Sargon

Euh? Ik heb er zelf geen idee van wat dat is. Een vriend die in een computer winkel werkt heeft de dvd speler geïnstalleerd. Ik heb er dus zelf geen idee van of die als master/slave is aangesloten. Zal het eens navragen of kan ik dat hier ergens zien?

Sinds enkele weken heb ik iets vreemd met mijn pc. Het gebeurt ongeveer 1 keer per week dat hij ineens uitvalt. Meestal maakt mijn dvd speler/schrijver een vreemd geluid en valt de pc weg. Hij herstart maar loopt dan steeds vast. Als ik daarna bij "Deze computer" ga zien is het dvd station weg. Deze staat er meestal weer na de volgende opstart beurt. Wat kan ik hieraan doen? Dit is nog maar een recent nieuwe dvdspeler en werkt voor de rest wel goed. Kan hij fout aangesloten zijn? Kan ik dit zelf maken?

Eerst en vooral: BEDANKT Heb het eens opnieuw gedownload en nu ging het wel. Mss daarstraks iets fout gedaan. Het is nu allemaal gelukt zoals je zei. Dan had ik nog eens een klein vraagje. Die CCleaner is dat iets dat ik nog kan gebruiken om zo die tijdelijke internetbestanden enzo te verwijderen?(dezelfde stappen zoals daarnet) (Komt nu ook altijd erop als ik op mijn prullebak klik) of is dat toch meer iets voor de gevorderde gebruiker en best dus niet gebruiken zonder de raad van een professional? Kzal nog maar eens een HJT logske plaatsen voor de zekerheid ^^ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:39:53, on 29/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\CTHELPER.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "D:\Program Files\Bittorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Joey\Local Settings\Temp\{C467D1A1-F182-494F-ADB1-E716E9777E27}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ngjoey.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 9354 bytes

Ik vond in de lijst niets met Java Runtime Environment dus heb ik alles waar Java Update in voorkwam maar weg gedaan (waren ook de enige dingen die in de lijst stonden). Blijkbaar niet meteen mijn meest geniale idee aangezien ik nu die jre-6u6-windows-i586-p.exe (dat trouwens op mijn bureaublad 1209483963908-integrated.jnlp heet) niet meer kan installeren. Hij zegt me dat ik naar het bijhorende programma moet zoeken enzo. Doe ik dat? Trouwens tijdens het verwijderen van die Java Updates crashte mijn pc volledig en heeft het wel even geduurd voor die weer op stond.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt. Wanneer ik dit doe verwijderd die helemaal niet. Die begint gewoon te lopen en geeft me een logfile (zoals daarvoor)... Moet ik iets anders proberen, zal in ieder geval wachten met volgende stappen. In ieder geval al 1000 maal bedankt

Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccDULbA" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccDULbA" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. Kzal er maar meteen nen HJT bij doen ook Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:16:24, on 29/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\CTHELPER.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "D:\Program Files\Bittorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Joey\Local Settings\Temp\{C467D1A1-F182-494F-ADB1-E716E9777E27}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ngjoey.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 9839 bytes

Sinds mijn laatste stap heb ik geen pop-ups of meldingen meer gekregen. We zitten dus op de goede weg neem ik aan ^^ ComboFix: ComboFix 08-04-28.2 - Joey 2008-04-29 16:09:55.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.537 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Joey\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Joey\Bureaublad\CFScript.txt..txt * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Joey\Application Data\Viewpoint C:\Documents and Settings\Joey\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini C:\Documents and Settings\Joey\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini C:\Documents and Settings\Joey\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini C:\Documents and Settings\Joey\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini C:\SDFix C:\SDFix\apps\assosfix.reg C:\SDFix\apps\cliptext.exe C:\SDFix\apps\download.exe C:\SDFix\apps\dummy.sys C:\SDFix\apps\Enable_Command_Prompt.reg C:\SDFix\apps\ERDNT.E_E C:\SDFix\apps\ERDNTDOS.LOC C:\SDFix\apps\ERDNTWIN.LOC C:\SDFix\apps\ERUNT.EXE C:\SDFix\apps\ERUNT.LOC C:\SDFix\apps\fix.reg C:\SDFix\apps\FixBH.reg C:\SDFix\apps\FixComponents.reg C:\SDFix\apps\FIXCU.reg C:\SDFix\apps\FIXLM.reg C:\SDFix\apps\FixPath.exe C:\SDFix\apps\FixRedir.reg C:\SDFix\apps\FixSchedule.reg C:\SDFix\apps\FixWebCheck.reg C:\SDFix\apps\fixXP.reg C:\SDFix\apps\FixXPsp2.reg C:\SDFix\apps\grep.exe C:\SDFix\apps\HPFix.reg C:\SDFix\apps\HPFix2.reg C:\SDFix\apps\HPFix3.reg C:\SDFix\apps\HPFix4.reg C:\SDFix\apps\HPFix5.reg C:\SDFix\apps\HPFix6.reg C:\SDFix\apps\HPFix7.reg C:\SDFix\apps\isadmin.exe C:\SDFix\apps\leg2.txt C:\SDFix\apps\legacy.txt C:\SDFix\apps\legacybk.txt C:\SDFix\apps\locate.com C:\SDFix\apps\LS.exe C:\SDFix\apps\MD5File.exe C:\SDFix\apps\MyGcpvFix.reg C:\SDFix\apps\MyGkFix2.reg C:\SDFix\apps\Process.exe C:\SDFix\apps\procs.exe C:\SDFix\apps\psservice.exe C:\SDFix\apps\Rem.txt C:\SDFix\apps\Rem2.txt C:\SDFix\apps\Replace\regedit.exe C:\SDFix\apps\Replace\W2K.exe C:\SDFix\apps\Replace\w2k\beep.sys C:\SDFix\apps\Replace\w2k\null.sys C:\SDFix\apps\Replace\XP.exe C:\SDFix\apps\Replace\xp\beep.sys C:\SDFix\apps\Replace\xp\null.sys C:\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFix\apps\RestartIt!.exe C:\SDFix\apps\Restore_SecurityCenter.reg C:\SDFix\apps\Restore_SharedAccess.reg C:\SDFix\apps\sc.exe C:\SDFix\apps\sed.exe C:\SDFix\apps\SF.exe C:\SDFix\apps\shutdown.exe C:\SDFix\apps\srv2.txt C:\SDFix\apps\srv2bk.txt C:\SDFix\apps\svc.txt C:\SDFix\apps\svcbk.txt C:\SDFix\apps\swreg.exe C:\SDFix\apps\swsc.exe C:\SDFix\apps\unzip.exe C:\SDFix\apps\vfind.exe C:\SDFix\apps\WINMSG.EXE C:\SDFix\apps\winsec.reg C:\SDFix\apps\zip.exe C:\SDFix\backups\backupreg.zip C:\SDFix\backups\backups.zip C:\SDFix\backups\HOSTS C:\SDFix\catchme.exe C:\SDFix\dummy.sys C:\SDFix\Report.txt C:\SDFix\RunThis.bat C:\SDFix\SDFIX_ReadMe_Online.url . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))) . 2008-04-28 22:18 . 2008-04-28 22:18 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-28 20:01 . 2008-04-28 20:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-28 20:01 . 2008-04-28 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-27 19:18 . 2008-04-27 20:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-27 19:17 . 2008-04-27 19:17 <DIR> dr-h----- C:\Documents and Settings\LocalService\Onlangs geopend 2008-04-27 19:13 . 2008-04-27 19:13 <DIR> d--hs---- C:\Documents and Settings\LocalService\UserData 2008-04-27 14:29 . 2008-04-27 14:29 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-04-15 20:29 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll 2008-04-13 12:36 . 2008-04-13 12:36 <DIR> d-------- C:\Program Files\FM Modifier 2.2 2008-04-01 11:39 . 2008-04-01 11:39 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\VanDale 2008-04-01 11:37 . 2008-04-01 11:39 464 --a------ C:\WINDOWS\vdgwwin.ini 2008-04-01 11:36 . 2008-04-01 11:36 <DIR> d-------- C:\VanDale 2008-04-01 11:35 . 1997-05-29 16:25 315,904 --a------ C:\WINDOWS\IsUn0413.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-29 14:07 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-04-22 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2008-04-09 16:18 --------- d-----w C:\Documents and Settings\Joey\Application Data\U3 2008-03-30 11:18 --------- d-----w C:\Program Files\Java 2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-09 11:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-07 14:26 --------- d-----w C:\Program Files\Sony 2008-03-07 14:26 --------- d-----w C:\Program Files\Common Files\Sony Shared 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2001-09-07 10:00 94,784 --sh--w C:\WINDOWS\twain.dll 2004-08-04 08:03 50,688 --sh--w C:\WINDOWS\twain_32.dll 2004-08-04 08:03 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll 2004-08-04 08:03 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll 2004-08-04 08:03 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll 2004-08-04 08:03 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll 2007-12-04 18:42 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll 2004-08-04 08:03 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll 2004-08-04 08:03 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe . ((((((((((((((((((((((((((((( snapshot@2008-04-29_ 7.26.09.23 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-29 05:22:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-29 14:06:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "BitTorrent"="D:\Program Files\Bittorrent\bittorrent.exe" [2007-09-08 01:01 43008] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ] "Aim6"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2003-09-10 11:07 155648] "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE] "CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-03-17 06:34 124656] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 13:02 53408] "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 18:01 644696] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccDULbA] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "D:\\Program Files\\Bittorrent\\bittorrent.exe"= "D:\\Games\\Loki\\GameCenter\\GameCenter.exe"= "D:\\Games\\Loki\\Loki\\Loki.exe"= "D:\\Games\\Loki\\Loki\\Autorun\\AutoRun.exe"= "D:\\Games\\Sport Interactive\\fm.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 pe3agqwb;Loki Environment Driver (pe3agqwb);C:\WINDOWS\system32\drivers\pe3agqwb.sys [2007-07-04 18:07] R0 ps6agqwb;Loki Synchronization Driver (ps6agqwb);C:\WINDOWS\system32\drivers\ps6agqwb.sys [2007-07-04 18:06] R0 ps7agqwb;Loki Synchronization Driver (ps7agqwb);C:\WINDOWS\system32\drivers\ps7agqwb.sys [2007-09-27 18:40] R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 08:49] S2 AsusGIO;AsusGIO;C:\Program Files\ASUS\Ai Booster\AsusGIO.sys [] S2 pr2agqwb;Loki Drivers Auto Removal (pr2agqwb);C:\WINDOWS\system32\pr2agqwb.exe svc [] S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04c2418-c833-11dc-8486-0040f44b4fff}] \Shell\AutoRun\command - I:\LaunchU3.exe -a *Newly Created Service* - CATCHME . Inhoud van de 'Gedeelde Taken' map "2007-12-04 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" - C:\Program Files\RegistrySmart\RegistrySmart.ex - C:\Program Files\RegistrySmart . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-29 16:11:59 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-04-29 16:13:05 ComboFix-quarantined-files.txt 2008-04-29 14:12:51 ComboFix2.txt 2008-04-29 05:26:35 ComboFix3.txt 2007-09-10 15:46:02 Pre-Run: 19,234,066,432 bytes beschikbaar Post-Run: 19,236,376,576 bytes beschikbaar 213 --- E O F --- 2008-04-11 13:55:58 HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:14:04, on 29/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\CTHELPER.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "D:\Program Files\Bittorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Joey\Local Settings\Temp\{C467D1A1-F182-494F-ADB1-E716E9777E27}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ngjoey.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: fccDULbA - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 9797 bytes

ComboFix: ComboFix 08-04-28.2 - Joey 2008-04-29 7:15:00.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.507 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Joey\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\system32\chbsyhfo.ini C:\WINDOWS\system32\eskhgifr.ini C:\WINDOWS\system32\fccDULbA.dll C:\WINDOWS\system32\gfndltvi.dll C:\WINDOWS\system32\ivtldnfg.ini C:\WINDOWS\system32\jrahxbun.ini C:\WINDOWS\system32\kvdgaodr.ini C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\ofhysbhc.dll C:\WINDOWS\system32\ssqOFywu.dll C:\WINDOWS\system32\uwyFOqss.ini C:\WINDOWS\system32\uwyFOqss.ini2 C:\WINDOWS\system32\xxyvtqoO.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))) . 2008-04-28 22:18 . 2008-04-28 22:18 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-28 22:03 . 2008-04-28 22:38 <DIR> d-------- C:\SDFix 2008-04-28 20:01 . 2008-04-28 20:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-28 20:01 . 2008-04-28 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-27 19:18 . 2008-04-27 20:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-27 19:17 . 2008-04-27 19:17 <DIR> dr-h----- C:\Documents and Settings\LocalService\Onlangs geopend 2008-04-27 19:13 . 2008-04-27 19:13 <DIR> d--hs---- C:\Documents and Settings\LocalService\UserData 2008-04-27 14:29 . 2008-04-27 14:29 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-04-23 07:03 . 2008-04-23 07:03 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\Viewpoint 2008-04-15 20:29 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll 2008-04-13 12:36 . 2008-04-13 12:36 <DIR> d-------- C:\Program Files\FM Modifier 2.2 2008-04-01 11:39 . 2008-04-01 11:39 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\VanDale 2008-04-01 11:37 . 2008-04-01 11:39 464 --a------ C:\WINDOWS\vdgwwin.ini 2008-04-01 11:36 . 2008-04-01 11:36 <DIR> d-------- C:\VanDale 2008-04-01 11:35 . 1997-05-29 16:25 315,904 --a------ C:\WINDOWS\IsUn0413.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-29 05:21 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-04-22 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2008-04-09 16:18 --------- d-----w C:\Documents and Settings\Joey\Application Data\U3 2008-03-30 11:18 --------- d-----w C:\Program Files\Java 2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-09 11:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-07 14:26 --------- d-----w C:\Program Files\Sony 2008-03-07 14:26 --------- d-----w C:\Program Files\Common Files\Sony Shared 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2001-09-07 10:00 94,784 --sh--w C:\WINDOWS\twain.dll 2004-08-04 08:03 50,688 --sh--w C:\WINDOWS\twain_32.dll 2004-08-04 08:03 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll 2004-08-04 08:03 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll 2004-08-04 08:03 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll 2004-08-04 08:03 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll 2007-12-04 18:42 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll 2004-08-04 08:03 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll 2004-08-04 08:03 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "BitTorrent"="D:\Program Files\Bittorrent\bittorrent.exe" [2007-09-08 01:01 43008] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ] "Aim6"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2003-09-10 11:07 155648] "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE] "CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-03-17 06:34 124656] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 13:02 53408] "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 18:01 644696] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccDULbA] fccDULbA.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "D:\\Program Files\\Bittorrent\\bittorrent.exe"= "D:\\Games\\Loki\\GameCenter\\GameCenter.exe"= "D:\\Games\\Loki\\Loki\\Loki.exe"= "D:\\Games\\Loki\\Loki\\Autorun\\AutoRun.exe"= "D:\\Games\\Sport Interactive\\fm.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 pe3agqwb;Loki Environment Driver (pe3agqwb);C:\WINDOWS\system32\drivers\pe3agqwb.sys [2007-07-04 18:07] R0 ps6agqwb;Loki Synchronization Driver (ps6agqwb);C:\WINDOWS\system32\drivers\ps6agqwb.sys [2007-07-04 18:06] R0 ps7agqwb;Loki Synchronization Driver (ps7agqwb);C:\WINDOWS\system32\drivers\ps7agqwb.sys [2007-09-27 18:40] R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 08:49] S2 AsusGIO;AsusGIO;C:\Program Files\ASUS\Ai Booster\AsusGIO.sys [] S2 pr2agqwb;Loki Drivers Auto Removal (pr2agqwb);C:\WINDOWS\system32\pr2agqwb.exe svc [] S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04c2418-c833-11dc-8486-0040f44b4fff}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map "2007-12-04 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" - C:\Program Files\RegistrySmart\RegistrySmart.ex - C:\Program Files\RegistrySmart . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-29 07:23:14 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 343 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe . ************************************************************************** . Voltooingstijd: 2008-04-29 7:26:33 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-29 05:26:26 ComboFix2.txt 2007-09-10 15:46:02 Pre-Run: 19,241,832,448 bytes beschikbaar Post-Run: 19,256,172,544 bytes beschikbaar 157 --- E O F --- 2008-04-11 13:55:58 HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:29:19, on 29/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\CTHELPER.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Bittorrent\bittorrent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "D:\Program Files\Bittorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Joey\Local Settings\Temp\{C467D1A1-F182-494F-ADB1-E716E9777E27}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ngjoey.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: fccDULbA - fccDULbA.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) -- End of file - 10019 bytes

SDFix: SDFix: Version 1.176 Run by Joey on ma 28/04/2008 at 22:24 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\Resources\KbdService.dll - Deleted C:\LOG12.TMP - Deleted C:\LOG2.TMP - Deleted C:\LOG4.TMP - Deleted C:\LOG6A.TMP - Deleted C:\LOG82.TMP - Deleted C:\WINDOWS\olgdqarf.exe - Deleted C:\WINDOWS\system32\382077\382077.dll - Deleted Folder C:\WINDOWS\system32\382077 - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-28 22:35:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:73,68,b0,bc,fc,a6,7e,63,09,70,16,0e,2c,c9,58,67,f1,b9,a3,8f,f4,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:f5,0d,f9,b7,38,d8,19,ec,69,84,86,55,04,1d,12,d4,33,b1,47,a3,89,.. "a0"=hex:20,01,00,00,5a,94,5f,a1,83,e4,42,9f,2e,2e,78,d6,6a,db,20,a7,5c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:28,83,7c,32,b1,ff,65,cf,45,5e,19,cf,81,1a,2a,84,94,54,dc,8f,2c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:73,68,b0,bc,fc,a6,7e,63,09,70,16,0e,2c,c9,58,67,f1,b9,a3,8f,f4,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:f5,0d,f9,b7,38,d8,19,ec,69,84,86,55,04,1d,12,d4,33,b1,47,a3,89,.. "a0"=hex:20,01,00,00,5a,94,5f,a1,83,e4,42,9f,2e,2e,78,d6,6a,db,20,a7,5c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:28,83,7c,32,b1,ff,65,cf,45,5e,19,cf,81,1a,2a,84,94,54,dc,8f,2c,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000062 "TracesSuccessful"=dword:0000000a scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 343 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "D:\\Program Files\\Bittorrent\\bittorrent.exe"="D:\\Program Files\\Bittorrent\\bittorrent.exe:*:Enabled:BitTorrent" "D:\\Games\\Loki\\GameCenter\\GameCenter.exe"="D:\\Games\\Loki\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter" "D:\\Games\\Loki\\Loki\\Loki.exe"="D:\\Games\\Loki\\Loki\\Loki.exe:*:Enabled:Loki" "D:\\Games\\Loki\\Loki\\Autorun\\AutoRun.exe"="D:\\Games\\Loki\\Loki\\Autorun\\AutoRun.exe:*:Enabled:Loki - AutoRun" "D:\\Games\\Sport Interactive\\fm.exe"="D:\\Games\\Sport Interactive\\fm.exe:*:Enabled:Football Manager 2008" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Fri 7 Sep 2001 94,784 ..SH. --- "C:\WINDOWS\twain.dll" Wed 4 Aug 2004 50,688 ..SH. --- "C:\WINDOWS\twain_32.dll" Wed 4 Aug 2004 1,028,096 ..SH. --- "C:\WINDOWS\system32\mfc42.dll" Wed 4 Aug 2004 54,784 ..SH. --- "C:\WINDOWS\system32\msvcirt.dll" Wed 4 Aug 2004 413,696 ..SH. --- "C:\WINDOWS\system32\msvcp60.dll" Wed 4 Aug 2004 343,040 ..SH. --- "C:\WINDOWS\system32\msvcrt.dll" Tue 4 Dec 2007 550,912 ..SH. --- "C:\WINDOWS\system32\oleaut32.dll" Wed 4 Aug 2004 83,456 ..SH. --- "C:\WINDOWS\system32\olepro32.dll" Wed 4 Aug 2004 12,288 ..SH. --- "C:\WINDOWS\system32\regsvr32.exe" Tue 21 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 15 Feb 2007 308,832 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.0\uinstrsc.dll" Tue 31 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 23 Oct 2007 24,576 ...H. --- "C:\Documents and Settings\Joey\Mijn documenten\Files\~WRL2639.tmp" Sun 24 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\61c11e2fdf34fecc8cff9abbf8ac5613\BIT3.tmp" