sovereign

oeps, dat wist ik niet. Ik wil zeker niet in slechte papieren komen te staan op het forum want ik heb hier al enkele erg waardvolle tips gekregen. Sorry en bedankt

Hallo, ik heb gisteren via via Far Cry 2 gekregen. Na de installatie (die probleemloos verliep) en het zoeken van een geschikte crack wilde ik beginnen met spelen, maar hier ging het fout. Na het opstartscherm van Far Cry, krijg ik alleen maar een zwart scherm. Ik hoor het geluid bij het spel, ik hoor de effecten als ik met mijn de toetsen beweeg door het menu, maar ik krijg geen beeld. Ik heb dan geprobeed om de nieuwe DirectX af te halen en ook heb ik gekeken voor nieuwe drivers voor mijn videokaart. Omdat dat gisteren allemaal niet hielp, heb ik alles er afgezwierd en Far Cry opnieuw geïnstalleerd. Ik heb nu gewoon hetzelfde probleem van het zwarte scherm. Hopelijk kan iemand mij helpen, alvast bedankt Mijn pc is: Acer M3610 processor = Genuine Intel 2140 @ 1.60 GHz 2 GB ram videokaart is ATI Radeon Xpress 1250 (gisteren stond daar w el Xpress 1200).

hallo, ik heb die bestandjes wat ik handmatig moest verwijderen niet gevonden. Ik heb geprobeerd via de verkenner en via zoeken, maar ik vind ze niet. Ik heb alle andere stappen wel gevolgd. De pc gaat echt merkbaar beter. Ik ben blij dat de laptop terug in orde is en mijn vriendin is content dat het haar geen geld gekost heeft . Merci voor de tips en de instructies. Bedankt

hallo, ik dacht dat ik al bezig was aan de grote schoonmaak :s . Gaat het nog een werk van lange adem worden of valt alles nog wel mee. Ik heb de indruk dat pc al wat beter gaat, kan dan? Weer al eens bedankt ComboFix 08-03-29.1 - Maxime 2008-03-29 19:22:00.2 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.165 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Maxime\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Maxime\Bureaublad\CFScript.txt.txt * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: C:\FOUND.000 C:\FOUND.001 C:\FOUND.002 C:\FOUND.003 C:\Program Files\page.html C:\sqmdata00.sqm C:\sqmdata01.sqm C:\sqmdata02.sqm C:\sqmdata03.sqm C:\sqmdata04.sqm C:\sqmdata05.sqm C:\sqmnoopt00.sqm C:\sqmnoopt01.sqm C:\sqmnoopt02.sqm C:\sqmnoopt03.sqm C:\sqmnoopt04.sqm C:\sqmnoopt05.sqm C:\WINDOWS\system32\bdod.bin . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\page.html C:\sqmdata00.sqm C:\sqmdata01.sqm C:\sqmdata02.sqm C:\sqmdata03.sqm C:\sqmdata04.sqm C:\sqmdata05.sqm C:\sqmnoopt00.sqm C:\sqmnoopt01.sqm C:\sqmnoopt02.sqm C:\sqmnoopt03.sqm C:\sqmnoopt04.sqm C:\sqmnoopt05.sqm C:\WINDOWS\system32\bdod.bin . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))) . 2008-03-29 13:01 . 2008-03-29 13:01 <DIR> d-------- C:\WINDOWS\LastGood 2008-03-28 22:10 . 2008-03-28 22:10 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-28 22:09 . 2008-03-28 22:26 2,632 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP 2008-03-28 22:05 . 2008-03-28 22:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2008-03-28 22:04 . 2008-03-28 22:04 <DIR> d--hs---- C:\FOUND.003 2008-03-28 21:30 . 2008-03-28 21:30 <DIR> d-------- C:\SDFix 2008-03-28 20:28 . 2008-03-28 20:28 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-18 17:41 . 2008-03-18 17:42 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-15 10:39 . 2008-03-15 10:39 <DIR> d-------- C:\Program Files\Norton AntiVirus 2008-03-13 23:00 . 2008-03-13 23:00 <DIR> d--hs---- C:\FOUND.002 2008-03-08 12:12 . 2008-03-08 12:12 <DIR> d-------- C:\Program Files\Common Files\Softwin 2008-03-07 23:56 . 2008-03-07 23:56 <DIR> d--hs---- C:\FOUND.001 2008-03-07 13:04 . 2008-03-07 13:04 <DIR> d--hs---- C:\FOUND.000 2008-03-07 10:40 . 2008-03-07 10:40 <DIR> dr-h----- C:\$VAULT$.AVG 2008-03-07 08:25 . 2008-03-07 08:25 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\AVG7 2008-03-07 08:25 . 2008-03-07 08:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-07 08:24 . 2008-03-07 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-07 08:24 . 2008-03-07 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-07 00:37 . 2008-03-07 18:29 328 --a------ C:\WINDOWS\wininit.ini 2008-03-06 23:41 . 2008-03-06 23:41 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\Lavasoft 2008-03-06 23:38 . 2008-03-06 23:38 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-03-06 23:38 . 2008-03-06 23:38 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\PC Tools 2008-03-06 23:38 . 2008-03-06 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-06 23:38 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-06 23:38 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-06 23:38 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-03-06 23:38 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Program Files\Webroot 2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\Webroot 2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2008-03-06 23:37 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2008-03-06 23:37 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2008-03-06 23:37 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2008-03-06 23:37 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2008-03-06 23:37 . 