Naruto

hey ik denk dat ik het probleem gevonden heb; het was gewoon mijn baterrijoplader die niet meer tegoei werkt:biggrin: hehe toch bedankt in ieder geval tot de volgende

hey allemaal heb ook een probleem met men pc de laatste week detecteerde mijn avg virusbestrijder elke dag een virusbestandje en healde dat op hetzelfde moment. ik hechtte er niet veel belang aan tot gistere toen mijn pc(laptop) volledig ging flippen; scherm viel uit en ging terug aan, herhaaldelijk, hij ging vanzelf in stand by toestand (hij was aangesloten op netstroom dus een platte batterij is onmogelijk) om de 5 seconden.. dus ik kon er niks mee doen. was verbaasd dat hij gaat nu, dus ik post vlug een hijack this log en hoop dat jullie mij kunne helpen:pcguru: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:26:31, on 27-5-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\acer\epm\epm-dm.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 8121 bytes

yep heb geen probleme meer ondervonden bedankt voor de service heel vriendelijk

ah ok, tis al in orde yeah te cool zal het is uittesten

de inhoud van de ComboFix dus ComboFix 08-03-18.1 - el chileno 2008-03-19 16:19:22.8 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.575 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\el chileno\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\el chileno\Bureaublad\CFScript.txt.txt * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: C:\Documents and Settings\el chileno\necygj.exe C:\sqmdata04.sqm C:\sqmnoopt04.sqm C:\WINDOWS\DUMP6457.tmp . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\el chileno\necygj.exe C:\SDFix C:\SDFix\apps\assosfix.reg C:\SDFix\apps\cliptext.exe C:\SDFix\apps\download.exe C:\SDFix\apps\dummy.sys C:\SDFix\apps\Enable_Command_Prompt.reg C:\SDFix\apps\ERDNT.E_E C:\SDFix\apps\ERDNTDOS.LOC C:\SDFix\apps\ERDNTWIN.LOC C:\SDFix\apps\ERUNT.EXE C:\SDFix\apps\ERUNT.LOC C:\SDFix\apps\fix.reg C:\SDFix\apps\FixBH.reg C:\SDFix\apps\FixComponents.reg C:\SDFix\apps\FIXCU.reg C:\SDFix\apps\FIXLM.reg C:\SDFix\apps\FixPath.exe C:\SDFix\apps\FixRedir.reg C:\SDFix\apps\FixSchedule.reg C:\SDFix\apps\FixWebCheck.reg C:\SDFix\apps\fixXP.reg C:\SDFix\apps\FixXPsp2.reg C:\SDFix\apps\grep.exe C:\SDFix\apps\HPFix.reg C:\SDFix\apps\HPFix2.reg C:\SDFix\apps\HPFix3.reg C:\SDFix\apps\HPFix4.reg C:\SDFix\apps\HPFix5.reg C:\SDFix\apps\HPFix6.reg C:\SDFix\apps\HPFix7.reg C:\SDFix\apps\isadmin.exe C:\SDFix\apps\leg2.txt C:\SDFix\apps\legacy.txt C:\SDFix\apps\legacybk.txt C:\SDFix\apps\locate.com C:\SDFix\apps\LS.exe C:\SDFix\apps\MD5File.exe C:\SDFix\apps\MyGcpvFix.reg C:\SDFix\apps\MyGkFix2.reg C:\SDFix\apps\Process.exe C:\SDFix\apps\procs.exe C:\SDFix\apps\psservice.exe C:\SDFix\apps\Rem.txt C:\SDFix\apps\Rem2.txt C:\SDFix\apps\Replace\regedit.exe C:\SDFix\apps\Replace\W2K.exe C:\SDFix\apps\Replace\w2k\beep.sys C:\SDFix\apps\Replace\w2k\null.sys C:\SDFix\apps\Replace\XP.exe C:\SDFix\apps\Replace\xp\beep.sys C:\SDFix\apps\Replace\xp\null.sys C:\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFix\apps\RestartIt!.exe C:\SDFix\apps\Restore_SecurityCenter.reg C:\SDFix\apps\Restore_SharedAccess.reg C:\SDFix\apps\sc.exe C:\SDFix\apps\sed.exe C:\SDFix\apps\SF.exe C:\SDFix\apps\shutdown.exe C:\SDFix\apps\srv2.txt C:\SDFix\apps\srv2bk.txt C:\SDFix\apps\svc.txt C:\SDFix\apps\svcbk.txt C:\SDFix\apps\swreg.exe C:\SDFix\apps\swsc.exe C:\SDFix\apps\unzip.exe C:\SDFix\apps\vfind.exe C:\SDFix\apps\WINMSG.EXE C:\SDFix\apps\winsec.reg C:\SDFix\apps\zip.exe C:\SDFix\catchme.exe C:\SDFix\dummy.sys C:\SDFix\RunThis.bat C:\SDFix\SDFIX_ReadMe_Online.url C:\sqmdata04.sqm C:\sqmnoopt04.sqm C:\WINDOWS\DUMP6457.tmp . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))) . 2008-03-19 15:17 . 2008-03-19 15:17 <DIR> d--hs---- C:\FOUND.013 2008-03-19 14:51 . 2008-03-19 14:51 <DIR> d--hs---- C:\FOUND.012 2008-03-19 02:13 . 2008-03-19 02:13 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-17 17:56 . 2008-03-17 17:56 <DIR> d--hs---- C:\FOUND.011 2008-03-14 17:13 . 2008-03-14 17:13 <DIR> d-------- C:\My Downloads 2008-03-14 17:12 . 2008-03-14 17:12 <DIR> d-------- C:\Program Files\Get-Torrent 2008-03-12 16:25 . 2008-03-12 16:25 <DIR> d--hs---- C:\FOUND.010 2008-03-09 04:54 . 2008-03-09 04:54 <DIR> d-------- C:\Program Files\Veoh Networks 2008-03-06 18:35 . 2008-03-06 18:35 <DIR> d--hs---- C:\FOUND.009 2008-03-03 16:56 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-03 16:56 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-03 16:56 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-02 17:29 . 2008-03-02 17:29 <DIR> d-------- C:\Program Files\Windows Live 2008-03-02 17:29 . 2008-03-02 17:29 <DIR> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-02 17:29 . 2008-03-02 17:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a------ C:\WINDOWS\system32\Divxdec.ax 2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-02-08 01:00 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-02-04 18:58 --------- d-----w C:\Program Files\CUEcards 2000 2008-02-04 14:01 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-02-04 14:01 --------- d-----w C:\Documents and Settings\el chileno\Application Data\DAEMON Tools 2008-02-04 02:00 94,208 ----a-w C:\WINDOWS\ScUnin.exe 2008-02-04 01:40 --------- d-----w C:\Program Files\Starcraft 2008-01-26 00:42 --------- d-----w C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 15:44 68856] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 13:52 868352] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 21:42 3537968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-01 15:59 180269] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168] "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 11:43 319488] "LaunchApp"="Alaunch" [] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 19:36 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 19:32 126976] "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26 352256] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13 2880512] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04 188416] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 12:16 579072] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 21:05 344064] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "Flash Media"="" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 11:56 219136] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-01 15:44:11 126136] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Steam\\SteamApps\\darkninjah\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Messenger\\MSMSGS.EXE"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\System32\\mmc.exe"= "C:\\Program Files\\Steam\\Steam.exe"= "C:\\Program Files\\Codemasters\\RF Online;\\RF.exe"= "C:\\Program Files\\Starcraft\\StarCraft.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54] R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] S1 vdrv9000;vdrv9000;C:\WINDOWS\system32\DRIVERS\vdrv9000.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4359d95e-5949-11dc-9e35-0013ce8de525}] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 16:21:51 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-19 16:22:07 ComboFix-quarantined-files.txt 2008-03-19 15:22:06 ComboFix3.txt 2008-03-19 11:12:34 ComboFix2.txt 2008-03-19 14:33:36 . 2008-02-21 01:02:24 --- E O F ---

