[OPGELOST] MSN virus

Ik heb via msn een virus gekregen en ben zo dom geweest om het te openen. Het gaat om het "Uw foto's worden op deze site gepubliceerd" virus. Ik weet dat hier al een thread over bestaat, maar ik ben echt een leek als het op pc's aankomt en ik heb echt stap per stap begeleiding nodig

Ik heb alvast een log gemaakt:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:01:25, on 15/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Hille\LOCALS~1\Temp\services.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Hille\LOCALS~1\Temp\services.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.34/uploader2.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5247/mcfscan.cab

O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--

End of file - 13053 bytes

Verwijder Messenger volledig van je computer.

(Je weet wel hoe je je gewone er af gooit?)

Ook Windows Messenger moet eraf hiervoor doe je het volgende:

• Ga naar start
  
• Configuratiescherm
  
• Klik op Software
  
• Windows onderdelen wijzigen of verwijderen (linkerkolom)
  
• Scroll naar onder en haal het vinkje bij "Windows Messenger" weg
  
• Klik op volgende

Verwijder alle Messengers.

Download en bewaar SDFix op je bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

F2 - REGystem.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUM E~1\Hille\LOCALS~1\Temp\services.exe

O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Hille\LOCALS~1\Temp\services.exe

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik op SDFix.exe en kies voor Install om het tooltje uit te pakken in een eigen map op je bureaubad.

Herstart dan je pc in veilige modus.

In veilige modus, open de SDFix map op je bureaublad en dubbelklik op RunThis.bat om het tooltje te starten.

Typ Y om het clean proces te starten.

Het verwijdert alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.

Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces beëindigen en je de melding Finished tonen, druk dan op eender welke toets om het scriptje te beëindigen en je bureaublad zullen tevoorschijn komen.

Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam Report.txt.

Kopieer en plak nu de inhoud van dat rapportje hier met een nieuw log van HJT..

Ben je al een stap verder geraakt, Hille ... wil je ons dan eens laten weten of dit probleem opgelost is ?

Dit is mijn 'report'... wat doe ik nu?

Hartelijk dank!!!

SDFix: Version 1.167

Run by An Froyman on ma 14/04/2008 at 10:01

Microsoft Windows XP [versie 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Program Files\nvcoi\mst.stt - Deleted

C:\WINDOWS\mrofinu1423.exe - Deleted

C:\Documents and Settings\An Froyman\real.txt - Deleted

C:\DOCUME~1\ANFROY~1\LOCALS~1\Temp\services.exe - Deleted

C:\WINDOWS\system32\real.txt - Deleted

Folder C:\Program Files\nvcoi - Removed

Folder C:\Program Files\Temporary - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-14 10:09:48

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\DOCUME~1\\ANFROY~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\ANFROY~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"

@=""

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 7 Oct 2004 1,635 A..H. --- "C:\WINDOWS\dstgpox.exe.tmp"

Thu 8 Jul 2004 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"

Thu 8 Jul 2004 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"

Thu 8 Jul 2004 1,024 ...HR --- "C:\WINDOWS\system32\ntiembed.dll"

Wed 20 Dec 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Mon 22 May 2006 169 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti2.tmp"

Fri 4 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\243d2aaf5ff8e39b62f16b2a566918fb\BIT1C.tmp"

Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT1.tmp"

Wed 5 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2112b4f456fe6310ed58588b71b93f62\BIT2.tmp"

Fri 4 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d9afc485ff57441ce14a08241df89e8\BIT21.tmp"

Fri 4 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cd390f6b277d4f34e1d544e00fae1f3f\BIT22.tmp"

Fri 4 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT1F.tmp"

Fri 4 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT20.tmp"

Fri 4 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT1D.tmp"

Fri 4 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7452b08c68a034a087747e2105b89e38\BIT1E.tmp"

Thu 19 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"

Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\An Froyman\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

Hmmm ? Hille en Antje000, ben jij één en dezelfde persoon ? Anders wordt het wat onduidelijk ... Wie je ook bent, SDFix heeft alvast prima werk geleverd.

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

En maak een vers log van HiJackThis.

Hang beide logs (Combofix en HJT) aan een volgende bericht.

Ik ben niet 'Hilke'....

Ik ben eigenlijk een pc-leek dus zit hier in een moeilijke situatie:)

Ik wil Combofix downloaden, maar wat op mijn bureaublad verschijnt is niet zo goed te openen...... ('bijhorende programma opsporen via internet....' of 'uit lijst selecteren').