2008-03-06 23:37 164 --a------ C:\install.dat 2008-03-06 23:36 . 2008-03-06 23:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-06 23:36 . 2008-03-06 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-06 23:35 . 2008-03-06 23:35 <DIR> d-------- C:\Program Files\Lavasoft 2008-03-05 22:56 . 2008-03-05 22:56 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-03-05 22:56 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-03-05 22:40 . 2008-03-05 22:40 <DIR> d-------- C:\Temp 2008-03-05 22:40 . 2008-03-05 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-11 17:34 --------- d-----w C:\Program Files\Picasa2 2007-09-27 17:07 39,056 ----a-w C:\Documents and Settings\Maxime\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-03-29_12.07.12.35 ))))))))))))))))))))))))))))))))))))))))) . + 2008-02-06 21:43:54 31,408 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\SymIM.sys + 2008-03-29 11:11:34 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_208.dat + 2008-03-29 11:13:06 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_f24.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl] "LaunchApp"="Alaunch" [] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 21:50 88204 C:\WINDOWS\AGRSMMSG.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-07-19 09:42 16248320 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-07-19 09:42 2879488 C:\WINDOWS\SkyTel.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 09:41 53248] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 06:13 766041] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-05-17 19:04 151552] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 20:18 208896] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 09:57 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 09:57 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 09:57 118784] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-12 15:48 438272] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-07-14 12:13 471040] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696] "Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 09:34 192512] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-07 08:26 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-07 08:24 219136] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17] R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10] S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-20 03:20] S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [] S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [] S3 WinPhlash;WinPhlash;F:\Bios Updates\SWinFlash\PHLASHNT.SYS [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a02ffc9-82c7-11dc-a366-001636914393}] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d5ac158-6f97-11dc-a341-001636914393}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map "2008-03-28 14:22:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-29 19:23:28 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-29 19:23:50 ComboFix-quarantined-files.txt 2008-03-29 18:23:48 ComboFix2.txt 2008-03-29 11:07:48 Pre-Run: 13,433,913,344 bytes beschikbaar Post-Run: 13,420,068,864 bytes beschikbaar . 2008-03-14 22:30:21 --- E O F ---

hallo, ik heb de vorige instructies opgevolgd. Ik heb die andere messenger van PC verwijderd en heb Combofix uitgevoerd. Bedankt ComboFix 08-03-27.3 - Maxime 2008-03-29 11:57:44.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.164 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\RFDHCAXR\ComboFix[1].exe * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mantec~1 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npf (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))) . 2008-03-28 22:10 . 2008-03-28 22:10 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-28 22:09 . 2008-03-28 22:26 2,632 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP 2008-03-28 22:05 . 2008-03-28 22:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2008-03-28 22:04 . 2008-03-28 22:04 <DIR> d--hs---- C:\FOUND.003 2008-03-28 21:30 . 2008-03-28 21:30 <DIR> d-------- C:\SDFix 2008-03-28 20:28 . 2008-03-28 20:28 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-25 22:57 . 2008-03-25 22:57 244 --ah----- C:\sqmnoopt05.sqm 2008-03-25 22:57 . 2008-03-25 22:57 232 --ah----- C:\sqmdata05.sqm 2008-03-19 22:20 . 2008-03-19 22:20 244 --ah----- C:\sqmnoopt04.sqm 2008-03-19 22:20 . 2008-03-19 22:20 232 --ah----- C:\sqmdata04.sqm 2008-03-18 17:41 . 2008-03-18 17:42 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-17 22:36 . 2008-03-17 22:36 244 --ah----- C:\sqmnoopt03.sqm 2008-03-17 22:36 . 2008-03-17 22:36 232 --ah----- C:\sqmdata03.sqm 2008-03-15 10:39 . 2008-03-15 10:39 <DIR> d-------- C:\Program Files\Windows Sidebar 2008-03-15 10:39 . 2008-03-15 10:39 <DIR> d-------- C:\Program Files\Norton AntiVirus 2008-03-15 10:39 . 2008-03-15 10:41 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-03-15 10:39 . 2008-03-15 10:41 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-03-15 10:39 . 