. Hieronder is het SDFix report en een nieuwe log.

Nogmaals bedankt

SDFix: Version 1.163

Run by Maxime on vr 28/03/2008 at 22:13

Microsoft Windows XP [versie 5.1.2600]

Running From: C:\SDFix\SDFix

Checking Services :

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Program Files\NoDNS\UnInstall.exe - Deleted

C:\Program Files\nvcoi\mst.stt - Deleted

C:\WINDOWS\mrofinu1423.exe - Deleted

C:\WINDOWS\mrofinu1423.exe.tmp - Deleted

C:\DOCUME~1\Maxime\LOCALS~1\Temp\services.exe - Deleted

C:\WINDOWS\system32\real.txt - Deleted

Folder C:\Program Files\JavaCore - Removed

Folder C:\Program Files\NoDNS - Removed

Folder C:\Program Files\nvcoi - Removed

Folder C:\Program Files\Temporary - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-28 22:21:26

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"="C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\DOCUME~1\\Maxime\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Maxime\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 9 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"

Wed 9 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"

Wed 9 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"

Wed 9 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"

Wed 9 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"

Mon 11 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"

Tue 11 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Fri 30 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Sat 19 Jan 2008 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"

Sat 19 Jan 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"

Tue 11 Sep 2007 20 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\muziek\Back-up van licentie\drmv1lic.bak"

Tue 11 Sep 2007 4,348 ...H. --- "C:\Documents and Settings\Maxime\Mijn documenten\muziek\Back-up van licentie\drmv1key.bak"

Tue 11 Sep 2007 1,536 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\muziek\Back-up van licentie\drmv2lic.bak"

Tue 11 Sep 2007 400 ...H. --- "C:\Documents and Settings\Maxime\Mijn documenten\muziek\Back-up van licentie\drmv2key.bak"

Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Maxime\Application Data\U3\temp\Launchpad Removal.exe"

Wed 18 Apr 2007 3,126,784 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL0917.tmp"

Wed 18 Apr 2007 10,874,880 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL0920.tmp"

Fri 13 Apr 2007 76,800 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL0967.tmp"

Wed 18 Apr 2007 12,346,880 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL0970.tmp"

Wed 18 Apr 2007 13,502,464 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL1766.tmp"

Wed 18 Apr 2007 13,502,464 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL2662.tmp"

Wed 18 Apr 2007 9,306,112 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL2738.tmp"

Thu 17 May 2007 46,592 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\~WRL0423.tmp"

Thu 17 May 2007 45,056 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\~WRL0633.tmp"

Thu 17 May 2007 55,296 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\~WRL1044.tmp"

Thu 17 May 2007 55,808 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\~WRL1397.tmp"

Thu 17 May 2007 53,760 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\~WRL2542.tmp"

Thu 17 May 2007 53,760 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\~WRL3249.tmp"

Wed 16 May 2007 38,912 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL0063.tmp"

Wed 16 May 2007 39,424 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL0687.tmp"

Wed 16 May 2007 39,936 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL0761.tmp"

Wed 16 May 2007 38,912 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL1287.tmp"

Wed 16 May 2007 38,912 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL1526.tmp"

Thu 17 May 2007 70,656 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL1539.tmp"

Thu 17 May 2007 70,656 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL2199.tmp"

Thu 17 May 2007 70,656 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL2909.tmp"

Wed 16 May 2007 38,912 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL2963.tmp"

Wed 16 May 2007 39,424 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL2983.tmp"

Thu 17 May 2007 22,016 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL3220.tmp"

Wed 16 May 2007 38,912 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL3387.tmp"

Wed 16 May 2007 38,912 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL3702.tmp"

Wed 16 May 2007 39,424 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL3775.tmp"

Thu 17 May 2007 22,016 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL3952.tmp"

Thu 17 May 2007 59,392 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL4052.tmp"

Tue 22 May 2007 62,464 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\woensdag 13 juni\~WRL2534.tmp"

Tue 22 May 2007 62,464 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\woensdag 13 juni\~WRL2949.tmp"

Thu 17 May 2007 62,464 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\woensdag 13 juni\~WRL3569.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:26:12, on 28/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\rundll32.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\DOCUME~1\Maxime\LOCALS~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maximesleurs.spaces.live.com/PhotoUpload/MsnPUpld.cab

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--

End of file - 10375 bytes

Geplaatst:

Neen, niet opnieuw beginnen, want dit ziet er al prima uit. Verwijder nu die overblijvende Messenger nog - je weet nooit of daar nog een besmetting op zit - en maak een logje met Combofix.