Wat bedoel je met 'maak een vers log van HiJackThis'? Ook een programma dat ik moet downloaden?

Na mijn 'run' van SDFix werkt mijn antivirusprogramma niet meer...... 'autoprotect' kan niet meer aangezet worden... ai ai ai ai!!!

Bedankt

Ik denk dat ik erin ben geslaagd een HJT logfile te maken

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:09:03, on 14/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Belkin muis\Wireless Mouse Driver\MOUSE32A.EXE

C:\WINDOWS\vsnpstd.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

D:\sony\SsAAD.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Common Files\Symantec Shared\NMain.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\Spyware Doctor\pctsGui.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin muis\Wireless Mouse Driver\MOUSE32A.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [ssAAD.exe] D:\sony\SsAAD.exe

O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\system32\Utility.exe \1008

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares lite] "D:\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Dream%20Day%20Honeymoon/Images/stg_drm.ocx

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129w.bay129.mail.live.com/mail/resources/MsnPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chocolatier/Images/armhelper.ocx

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--

End of file - 12026 bytes

En dat van Combofix:

ComboFix 08-04-13.3 - An Froyman 2008-04-14 10:57:20.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.150 [GMT 2:00]

Gestart vanuit: C:\Downloads\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\An Froyman\Local Settings\Temporary Internet Files\CPV.stt

C:\Program Files\CPV

C:\Program Files\CPV\CPV7.dll.lzma

C:\WINDOWS\b128.exe.bin

C:\WINDOWS\b138.exe.bin

C:\WINDOWS\b149.exe.bin

C:\WINDOWS\b154.exe.bin

C:\WINDOWS\system32\_000005_.tmp.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))

.

2008-04-14 09:59 . 2008-04-14 09:59 <DIR> d-------- C:\WINDOWS\ERUNT

2008-04-14 09:57 . 2008-04-14 09:57 244 --ah----- C:\sqmnoopt11.sqm

2008-04-14 09:57 . 2008-04-14 09:57 232 --ah----- C:\sqmdata09.sqm

2008-04-10 15:57 . 2008-04-10 15:57 244 --ah----- C:\sqmnoopt10.sqm

2008-04-10 15:57 . 2008-04-10 15:57 232 --ah----- C:\sqmdata08.sqm

2008-04-09 17:56 . 2008-04-09 17:56 <DIR> d-------- C:\Program Files\Prisma

2008-04-08 19:31 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-04-08 19:29 . 2008-04-08 19:29 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-04-08 16:54 . 2008-04-07 12:19 <DIR> d-------- C:\SDFix

2008-04-06 20:03 . 2008-04-06 20:03 9,296 --a------ C:\WINDOWS\system32\ehlgcs.exe

2008-04-06 20:03 . 2008-04-06 20:03 244 --ah----- C:\sqmnoopt09.sqm

2008-04-06 20:03 . 2008-04-06 20:03 232 --ah----- C:\sqmdata07.sqm

2008-04-06 14:07 . 2008-04-06 14:07 244 --ah----- C:\sqmnoopt08.sqm

2008-04-06 14:07 . 2008-04-06 14:07 232 --ah----- C:\sqmdata06.sqm

2008-04-05 22:37 . 2008-04-05 22:37 <DIR> d--hs---- C:\FOUND.004

2008-04-04 17:15 . 2008-04-04 17:15 244 --ah----- C:\sqmnoopt07.sqm

2008-04-04 17:15 . 2008-04-04 17:15 232 --ah----- C:\sqmdata05.sqm

2008-04-04 15:22 . 2008-04-04 15:22 244 --ah----- C:\sqmnoopt06.sqm

2008-04-04 15:22 . 2008-04-04 15:22 232 --ah----- C:\sqmdata04.sqm

2008-04-03 21:01 . 2008-04-03 21:01 <DIR> d--hs---- C:\FOUND.003

2008-04-03 15:04 . 2008-04-03 15:04 648 --a------ C:\bar.emf

2008-03-30 11:59 . 2008-03-30 12:00 <DIR> d-------- C:\Program Files\Microsoft Works

2008-03-30 11:55 . 2008-03-30 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-30 11:53 . 2008-03-30 11:53 <DIR> dr-h----- C:\MSOCache

2008-03-29 09:48 . 2008-03-29 09:48 <DIR> d-------- C:\Program Files\uTorrent

2008-03-29 09:47 . 2008-03-29 09:47 <DIR> d-------- C:\Documents and Settings\An Froyman\Application Data\uTorrent

2008-03-28 09:21 . 2008-03-28 09:21 9,296 --a------ C:\WINDOWS\system32\hacklg.exe

2008-03-28 09:21 . 2008-03-28 09:21 244 --ah----- C:\sqmnoopt05.sqm

2008-03-28 09:21 . 2008-03-28 09:21 232 --ah----- C:\sqmdata03.sqm

2008-03-27 10:23 . 2008-03-27 10:23 <DIR> d--hs---- C:\FOUND.002

2008-03-25 08:28 . 2008-03-25 08:28 <DIR> d--hs---- C:\FOUND.001

2008-03-24 15:38 . 2008-03-24 15:38 244 --ah----- C:\sqmnoopt04.sqm

2008-03-24 15:38 . 2008-03-24 15:38 232 --ah----- C:\sqmdata02.sqm

2008-03-23 17:29 . 2008-03-23 17:29 244 --ah----- C:\sqmnoopt03.sqm

2008-03-23 17:29 . 2008-03-23 17:29 232 --ah----- C:\sqmdata01.sqm

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:10 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-13 15:20 --------- d-----w C:\Documents and Settings\An Froyman\Application Data\cerasus.media

2008-03-04 20:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-03-03 12:08 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-03 12:08 --------- d-----w C:\Program Files\Windows Live

2008-03-03 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\SETE1.tmp

2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\SETAC.tmp

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\SET82.tmp

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\SET4F.tmp

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\SET395.tmp

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\SET22.tmp

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\SET15.tmp

2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-27 09:35 0 ----a-w C:\Program Files\temp01

2008-02-26 14:16 --------- d-----w C:\Program Files\Alawar

2008-02-25 12:26 --------- d-----w C:\Program Files\Farm Frenzy

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\SETB6.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\SETE.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\SETA5.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\SET7B.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\SET48.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\SET38E.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\SET1B.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2003-03-25 10:28 13,089,928 ----a-r C:\WINDOWS\system32\config\systemprofile\mpsetup.exe

2003-03-25 10:28 13,089,928 ----a-r C:\Documents and Settings\Default User\mpsetup.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"ares lite"="D:\Ares\Ares.exe" [ ]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 19:57 98304]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 19:57 532480]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52 40960]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]

"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-04-08 12:00 59392]

"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 12:00 455168]

"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 12:00 455168]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968]

"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-07-05 18:52 315392]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-30 16:58 71304]

"LWBMOUSE"="C:\Program Files\Belkin muis\Wireless Mouse Driver\MOUSE32A.EXE" [2001-11-09 08:47 356352]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-26 11:10 77824]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 17:39 40960]

"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]

"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]

"AdTools Service"="C:\Program Files\AdTools Service\AdTools.exe" [ ]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-24 13:44 100056]

"SsAAD.exe"="D:\sony\SsAAD.exe" [2006-01-07 02:36 81920]

"CloseDNF"="C:\WINDOWS\system32\Utility.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"<NO NAME>"=

R1 SMBHC;Stuurprogramma voor Microsoft SM Bus-hostcontroller;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 21:57]

R3 SMBBATT;Microsoft Smart Battery-stuurprogramma;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-03 23:07]

S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys []

S3 AtmElan;ATM geëmuleerde LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]

S3 AtmLane;ATM LAN-emulatie;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]

S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-06-24 07:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

.

Inhoud van de 'Gedeelde Taken' map

"2008-01-18 18:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:

"2008-04-09 15:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - An Froyman.job"

- C:\PROGRA~1\NORTON~1\NAVW32.EXEh/task:

"2008-04-10 13:40:14 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-14 10:59:02

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-14 10:59:22

ComboFix-quarantined-files.txt 2008-04-14 08:59:20

Pre-Run: 13,973,815,296 bytes beschikbaar

Post-Run: 13,960,069,120 bytes beschikbaar

.