2008-03-15 10:41 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-03-15 10:39 . 2008-03-15 10:41 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-03-15 10:38 . 2008-03-15 10:38 <DIR> d-------- C:\Program Files\Symantec 2008-03-14 23:29 . 2008-03-14 23:29 244 --ah----- C:\sqmnoopt02.sqm 2008-03-14 23:29 . 2008-03-14 23:29 232 --ah----- C:\sqmdata02.sqm 2008-03-13 23:00 . 2008-03-13 23:00 <DIR> d--hs---- C:\FOUND.002 2008-03-08 12:20 . 2008-03-28 23:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-03-08 12:12 . 2008-03-08 12:12 <DIR> d-------- C:\Program Files\Common Files\Softwin 2008-03-07 23:56 . 2008-03-07 23:56 <DIR> d--hs---- C:\FOUND.001 2008-03-07 13:04 . 2008-03-07 13:04 <DIR> d--hs---- C:\FOUND.000 2008-03-07 10:40 . 2008-03-07 10:40 <DIR> dr-h----- C:\$VAULT$.AVG 2008-03-07 08:25 . 2008-03-07 08:25 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\AVG7 2008-03-07 08:25 . 2008-03-07 08:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-07 08:24 . 2008-03-07 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-07 08:24 . 2008-03-07 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-07 01:12 . 2008-03-07 01:12 244 --ah----- C:\sqmnoopt01.sqm 2008-03-07 01:12 . 2008-03-07 01:12 232 --ah----- C:\sqmdata01.sqm 2008-03-07 00:37 . 2008-03-07 18:29 328 --a------ C:\WINDOWS\wininit.ini 2008-03-06 23:41 . 2008-03-06 23:41 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\Lavasoft 2008-03-06 23:38 . 2008-03-06 23:38 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-03-06 23:38 . 2008-03-06 23:38 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\PC Tools 2008-03-06 23:38 . 2008-03-06 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-06 23:38 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-06 23:38 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-06 23:38 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-03-06 23:38 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Program Files\Webroot 2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Documents and Settings\Maxime\Application Data\Webroot 2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2008-03-06 23:37 . 2008-03-06 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2008-03-06 23:37 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2008-03-06 23:37 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2008-03-06 23:37 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2008-03-06 23:37 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2008-03-06 23:37 . 2008-03-06 23:37 164 --a------ C:\install.dat 2008-03-06 23:36 . 2008-03-06 23:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-06 23:36 . 2008-03-06 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-06 23:35 . 2008-03-06 23:35 <DIR> d-------- C:\Program Files\Lavasoft 2008-03-05 23:02 . 2008-03-05 23:02 244 --ah----- C:\sqmnoopt00.sqm 2008-03-05 23:02 . 2008-03-05 23:02 232 --ah----- C:\sqmdata00.sqm 2008-03-05 22:56 . 2008-03-05 22:56 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-03-05 22:56 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-03-05 22:40 . 2008-03-05 22:40 <DIR> d-------- C:\Temp 2008-03-05 22:40 . 2008-03-05 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-02-11 17:34 --------- d-----w C:\Program Files\Picasa2 2008-02-06 21:43 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll 2008-02-06 21:43 31,408 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys 2008-02-06 21:43 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll 2008-02-06 21:43 13,021 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat 2008-02-05 19:34 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2008-02-05 19:34 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys 2008-02-05 19:34 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2008-02-05 19:34 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2008-02-05 19:34 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2008-02-05 19:34 188,464 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2008-02-05 19:34 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2008-02-05 19:34 1,612 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf 2008-02-04 20:27 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2008-02-04 20:27 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2008-02-04 20:27 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2008-02-01 22:55 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2008-02-01 01:51 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2008-02-01 01:51 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2008-02-01 01:51 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-27 17:07 39,056 ----a-w C:\Documents and Settings\Maxime\Application Data\GDIPFONTCACHEV1.DAT 2007-06-14 19:55 143 ----a-w C:\Program Files\page.html . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-03-15 10:43 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl] "LaunchApp"="Alaunch" [] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 21:50 88204 C:\WINDOWS\AGRSMMSG.