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

En hang dan het log van Combofix en een nieuw log van HJT aan je volgende bericht.

Geplaatst:

hallo,

ik heb de vorige instructies opgevolgd. Ik heb die andere messenger van PC verwijderd en heb Combofix uitgevoerd.

Bedankt

ComboFix 08-03-27.3 - Maxime 2008-03-29 11:57:44.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.164 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\RFDHCAXR\ComboFix[1].exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\mantec~1

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_npf

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))

.

2008-03-28 22:10 . 2008-03-28 22:10 <DIR> d-------- C:\WINDOWS\ERUNT

2008-03-28 22:09 . 2008-03-28 22:26 2,632 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP

2008-03-28 22:05 . 2008-03-28 22:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot

2008-03-28 22:04 . 2008-03-28 22:04 <DIR> d--hs---- C:\FOUND.003

2008-03-28 21:30 . 2008-03-28 21:30 <DIR> d-------- C:\SDFix

2008-03-28 20:28 . 2008-03-28 20:28 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-25 22:57 . 2008-03-25 22:57 244 --ah----- C:\sqmnoopt05.sqm

2008-03-25 22:57 . 2008-03-25 22:57 232 --ah----- C:\sqmdata05.sqm

2008-03-19 22:20 . 2008-03-19 22:20 244 --ah----- C:\sqmnoopt04.sqm

2008-03-19 22:20 . 2008-03-19 22:20 232 --ah----- C:\sqmdata04.sqm

2008-03-18 17:41 . 2008-03-18 17:42 1,158 --a------ C:\WINDOWS\mozver.dat

2008-03-17 22:36 . 2008-03-17 22:36 244 --ah----- C:\sqmnoopt03.sqm

2008-03-17 22:36 . 2008-03-17 22:36 232 --ah----- C:\sqmdata03.sqm

2008-03-15 10:39 . 2008-03-15 10:39 <DIR> d-------- C:\Program Files\Windows Sidebar

2008-03-15 10:39 . 2008-03-15 10:39 <DIR> d-------- C:\Program Files\Norton AntiVirus

2008-03-15 10:39 . 2008-03-15 10:41 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-03-15 10:39 . 2008-03-15 10:41 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-03-15 10:39 . 2008-03-15 10:41 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-03-15 10:39 . 2008-03-15 10:41 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-03-15 10:38 . 2008-03-15 10:38 <DIR> d-------- C:\Program Files\Symantec

2008-03-14 23:29 . 2008-03-14 23:29 244 --ah----- C:\sqmnoopt02.sqm

2008-03-14 23:29 . 2008-03-14 23:29 232 --ah----- C:\sqmdata02.sqm

2008-03-13 23:00 . 2008-03-13 23:00 <DIR> d--hs---- C:\FOUND.002

2008-03-08 12:20 . 2008-03-28 23:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2008-03-08 12:12 . 2008-03-08 12:12 <DIR> d-------- C:\Program Files\Common Files\Softwin

2008-03-07 23:56 . 2008-03-07 23:56 <DIR> d--hs---- C:\FOUND.001

2008-03-07 13:04 . 2008-03-07 13:04 <DIR> d--hs---- C:\FOUND.000

2008-03-07 10:40 . 2008-03-07 10:40 <DIR> dr-h----- C:\$VAULT$.AVG

2008-03-07 08:25 . 2008-03-07 08:25 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\AVG7

2008-03-07 08:25 . 2008-03-07 08:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-07 08:24 . 2008-03-07 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-07 08:24 . 2008-03-07 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

2008-03-07 01:12 . 2008-03-07 01:12 244 --ah----- C:\sqmnoopt01.sqm

2008-03-07 01:12 . 2008-03-07 01:12 232 --ah----- C:\sqmdata01.sqm

2008-03-07 00:37 . 2008-03-07 18:29 328 --a------ C:\WINDOWS\wininit.ini

2008-03-06 23:41 . 2008-03-06 23:41 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\Lavasoft

