Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Hallo!

Gisteren is mijn laptop met het facebook-virus besmet. Toen ik doorhad dat er iets niet klopte (ik had via facebookmail een link doorgekregen waar ik zogezegd een update van flash player nodig had), was het al te laat... Ik weet nu niet of ik het virus heb, want er was een foutmelding gekomen... Maar vanaf dan kan ik dus niet meer op het internet via mozilla firefox (ik krijg bericht: Proxyserver weigerde verbinding) en wél met internet explorer! Kan dit hiermee te maken hebben?

Hier is mijn Hijackthislogje:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:13:04, on 4/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\a-squared Free\a2service.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Launch Manager\PowerKey.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Program Files\Launch Manager\OSDCtrl.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Labtec NumPad\Magickey.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\ACER\LOCALS~1\Temp\RtkBtMnt.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Acer | Product registration

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [synTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"

O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Enable Labtec NumPad.lnk = C:\Program Files\Labtec NumPad\Magickey.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tanyoz.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182946259000

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4938/mcfscan.cab

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--

End of file - 9979 bytes

Alvast bedankt!

Geplaatst:

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord en laat daarna even weten of er enige verbetering merkbaar is ?

Geplaatst:

Ik krijg nog steeds hetzelfde bericht bij firefox en kan dus nog steeds niet op het internet met firefox. Ik heb ook geprobeerd om het opnieuw te installeren en dit maakt geen verschil.

Na het runnen van Combofix is ineens het pijltje van onder in mijn startbalk (om niet actieve pictogrammen weer te geven) verdwenen...

Hier is het logje:

ComboFix 08-12-04.03 - ACER 2008-12-04 21:24:52.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.527 [GMT 1:00]

Gestart vanuit: c:\documents and settings\ACER\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\sys_dll.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_VFILT

(((((((((((((((((((( Bestanden Gemaakt van 2008-11-04 to 2008-12-04 ))))))))))))))))))))))))))))))

.

2008-12-04 14:46 . 2008-12-04 14:46 <DIR> dr-h----- c:\documents and settings\ACER\Onlangs geopend

2008-12-04 13:52 . 2008-12-04 13:52 <DIR> d-------- c:\temp\google

2008-12-04 13:52 . 2008-12-04 13:52 <DIR> d-------- C:\temp

2008-11-30 16:31 . 2008-11-30 16:31 244 --ah----- C:\sqmnoopt01.sqm

2008-11-30 16:31 . 2008-11-30 16:31 232 --ah----- C:\sqmdata01.sqm

2008-11-24 03:31 . 2008-11-24 03:31 1,120 --a------ c:\windows\system32\history.aaw

2008-11-23 21:31 . 2008-11-23 21:31 <DIR> d-------- c:\program files\Lavasoft

2008-11-23 21:30 . 2008-11-23 21:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-11-23 18:17 . 2008-11-23 18:17 <DIR> d-------- c:\program files\Spyware Doctor

2008-11-23 18:17 . 2008-11-25 19:00 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys

2008-11-23 18:17 . 2008-11-25 19:00 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys

2008-11-23 18:17 . 2008-11-25 19:00 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys

2008-11-23 18:17 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys

2008-11-23 18:05 . 2008-11-23 18:05 <DIR> d-------- c:\program files\a-squared Free

2008-11-21 00:13 . 2008-11-21 00:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\MumboJumbo

2008-11-15 16:40 . 2008-11-15 16:40 <DIR> d-------- c:\documents and settings\ACER\Application Data\SecretIslandEng

2008-11-13 13:09 . 2008-11-13 13:09 <DIR> d-------- c:\program files\MSXML 4.0

2008-11-13 12:55 . 2008-09-04 18:17 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

2008-11-13 12:55 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-11-01 19:08 --------- d-----w c:\documents and settings\All Users\Application Data\PBGsavesDirectory

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-15 17:37 337,408 ------w c:\windows\system32\dllcache\netapi32.dll

2008-10-03 18:38 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-15 16:28 1,846,528 ----a-w c:\windows\system32\win32k.sys

2008-09-15 16:28 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys

2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-10 01:16 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll

2008-09-08 11:41 333,824 ------w c:\windows\system32\dllcache\srv.sys

2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-05-06 19:51 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat

2008-05-22 22:39 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008052220080523\index.dat

2008-05-22 22:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]

"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]

"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 147456]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]

"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]

"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]

"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Enable Labtec NumPad.lnk - c:\program files\Labtec NumPad\Magickey.exe [2007-12-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

--a------ 2006-02-07 06:10 98304 c:\program files\Lexmark 2400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

--a------ 2006-02-02 09:11 290816 c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

--a------ 2004-08-04 05:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]

--a------ 2006-01-22 18:45 286720 c:\program files\Lexmark 2400 Series\lxcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]