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-07-19 09:42 16248320 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-07-19 09:42 2879488 C:\WINDOWS\SkyTel.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 09:41 53248] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 06:13 766041] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-05-17 19:04 151552] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 20:18 208896] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-13 09:57 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-13 09:57 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-13 09:57 118784] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-12 15:48 438272] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-07-14 12:13 471040] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696] "Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 09:34 192512] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-07 08:26 579072] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-26 02:47 51048] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 07:49 718704] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-07 08:24 219136] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [] R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 22:43] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32] S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-20 03:20] S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17] S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10] S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 22:43] S3 WinPhlash;WinPhlash;F:\Bios Updates\SWinFlash\PHLASHNT.SYS [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a02ffc9-82c7-11dc-a366-001636914393}] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d5ac158-6f97-11dc-a341-001636914393}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map "2008-03-28 14:22:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-24 20:51:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Maxime.job" - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-29 12:05:40 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe . ************************************************************************** . Voltooingstijd: 2008-03-29 12:07:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-29 11:07:42 Pre-Run: 13,119,881,216 bytes beschikbaar Post-Run: 13,048,889,344 bytes beschikbaar . 2008-03-14 22:30:21 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:16:47, on 29/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\AGRSMMSG.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\WINDOWS\System32\svchost.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\Maxime\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maximesleurs.spaces.live.com/PhotoUpload/MsnPUpld.cab O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 9655 bytes

ik heb gezien dat ik een messenger vergeten te verwijderen ben. Moet ik nu helemaal opnieuw beginnen?

hallo, alvast bedankt voor de snelle reactie. Ik heb de stappen proberen te volgen, maar er was een bestandje dat ik niet verwijderd kreeg via de verkenner. Ik heb alle andere stappen toch maar doorlopen. Hieronder is het SDFix report en een nieuwe log. Nogmaals bedankt SDFix: Version 1.163 Run by Maxime on vr 28/03/2008 at 22:13 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFix\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Program Files\NoDNS\UnInstall.exe - Deleted C:\Program Files\nvcoi\mst.stt - Deleted C:\WINDOWS\mrofinu1423.exe - Deleted C:\WINDOWS\mrofinu1423.exe.tmp - Deleted C:\DOCUME~1\Maxime\LOCALS~1\Temp\services.exe - Deleted C:\WINDOWS\system32\real.txt - Deleted Folder C:\Program Files\JavaCore - Removed Folder C:\Program Files\NoDNS - Removed Folder C:\Program Files\nvcoi - Removed Folder C:\Program Files\Temporary - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 22:21:26 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"="C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\DOCUME~1\\Maxime\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Maxime\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 9 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll" Wed 9 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll" Wed 9 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll" Wed 9 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll" Wed 9 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll" Mon 11 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe" Tue 11 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 30 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Sat 19 Jan 2008 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg" Sat 19 Jan 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg" Tue 11 Sep 2007 20 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\muziek\Back-up van licentie\drmv1lic.bak" Tue 11 Sep 2007 4,348 ...H. --- "C:\Documents and Settings\Maxime\Mijn documenten\muziek\Back-up van licentie\drmv1key.bak" Tue 11 Sep 2007 1,536 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\muziek\Back-up van licentie\drmv2lic.bak" Tue 11 Sep 2007 400 ...H. --- "C:\Documents and Settings\Maxime\Mijn documenten\muziek\Back-up van licentie\drmv2key.bak" Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Maxime\Application Data\U3\temp\Launchpad Removal.exe" Wed 18 Apr 2007 3,126,784 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL0917.tmp" Wed 18 Apr 2007 10,874,880 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL0920.tmp" Fri 13 Apr 2007 76,800 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL0967.tmp" Wed 18 Apr 2007 12,346,880 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL0970.tmp" Wed 18 Apr 2007 13,502,464 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL1766.tmp" Wed 18 Apr 2007 13,502,464 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL2662.tmp" Wed 18 Apr 2007 9,306,112 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\werkstukken\~WRL2738.tmp" Thu 17 May 2007 46,592 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\~WRL0423.tmp" Thu 17 May 2007 45,056 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\~WRL0633.tmp" Thu 17 May 2007 55,296 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\~WRL1044.tmp" Thu 17 May 2007 55,808 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\~WRL1397.tmp" Thu 17 May 2007 53,760 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\~WRL2542.tmp" Thu 17 May 2007 53,760 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\~WRL3249.tmp" Wed 16 May 2007 38,912 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL0063.tmp" Wed 16 May 2007 39,424 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL0687.tmp" Wed 16 May 2007 39,936 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL0761.tmp" Wed 16 May 2007 38,912 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL1287.tmp" Wed 16 May 2007 38,912 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL1526.tmp" Thu 17 May 2007 70,656 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL1539.tmp" Thu 17 May 2007 70,656 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL2199.tmp" Thu 17 May 2007 70,656 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL2909.tmp" Wed 16 May 2007 38,912 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL2963.tmp" Wed 16 May 2007 39,424 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL2983.tmp" Thu 17 May 2007 22,016 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL3220.tmp" Wed 16 May 2007 38,912 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL3387.tmp" Wed 16 May 2007 38,912 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL3702.tmp" Wed 16 May 2007 39,424 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL3775.tmp" Thu 17 May 2007 22,016 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL3952.tmp" Thu 17 May 2007 59,392 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\~WRL4052.tmp" Tue 22 May 2007 62,464 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\woensdag 13 juni\~WRL2534.tmp" Tue 22 May 2007 62,464 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\woensdag 13 juni\~WRL2949.tmp" Thu 17 May 2007 62,464 A..H. --- "C:\Documents and Settings\Maxime\Mijn documenten\school\1 BaKo d\stageweek\lesvoorbereidingen\woensdag 13 juni\~WRL3569.tmp" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:26:12, on 28/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\rundll32.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\DOCUME~1\Maxime\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maximesleurs.spaces.live.com/PhotoUpload/MsnPUpld.cab O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 10375 bytes

hallo, op de laptop van mijn vriendin heb ik hetzelfde probleem als enkele anderen hier op het forum. Ze kreeg ook de melding dat haar foto's gepubliceerd werden en heeft daar nietsvermoedend op geklikt. Haar pc gaat nu stukken trager en ze stuurt zelf het virus verder rond. Ik heb al een log gemaakt, welke stappen moet ik nu ondernemen. Alvast bedankt voor de hulp, log= Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:30:09, on 28/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\17PHolmes1423.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\rundll32.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\WINDOWS\System32\svchost.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\DOCUME~1\Maxime\LOCALS~1\Temp\RtkBtMnt.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\mrofinu1423.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\WINDOWS\17PHolmes1423.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Maxime\LOCALS~1\Temp\services.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {47649891-2355-73FA-0215-2800C9C9DF9E} - C:\WINDOWS\system32\eeejc.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Maxime\LOCALS~1\Temp\services.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Hepc] "C:\DOCUME~1\Maxime\MIJNDO~1\SEMBLY~1\taskmgr.exe" -vt yazb O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://maximesleurs.spaces.live.com/PhotoUpload/MsnPUpld.cab O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 11285 bytes