ok dus hier eerst de log van ComboFix en daarna van HijackThis ComboFix 08-03-18.1 - el chileno 2008-03-19 15:31:26.7 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.568 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\el chileno\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\el chileno\Bureaublad\CFScript.txt.txt * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: C:\WINDOWS\DUMP3b05.tmp C:\WINDOWS\system32\plifcad.exe C:\WINDOWS\system32\szpyuyv.exe C:\WINDOWS\system32\yssjnrh.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Find Browse New C:\E~1 C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\assosfix.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\cliptext.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\download.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\dummy.sys C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Enable_Command_Prompt.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\ERDNT.E_E C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\ERDNTDOS.LOC C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\ERDNTWIN.LOC C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\ERUNT.EXE C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\ERUNT.LOC C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\fix.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\FixBH.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\FixComponents.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\FIXCU.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\FIXLM.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\FixPath.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\FixRedir.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\FixSchedule.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\FixWebCheck.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\fixXP.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\FixXPsp2.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\grep.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\HPFix.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\HPFix2.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\HPFix3.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\HPFix4.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\HPFix5.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\HPFix6.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\HPFix7.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\isadmin.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\leg2.txt C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\legacy.txt C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\legacybk.txt C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\locate.com C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\LS.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\MD5File.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\MyGcpvFix.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\MyGkFix2.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Process.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\procs.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\psservice.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Rem.txt C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Rem2.txt C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Replace\regedit.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Replace\W2K.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Replace\w2k\beep.sys C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Replace\w2k\null.sys C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Replace\XP.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Replace\xp\beep.sys C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Replace\xp\null.sys C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Reset_AppInit_DLLs.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\RestartIt!.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Restore_SecurityCenter.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\Restore_SharedAccess.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\sc.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\sed.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\SF.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\shutdown.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\srv2.txt C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\srv2bk.txt C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\svc.txt C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\svcbk.txt C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\swreg.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\swsc.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\unzip.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\vfind.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\WINMSG.EXE C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\winsec.reg C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\apps\zip.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\catchme.exe C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\dummy.sys C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\RunThis.bat C:\E~1\ADMINI~1\LOCALS~1\Temp\ser vices.exe\SDFix\SDFIX_ReadMe_Online.url C:\WINDOWS\DUMP3b05.tmp C:\WINDOWS\system32\plifcad.exe C:\WINDOWS\system32\szpyuyv.exe C:\WINDOWS\system32\yssjnrh.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))) . 2008-03-19 15:17 . 2008-03-19 15:17 <DIR> d--hs---- C:\FOUND.013 2008-03-19 14:52 . 2008-03-19 14:52 9,296 --a------ C:\Documents and Settings\el chileno\necygj.exe 2008-03-19 14:51 . 2008-03-19 14:51 <DIR> d--hs---- C:\FOUND.012 2008-03-19 02:13 . 2008-03-19 02:13 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-19 01:23 . 2008-03-18 18:39 <DIR> d-------- C:\SDFix 2008-03-19 00:00 . 2008-03-19 00:00 244 --ah----- C:\sqmnoopt04.sqm 2008-03-19 00:00 . 2008-03-19 00:00 232 --ah----- C:\sqmdata04.sqm 2008-03-17 17:56 . 2008-03-17 17:56 <DIR> d--hs---- C:\FOUND.011 2008-03-14 17:13 . 2008-03-14 17:13 <DIR> d-------- C:\My Downloads 2008-03-14 17:12 . 2008-03-14 17:12 <DIR> d-------- C:\Program Files\Get-Torrent 2008-03-12 16:25 . 2008-03-12 16:25 <DIR> d--hs---- C:\FOUND.010 2008-03-09 04:54 . 2008-03-09 04:54 <DIR> d-------- C:\Program Files\Veoh Networks 2008-03-06 18:35 . 2008-03-06 18:35 <DIR> d--hs---- C:\FOUND.009 2008-03-03 16:56 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-03 16:56 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-03 16:56 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-02 17:29 . 2008-03-02 17:29 <DIR> d-------- C:\Program Files\Windows Live 2008-03-02 17:29 . 2008-03-02 17:29 <DIR> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-02 17:29 . 2008-03-02 17:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a------ C:\WINDOWS\system32\Divxdec.ax 2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 11:01 102,400 ----a-w C:\WINDOWS\DUMP6457.tmp 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-02-08 01:00 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-02-04 18:58 --------- d-----w C:\Program Files\CUEcards 2000 2008-02-04 14:01 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-02-04 14:01 --------- d-----w C:\Documents and Settings\el chileno\Application Data\DAEMON Tools 2008-02-04 02:00 94,208 ----a-w C:\WINDOWS\ScUnin.exe 2008-02-04 01:40 --------- d-----w C:\Program Files\Starcraft 2008-01-26 00:42 --------- d-----w C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 15:44 68856] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 13:52 868352] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 21:42 3537968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-01 15:59 180269] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168] "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 11:43 319488] "LaunchApp"="Alaunch" [] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 19:36 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 19:32 126976] "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26 352256] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13 2880512] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04 188416] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 12:16 579072] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 21:05 344064] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "Flash Media"="" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 11:56 219136] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-01 15:44:11 126136] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Steam\\SteamApps\\darkninjah\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Messenger\\MSMSGS.EXE"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\System32\\mmc.exe"= "C:\\Program Files\\Steam\\Steam.exe"= "C:\\Program Files\\Codemasters\\RF Online;\\RF.exe"= "C:\\Program Files\\Starcraft\\StarCraft.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54] R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] S1 vdrv9000;vdrv9000;C:\WINDOWS\system32\DRIVERS\vdrv9000.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4359d95e-5949-11dc-9e35-0013ce8de525}] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 15:33:17 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-19 15:33:34 ComboFix-quarantined-files.txt 2008-03-19 14:33:32 ComboFix2.txt 2008-03-19 11:12:34 . 2008-02-21 01:02:24 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:35:17, on 19-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\CTPdeSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 8102 bytes

ok hier zijn dan die 2 logs (hjt en combofire) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:15:38, on 19-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\acer\epm\epm-dm.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CTPdeSrv.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\explorer.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\plifcad.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 8835 bytes ComboFix 08-03-18.1 - el chileno 2008-03-19 11:57:14.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.513 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\el chileno\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF (((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))) . 2008-03-19 02:13 . 2008-03-19 02:13 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-19 01:29 . 2008-03-19 01:29 <DIR> d-------- C:\E~1 2008-03-19 01:23 . 2008-03-18 18:39 <DIR> d-------- C:\SDFix 2008-03-19 00:00 . 2008-03-19 00:00 244 --ah----- C:\sqmnoopt04.sqm 2008-03-19 00:00 . 2008-03-19 00:00 232 --ah----- C:\sqmdata04.sqm 2008-03-17 17:56 . 2008-03-17 17:56 <DIR> d--hs---- C:\FOUND.011 2008-03-16 15:37 . 2008-03-16 15:37 64,156 --a------ C:\WINDOWS\system32\szpyuyv.exe 2008-03-16 15:33 . 2008-03-16 15:33 64,156 --a------ C:\WINDOWS\system32\yssjnrh.exe 2008-03-16 15:32 . 2008-03-16 15:32 64,156 --a------ C:\WINDOWS\system32\plifcad.exe 2008-03-14 17:13 . 2008-03-14 17:13 <DIR> d-------- C:\My Downloads 2008-03-14 17:13 . 2008-03-14 17:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Find Browse New 2008-03-14 17:12 . 2008-03-14 17:12 <DIR> d-------- C:\Program Files\Get-Torrent 2008-03-12 16:25 . 2008-03-12 16:25 <DIR> d--hs---- C:\FOUND.010 2008-03-09 04:54 . 2008-03-09 04:54 <DIR> d-------- C:\Program Files\Veoh Networks 2008-03-06 18:35 . 2008-03-06 18:35 <DIR> d--hs---- C:\FOUND.009 2008-03-03 16:56 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-03 16:56 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-03 16:56 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-02 17:29 . 2008-03-02 17:29 <DIR> d-------- C:\Program Files\Windows Live 2008-03-02 17:29 . 2008-03-02 17:29 <DIR> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-02 17:29 . 2008-03-02 17:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a------ C:\WINDOWS\system32\Divxdec.ax 2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-02-08 01:00 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-02-04 18:58 --------- d-----w C:\Program Files\CUEcards 2000 2008-02-04 14:01 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-02-04 14:01 --------- d-----w C:\Documents and Settings\el chileno\Application Data\DAEMON Tools 2008-02-04 02:00 94,208 ----a-w C:\WINDOWS\ScUnin.exe 2008-02-04 01:40 --------- d-----w C:\Program Files\Starcraft 2008-01-26 00:42 --------- d-----w C:\Program Files\LimeWire 2007-12-24 20:05 94,208 ----a-w C:\WINDOWS\DUMP3b05.tmp . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 15:44 68856] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 13:52 868352] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 21:42 3537968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-01 15:59 180269] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168] "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 11:43 319488] "LaunchApp"="Alaunch" [] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 19:36 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 19:32 126976] "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26 352256] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13 2880512] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04 188416] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 12:16 579072] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 21:05 344064] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "Flash Media"="" [] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 11:56 219136] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-01 15:44:11 126136] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Steam\\SteamApps\\darkninjah\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Messenger\\MSMSGS.EXE"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\System32\\mmc.exe"= "C:\\Program Files\\Steam\\Steam.exe"= "C:\\Program Files\\Codemasters\\RF Online;\\RF.exe"= "C:\\Program Files\\Starcraft\\StarCraft.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\WINDOWS\\system32\\plifcad.exe"= R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54] R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] S1 vdrv9000;vdrv9000;C:\WINDOWS\system32\DRIVERS\vdrv9000.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4359d95e-5949-11dc-9e35-0013ce8de525}] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 12:02:33 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... ? [1568] scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NPF] "ImagePath"="system32\drivers\npf.sys" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\rundll32.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\WINDOWS\system32\CTPdeSrv.exe C:\WINDOWS\system32\imapi.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Spyware Doctor\swdsvc.exe . ************************************************************************** . Voltooingstijd: 2008-03-19 12:12:19 - machine was rebooted [el chileno] ComboFix-quarantined-files.txt 2008-03-19 11:12:02 . 2008-02-21 01:02:24 --- E O F ---

hey allemaal Ik heb mij dus ook laten vangen door die link van het msn virus. ik heb ondertussen hijack geinstalleerd enzo... dus als jullie mij kunnen helpen aub zou vriendelijk zijn Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:13:59, on 19-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\acer\epm\epm-dm.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\CTPdeSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\plifcad.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [browse new fork rule] C:\Documents and Settings\All Users\Application Data\Wait Find Browse New\support download.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\ELCHIL~1\APPLIC~1\ELSEPL~1\AXISNEW.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 8626 bytes dank bij voorbaat