R1 Hotkey;Hotkey;c:\windows\system32\drivers\Hotkey.sys [2003-04-28 9867]

R1 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [2006-09-22 12106]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560]

R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [2006-09-22 7296]

R2 osanbm;osanbm;\??\c:\windows\system32\drivers\osanbm.sys [2006-09-22 4010]

R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2006-09-22 4392]

R3 POWERKEY;POWERKEY;\??\c:\program files\Launch Manager\POWERKEY.sys [2000-12-19 2343]

R3 USBNumPad;Numberpad USB Keyboard;c:\windows\system32\Drivers\USBNumPad.sys [2007-12-24 9600]

S1 mailKmd;mailKmd; []

S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys []

S3 ALSysIO;ALSysIO;\??\c:\docume~1\ACER\LOCALS~1\Temp\ALSysIO.sys []

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-23 356920]

S3 SI15CI;SI15CI;\??\c:\elements\1stboot\SI15CI.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c6129ce-822a-11dc-b9f2-0016d3445fcd}]

\Shell\Auto\command - Folders.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Folders.exe

.

Inhoud van de 'Gedeelde Taken' map

2008-12-04 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hln.be/

mStart Page = hxxp://www.msn.com

uInternet Connection Wizard,ShellNext = hxxp://www.aceradvantage.com/stdreg

c:\windows\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1}

hxxp://downloads.ewido.net/ewidoOnlineScan.cab

FireFox -: Profile - c:\documents and settings\ACER\Application Data\Mozilla\Firefox\Profiles\3kn7c2t0.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/

FF -: plugin - c:\progra~1\MOZILL~1\plugins\np_gp.dll

FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npadjdet.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-04 21:28:35

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(824)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\wltrysvc.exe

c:\windows\System32\bcmwltry.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\a-squared Free\a2service.exe

c:\acer\Empowering Technology\admServ.exe

c:\windows\system32\WLTRAY.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

c:\docume~1\ACER\LOCALS~1\Temp\RtkBtMnt.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Alwil Software\Avast4\setup\avast.setup

.

**************************************************************************

.

Voltooingstijd: 2008-12-04 21:31:34 - machine werd herstart

ComboFix-quarantined-files.txt 2008-12-04 20:31:32

Pre-Run: 14.606.336.000 bytes beschikbaar

Post-Run: 14,541,455,360 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

220 --- E O F --- 2008-11-13 12:12:48

Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c6129ce-822a-11dc-b9f2-0016d3445fcd}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis. En hou ons op de hoogte of dit iets gewijzigd heeft aan het gedrag van Firefox ?

Geplaatst:

Nog geen verandering..

En wat kan ik doen om dat pijltje in mijn balk terug te krijgen?

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:29:56, on 4/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Launch Manager\PowerKey.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Program Files\Launch Manager\OSDCtrl.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Labtec NumPad\Magickey.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Acer | Product registration

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [synTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"

O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Enable Labtec NumPad.lnk = C:\Program Files\Labtec NumPad\Magickey.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tanyoz.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182946259000

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4938/mcfscan.cab

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--

End of file - 9514 bytes

ComboFix log:

ComboFix 08-12-04.04 - ACER 2008-12-04 23:25:34.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.536 [GMT 1:00]

Gestart vanuit: c:\documents and settings\ACER\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\ACER\Bureaublad\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-11-04 to 2008-12-04 ))))))))))))))))))))))))))))))

.

2008-12-04 14:46 . 2008-12-04 14:46 <DIR> dr-h----- c:\documents and settings\ACER\Onlangs geopend

2008-12-04 13:52 . 2008-12-04 13:52 <DIR> d-------- c:\temp\google

2008-12-04 13:52 . 2008-12-04 13:52 <DIR> d-------- C:\temp

2008-11-30 16:31 . 2008-11-30 16:31 244 --ah----- C:\sqmnoopt01.sqm

2008-11-30 16:31 . 2008-11-30 16:31 232 --ah----- C:\sqmdata01.sqm

2008-11-24 03:31 . 2008-11-24 03:31 1,120 --a------ c:\windows\system32\history.aaw

2008-11-23 21:31 . 2008-11-23 21:31 <DIR> d-------- c:\program files\Lavasoft

2008-11-23 21:30 . 2008-11-23 21:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-11-23 18:17 . 2008-11-23 18:17 <DIR> d-------- c:\program files\Spyware Doctor

2008-11-23 18:17 . 2008-11-25 19:00 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys

2008-11-23 18:17 . 2008-11-25 19:00 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys

2008-11-23 18:17 . 2008-11-25 19:00 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys

2008-11-23 18:17 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys

2008-11-23 18:05 . 2008-11-23 18:05 <DIR> d-------- c:\program files\a-squared Free

2008-11-21 00:13 . 2008-11-21 00:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\MumboJumbo

2008-11-15 16:40 . 2008-11-15 16:40 <DIR> d-------- c:\documents and settings\ACER\Application Data\SecretIslandEng

2008-11-13 13:09 . 2008-11-13 13:09 <DIR> d-------- c:\program files\MSXML 4.0

2008-11-13 12:55 . 2008-09-04 18:17 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

2008-11-13 12:55 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-11-01 19:08 --------- d-----w c:\documents and settings\All Users\Application Data\PBGsavesDirectory

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-15 17:37 337,408 ------w c:\windows\system32\dllcache\netapi32.dll

2008-10-03 18:38 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-15 16:28 1,846,528 ----a-w c:\windows\system32\win32k.sys

2008-09-15 16:28 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys

2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-10 01:16 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll

2008-09-08 11:41 333,824 ------w c:\windows\system32\dllcache\srv.sys

2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-05-06 19:51 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat

2008-05-22 22:39 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008052220080523\index.dat

2008-05-22 22:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]

"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]

"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 147456]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]

"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]

"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]

"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Enable Labtec NumPad.lnk - c:\program files\Labtec NumPad\Magickey.exe [2007-12-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

--a------ 2006-02-07 06:10 98304 c:\program files\Lexmark 2400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

--a------ 2006-02-02 09:11 290816 c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

--a------ 2004-08-04 05:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]

--a------ 2006-01-22 18:45 286720 c:\program files\Lexmark 2400 Series\lxcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]

R1 Hotkey;Hotkey;c:\windows\system32\drivers\Hotkey.sys [2003-04-28 9867]

R1 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [2006-09-22 12106]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560]

R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [2006-09-22 7296]

R2 osanbm;osanbm;\??\c:\windows\system32\drivers\osanbm.sys [2006-09-22 4010]

R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2006-09-22 4392]

R3 POWERKEY;POWERKEY;\??\c:\program files\Launch Manager\POWERKEY.sys [2000-12-19 2343]

R3 USBNumPad;Numberpad USB Keyboard;c:\windows\system32\Drivers\USBNumPad.sys [2007-12-24 9600]

S1 mailKmd;mailKmd; []

S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys []

S3 ALSysIO;ALSysIO;\??\c:\docume~1\ACER\LOCALS~1\Temp\ALSysIO.sys []

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-23 356920]

S3 SI15CI;SI15CI;\??\c:\elements\1stboot\SI15CI.SYS []

.

Inhoud van de 'Gedeelde Taken' map

2008-12-04 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hln.be/

mStart Page = hxxp://www.msn.com

uInternet Connection Wizard,ShellNext = hxxp://www.aceradvantage.com/stdreg

c:\windows\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1}

hxxp://downloads.ewido.net/ewidoOnlineScan.cab

FireFox -: Profile - c:\documents and settings\ACER\Application Data\Mozilla\Firefox\Profiles\3kn7c2t0.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/

FF -: plugin - c:\progra~1\MOZILL~1\plugins\np_gp.dll

FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npadjdet.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-04 23:27:03

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(824)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

.

Voltooingstijd: 2008-12-04 23:27:38

ComboFix-quarantined-files.txt 2008-12-04 22:27:38

ComboFix2.txt 2008-12-04 20:31:38

Pre-Run: 14.339.964.928 bytes beschikbaar

Post-Run: 14,356,643,840 bytes beschikbaar

179 --- E O F --- 2008-11-13 12:12:48

Geplaatst:

Ik ben eens gaan kijken op de site van mozilla zelf en na een tijdje zoeken, heb ik het gevonden. Dit geven ze als oplossing voor het probleem:

"Check the connection settings: Tools > Options > Advanced : Network : Connection : Direct connection to the internet"

(Nederlands: Extra > Opties > Geavanceerd : Netwerk : Verbinding : Proxyinstellingen voor dit netwerk automatisch detecteren)

Ik heb dit dan maar geprobeerd en het werkte weer! Maar hoe komt dit? Ik heb aan deze instellingen nooit iets veranderd... Kan dit aan malware liggen?

Geplaatst:

Oeps, je item even uit het oog verloren, sorry :s

Malware is mogelijk, want dat was wel degelijk aanwezig op je PC, maar een zekerheid is dat niet. Blijft een beetje troebel. Maar het is hiermee opgelost ... en dat is het belangrijkste.

Wat je wel nog even moet uitvoeren is het volgende :

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Download Java Runtime Environment (JRE) 6u11 naar je Bureaublad

Sluit alle programma's die eventueel open zijn - Zeker je web browser!

  • Ga dan naar Start> Configuratiescherm> Softwareen verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderenof op de Wijzig/Verwijderknop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u11-windows-i586-p.s.exeop je Bureaublad om de nieuwste versie van Java te installeren.

That's it !

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.