2008-03-06 23:38 . 2008-03-06 23:38 <DIR> d-------- C:\Program Files\Spyware Doctor

2008-03-06 23:38 . 2008-03-06 23:38 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\PC Tools

2008-03-06 23:38 . 2008-03-06 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-06 23:38 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-03-06 23:38 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-03-06 23:38 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-03-06 23:38 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Program Files\Webroot

2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\Webroot

2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot

2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot

2008-03-06 23:37 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys

2008-03-06 23:37 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys

2008-03-06 23:37 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2008-03-06 23:37 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys

2008-03-06 23:37 . 2008-03-06 23:37 164 --a------ C:\install.dat

2008-03-06 23:36 . 2008-03-06 23:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-03-06 23:36 . 2008-03-06 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-06 23:35 . 2008-03-06 23:35 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-05 23:02 . 2008-03-05 23:02 244 --ah----- C:\sqmnoopt00.sqm

2008-03-05 23:02 . 2008-03-05 23:02 232 --ah----- C:\sqmdata00.sqm

2008-03-05 22:56 . 2008-03-05 22:56 <DIR> d-------- C:\Program Files\SpywareBlaster

2008-03-05 22:56 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-03-05 22:40 . 2008-03-05 22:40 <DIR> d-------- C:\Temp

2008-03-05 22:40 . 2008-03-05 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-02-11 17:34 --------- d-----w C:\Program Files\Picasa2

2008-02-06 21:43 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll

2008-02-06 21:43 31,408 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys

2008-02-06 21:43 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll

2008-02-06 21:43 13,021 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat

2008-02-05 19:34 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

2008-02-05 19:34 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys

2008-02-05 19:34 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys

2008-02-05 19:34 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

2008-02-05 19:34 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

2008-02-05 19:34 188,464 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

2008-02-05 19:34 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

2008-02-05 19:34 1,612 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf

2008-02-04 20:27 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2008-02-04 20:27 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2008-02-04 20:27 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2008-02-01 22:55 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2008-02-01 01:51 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2008-02-01 01:51 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2008-02-01 01:51 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-09-27 17:07 39,056 ----a-w C:\Documents and Settings\Maxime\Application Data\GDIPFONTCACHEV1.DAT

2007-06-14 19:55 143 ----a-w C:\Program Files\page.html

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-03-15 10:43 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]

"LaunchApp"="Alaunch" []

"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 21:50 88204 C:\WINDOWS\AGRSMMSG.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 09:42 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-07-19 09:42 2879488 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 09:41 53248]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 06:13 766041]

"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-05-17 19:04 151552]

"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]

"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 20:18 208896]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 09:57 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 09:57 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 09:57 118784]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-12 15:48 438272]

"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-07-14 12:13 471040]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]

"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 09:34 192512]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-07 08:26 579072]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-26 02:47 51048]

"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 07:49 718704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-07 08:24 219136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []

R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 22:43]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-20 03:20]

S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]

S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 22:43]

S3 WinPhlash;WinPhlash;F:\Bios Updates\SWinFlash\PHLASHNT.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a02ffc9-82c7-11dc-a366-001636914393}]

\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d5ac158-6f97-11dc-a341-001636914393}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-28 14:22:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-03-24 20:51:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Maxime.job"

- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-29 12:05:40

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Voltooingstijd: 2008-03-29 12:07:46 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-29 11:07:42

Pre-Run: 13,119,881,216 bytes beschikbaar

Post-Run: 13,048,889,344 bytes beschikbaar

.

2008-03-14 22:30:21 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:16:47, on 29/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\WINDOWS\System32\svchost.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\Maxime\LOCALS~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maximesleurs.spaces.live.com/PhotoUpload/MsnPUpld.cab

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--

End of file - 9655 bytes

Geplaatst:

Dit zou de laatste stap moeten zijn, voor de “grote schoonmaak” kan beginnen.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\sqmnoopt05.sqm

C:\sqmdata05.sqm

C:\sqmnoopt04.sqm

C:\sqmdata04.sqm

C:\sqmnoopt03.sqm

C:\sqmdata03.sqm

C:\sqmnoopt02.sqm

C:\sqmdata02.sqm

C:\WINDOWS\system32\bdod.bin

C:\sqmnoopt01.sqm

C:\sqmdata01.sqm

C:\sqmnoopt00.sqm

C:\sqmdata00.sqm

C:\Program Files\page.html

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Geplaatst:

hallo,

ik dacht dat ik al bezig was aan de grote schoonmaak :s . Gaat het nog een werk van lange adem worden of valt alles nog wel mee. Ik heb de indruk dat pc al wat beter gaat, kan dan?

Weer al eens bedankt

ComboFix 08-03-29.1 - Maxime 2008-03-29 19:22:00.2 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.165 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Maxime\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\Maxime\Bureaublad\CFScript.txt.txt

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

C:\FOUND.000

C:\FOUND.001

C:\FOUND.002

C:\FOUND.003

C:\Program Files\page.html

C:\sqmdata00.sqm

C:\sqmdata01.sqm

C:\sqmdata02.sqm

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmdata05.sqm

C:\sqmnoopt00.sqm

C:\sqmnoopt01.sqm

C:\sqmnoopt02.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\sqmnoopt05.sqm

C:\WINDOWS\system32\bdod.bin

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\page.html

C:\sqmdata00.sqm

C:\sqmdata01.sqm

C:\sqmdata02.sqm

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmdata05.sqm

C:\sqmnoopt00.sqm

C:\sqmnoopt01.sqm

C:\sqmnoopt02.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\sqmnoopt05.sqm

C:\WINDOWS\system32\bdod.bin

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))

.

2008-03-29 13:01 . 2008-03-29 13:01 <DIR> d-------- C:\WINDOWS\LastGood

2008-03-28 22:10 . 2008-03-28 22:10 <DIR> d-------- C:\WINDOWS\ERUNT

2008-03-28 22:09 . 2008-03-28 22:26 2,632 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP

2008-03-28 22:05 . 2008-03-28 22:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot

2008-03-28 22:04 . 2008-03-28 22:04 <DIR> d--hs---- C:\FOUND.003

2008-03-28 21:30 . 2008-03-28 21:30 <DIR> d-------- C:\SDFix

2008-03-28 20:28 . 2008-03-28 20:28 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-18 17:41 . 2008-03-18 17:42 1,158 --a------ C:\WINDOWS\mozver.dat

2008-03-15 10:39 . 2008-03-15 10:39 <DIR> d-------- C:\Program Files\Norton AntiVirus

2008-03-13 23:00 . 2008-03-13 23:00 <DIR> d--hs---- C:\FOUND.002

2008-03-08 12:12 . 2008-03-08 12:12 <DIR> d-------- C:\Program Files\Common Files\Softwin

2008-03-07 23:56 . 2008-03-07 23:56 <DIR> d--hs---- C:\FOUND.001

2008-03-07 13:04 . 2008-03-07 13:04 <DIR> d--hs---- C:\FOUND.000

2008-03-07 10:40 . 2008-03-07 10:40 <DIR> dr-h----- C:\$VAULT$.AVG

2008-03-07 08:25 . 2008-03-07 08:25 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\AVG7

2008-03-07 08:25 . 2008-03-07 08:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-07 08:24 . 2008-03-07 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-07 08:24 . 2008-03-07 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

2008-03-07 00:37 . 2008-03-07 18:29 328 --a------ C:\WINDOWS\wininit.ini

2008-03-06 23:41 . 2008-03-06 23:41 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\Lavasoft

2008-03-06 23:38 . 2008-03-06 23:38 <DIR> d-------- C:\Program Files\Spyware Doctor

2008-03-06 23:38 . 2008-03-06 23:38 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\PC Tools

2008-03-06 23:38 . 2008-03-06 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-06 23:38 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-03-06 23:38 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-03-06 23:38 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-03-06 23:38 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Program Files\Webroot

2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\Webroot

2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot

2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot

2008-03-06 23:37 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys

2008-03-06 23:37 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys

2008-03-06 23:37 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2008-03-06 23:37 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys

2008-03-06 23:37 . 2008-03-06 23:37 164 --a------ C:\install.dat

2008-03-06 23:36 . 2008-03-06 23:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-03-06 23:36 . 2008-03-06 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-06 23:35 . 2008-03-06 23:35 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-05 22:56 . 2008-03-05 22:56 <DIR> d-------- C:\Program Files\SpywareBlaster

2008-03-05 22:56 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-03-05 22:40 . 2008-03-05 22:40 <DIR> d-------- C:\Temp

2008-03-05 22:40 . 2008-03-05 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-11 17:34 --------- d-----w C:\Program Files\Picasa2

2007-09-27 17:07 39,056 ----a-w C:\Documents and Settings\Maxime\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((( snapshot@2008-03-29_12.07.12.35 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-02-06 21:43:54 31,408 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\SymIM.sys

+ 2008-03-29 11:11:34 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_208.dat

+ 2008-03-29 11:13:06 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_f24.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]

"LaunchApp"="Alaunch" []

"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 21:50 88204 C:\WINDOWS\AGRSMMSG.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 09:42 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-07-19 09:42 2879488 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 09:41 53248]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 06:13 766041]

"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-05-17 19:04 151552]

"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]

"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 20:18 208896]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 09:57 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 09:57 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 09:57 118784]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-12 15:48 438272]

"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-07-14 12:13 471040]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]

"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 09:34 192512]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-07 08:26 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-07 08:24 219136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]

R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]

S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-20 03:20]

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 WinPhlash;WinPhlash;F:\Bios Updates\SWinFlash\PHLASHNT.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a02ffc9-82c7-11dc-a366-001636914393}]

\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d5ac158-6f97-11dc-a341-001636914393}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-28 14:22:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-29 19:23:28

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-03-29 19:23:50

ComboFix-quarantined-files.txt 2008-03-29 18:23:48

ComboFix2.txt 2008-03-29 11:07:48

Pre-Run: 13,433,913,344 bytes beschikbaar

Post-Run: 13,420,068,864 bytes beschikbaar

.

2008-03-14 22:30:21 --- E O F ---

Geplaatst:

Met "grote schoonmaak" bedoelde ik enkel dat je de gebruikte programma's moest verwijderen, een cleaning doen en je besmette herstelpunten moest verwijderen. De rest was inderdaad al achter de rug ... op 1 puntje na. Wil je handmatig eerst nog volgende mappen verwijderen : C:\FOUND.000, C:\FOUND.001, C:\FOUND.002 en C:\FOUND.003. En dan heb je alles achter de rug.

Problemen van de baan, dan even opruimen. En je JAVA kan een update gebruiken.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Verwijder SDFix.

Download CCleaner.

Installeer het en start het op. Klik in de linkse kolom op “Opties”. Selecteer het tabblad ‘Geavanceerd’ en haal het vinkje weg voor “Verwijder alleen tijdelijke bestanden in de Windows systeemmap die ouder zijn dan 48 uur” en sluit hierna het programma.

Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen.

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".

- Zet een vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Windows vraagt of je dat zeker weet.

- Klik "Ja".

- Klik "OK".

- Start de pc opnieuw op.

- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"

- Klik "Ja".

- Verwijder het vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Klik "OK".

- Start de pc opnieuw op

- Er is nu een nieuw herstelpunt aangemaakt.

Je Java software is verouderd. Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren.

Download Java Runtime Environment (JRE) 6u5.

  • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u5".
  • Klik op de "Download" knop aan de rechterkant.
  • In het uitklapmenu rechts naast Platform, selecteer “Windows”.
  • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op “Continue”.
  • De pagina zal herladen.
  • Klik op de jre-6u5-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn, zeker je webbrowser.
  • Ga dan naar Start -> Configuratiescherm -> Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op “Verwijderen” of op de “Wijzig/Verwijder” knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

That’s it !

En dan mag de MSN er terug op ... als je daar nog zin in hebt :)

Geplaatst:

hallo,

ik heb die bestandjes wat ik handmatig moest verwijderen niet gevonden. Ik heb geprobeerd via de verkenner en via zoeken, maar ik vind ze niet. Ik heb alle andere stappen wel gevolgd. De pc gaat echt merkbaar beter. Ik ben blij dat de laptop terug in orde is en mijn vriendin is content dat het haar geen geld gekost heeft :). Merci voor de tips en de instructies.

Bedankt

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.