2008-04-14 07:30:37 --- E O F ---

Ik denk dat ik erin ben geslaagd een HJT logfile te maken

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:09:03, on 14/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Belkin muis\Wireless Mouse Driver\MOUSE32A.EXE

C:\WINDOWS\vsnpstd.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

D:\sony\SsAAD.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Common Files\Symantec Shared\NMain.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\Spyware Doctor\pctsGui.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin muis\Wireless Mouse Driver\MOUSE32A.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [ssAAD.exe] D:\sony\SsAAD.exe

O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\system32\Utility.exe \1008

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares lite] "D:\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Dream%20Day%20Honeymoon/Images/stg_drm.ocx

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129w.bay129.mail.live.com/mail/resources/MsnPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chocolatier/Images/armhelper.ocx

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--

End of file - 12026 bytes

En dat van Combofix:

ComboFix 08-04-13.3 - An Froyman 2008-04-14 10:57:20.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.150 [GMT 2:00]

Gestart vanuit: C:\Downloads\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\An Froyman\Local Settings\Temporary Internet Files\CPV.stt

C:\Program Files\CPV

C:\Program Files\CPV\CPV7.dll.lzma

C:\WINDOWS\b128.exe.bin

C:\WINDOWS\b138.exe.bin

C:\WINDOWS\b149.exe.bin

C:\WINDOWS\b154.exe.bin

C:\WINDOWS\system32\_000005_.tmp.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))

.

2008-04-14 09:59 . 2008-04-14 09:59 <DIR> d-------- C:\WINDOWS\ERUNT

2008-04-14 09:57 . 2008-04-14 09:57 244 --ah----- C:\sqmnoopt11.sqm

2008-04-14 09:57 . 2008-04-14 09:57 232 --ah----- C:\sqmdata09.sqm

2008-04-10 15:57 . 2008-04-10 15:57 244 --ah----- C:\sqmnoopt10.sqm

2008-04-10 15:57 . 2008-04-10 15:57 232 --ah----- C:\sqmdata08.sqm

2008-04-09 17:56 . 2008-04-09 17:56 <DIR> d-------- C:\Program Files\Prisma

2008-04-08 19:31 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-04-08 19:29 . 2008-04-08 19:29 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-04-08 16:54 . 2008-04-07 12:19 <DIR> d-------- C:\SDFix

2008-04-06 20:03 . 2008-04-06 20:03 9,296 --a------ C:\WINDOWS\system32\ehlgcs.exe

2008-04-06 20:03 . 2008-04-06 20:03 244 --ah----- C:\sqmnoopt09.sqm

2008-04-06 20:03 . 2008-04-06 20:03 232 --ah----- C:\sqmdata07.sqm

2008-04-06 14:07 . 2008-04-06 14:07 244 --ah----- C:\sqmnoopt08.sqm

2008-04-06 14:07 . 2008-04-06 14:07 232 --ah----- C:\sqmdata06.sqm

2008-04-05 22:37 . 2008-04-05 22:37 <DIR> d--hs---- C:\FOUND.004

2008-04-04 17:15 . 2008-04-04 17:15 244 --ah----- C:\sqmnoopt07.sqm

2008-04-04 17:15 . 2008-04-04 17:15 232 --ah----- C:\sqmdata05.sqm

2008-04-04 15:22 . 2008-04-04 15:22 244 --ah----- C:\sqmnoopt06.sqm

2008-04-04 15:22 . 2008-04-04 15:22 232 --ah----- C:\sqmdata04.sqm

2008-04-03 21:01 . 2008-04-03 21:01 <DIR> d--hs---- C:\FOUND.003

2008-04-03 15:04 . 2008-04-03 15:04 648 --a------ C:\bar.emf

2008-03-30 11:59 . 2008-03-30 12:00 <DIR> d-------- C:\Program Files\Microsoft Works

2008-03-30 11:55 . 2008-03-30 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-30 11:53 . 2008-03-30 11:53 <DIR> dr-h----- C:\MSOCache

2008-03-29 09:48 . 2008-03-29 09:48 <DIR> d-------- C:\Program Files\uTorrent

2008-03-29 09:47 . 2008-03-29 09:47 <DIR> d-------- C:\Documents and Settings\An Froyman\Application Data\uTorrent

2008-03-28 09:21 . 2008-03-28 09:21 9,296 --a------ C:\WINDOWS\system32\hacklg.exe

2008-03-28 09:21 . 2008-03-28 09:21 244 --ah----- C:\sqmnoopt05.sqm

2008-03-28 09:21 . 2008-03-28 09:21 232 --ah----- C:\sqmdata03.sqm

2008-03-27 10:23 . 2008-03-27 10:23 <DIR> d--hs---- C:\FOUND.002

2008-03-25 08:28 . 2008-03-25 08:28 <DIR> d--hs---- C:\FOUND.001

2008-03-24 15:38 . 2008-03-24 15:38 244 --ah----- C:\sqmnoopt04.sqm

2008-03-24 15:38 . 2008-03-24 15:38 232 --ah----- C:\sqmdata02.sqm

2008-03-23 17:29 . 2008-03-23 17:29 244 --ah----- C:\sqmnoopt03.sqm

2008-03-23 17:29 . 2008-03-23 17:29 232 --ah----- C:\sqmdata01.sqm

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:10 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-13 15:20 --------- d-----w C:\Documents and Settings\An Froyman\Application Data\cerasus.media

2008-03-04 20:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-03-03 12:08 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-03 12:08 --------- d-----w C:\Program Files\Windows Live

2008-03-03 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\SETE1.tmp

2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\SETAC.tmp

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\SET82.tmp

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\SET4F.tmp

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\SET395.tmp

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\SET22.tmp

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\SET15.tmp

2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-27 09:35 0 ----a-w C:\Program Files\temp01

2008-02-26 14:16 --------- d-----w C:\Program Files\Alawar

2008-02-25 12:26 --------- d-----w C:\Program Files\Farm Frenzy

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\SETB6.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\SETE.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\SETA5.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\SET7B.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\SET48.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\SET38E.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\SET1B.tmp

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2003-03-25 10:28 13,089,928 ----a-r C:\WINDOWS\system32\config\systemprofile\mpsetup.exe

2003-03-25 10:28 13,089,928 ----a-r C:\Documents and Settings\Default User\mpsetup.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"ares lite"="D:\Ares\Ares.exe" [ ]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 19:57 98304]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 19:57 532480]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52 40960]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]

"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-04-08 12:00 59392]

"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 12:00 455168]

"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 12:00 455168]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968]

"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-07-05 18:52 315392]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-30 16:58 71304]

"LWBMOUSE"="C:\Program Files\Belkin muis\Wireless Mouse Driver\MOUSE32A.EXE" [2001-11-09 08:47 356352]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-26 11:10 77824]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 17:39 40960]

"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]

"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]

"AdTools Service"="C:\Program Files\AdTools Service\AdTools.exe" [ ]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-24 13:44 100056]

"SsAAD.exe"="D:\sony\SsAAD.exe" [2006-01-07 02:36 81920]

"CloseDNF"="C:\WINDOWS\system32\Utility.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"<NO NAME>"=

R1 SMBHC;Stuurprogramma voor Microsoft SM Bus-hostcontroller;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 21:57]

R3 SMBBATT;Microsoft Smart Battery-stuurprogramma;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-03 23:07]

S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys []

S3 AtmElan;ATM geëmuleerde LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]

S3 AtmLane;ATM LAN-emulatie;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]

S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-06-24 07:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

.

Inhoud van de 'Gedeelde Taken' map

"2008-01-18 18:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:

"2008-04-09 15:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - An Froyman.job"

- C:\PROGRA~1\NORTON~1\NAVW32.EXEh/task:

"2008-04-10 13:40:14 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-14 10:59:02

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-14 10:59:22

ComboFix-quarantined-files.txt 2008-04-14 08:59:20

Pre-Run: 13,973,815,296 bytes beschikbaar

Post-Run: 13,960,069,120 bytes beschikbaar

.

2008-04-14 07:30:37 --- E O F ---

Ik ben niet 'Hilke'....

Dan heb je wel je berichtje geplaatst in een topic van een andere poster ... en daar komen alleen maar onduidelijkheden uit voort. Je kan bij problemen beter een eigen onderwerp openen

Ik wil Combofix downloaden, maar wat op mijn bureaublad verschijnt is niet zo goed te openen

Als je Combofix download via de link die ik je heb gegeven, kan je dit programma opslaan op je bureaublad. Dan klik je dit aan om in werking te stellen ... een scherm opent zich en dit laat je gewoon zijn werk doen. Op het einde komt er het log Combofixt.txt, dat je in een volgende bericht hangt.

Wat bedoel je met 'maak een vers log van HiJackThis'? Ook een programma dat ik moet downloaden?

Inderdaad. Dit programma kan je HIER downloaden. En daar maak je dan een logje mee, dat je ook bij je volgende bericht doet.

Na mijn 'run' van SDFix werkt mijn antivirusprogramma niet meer...... 'autoprotect' kan niet meer aangezet worden... ai ai ai ai!!!

Tja, het is altijd gevaarlijk om meteen op eigen houtje programma's te gebruiken die ook in andere - bijna gelijkaardige - gevallen worden gebruikt, want al lijken de problemen op elkaar, ze zijn het niet altijd Op zich is er echter geen aanleiding om te vermoeden dat SDFix de oorzaak is van je problemen met je antivirus.

Maar je logjes kunnen (misschien) meer duidelijkheid brengen.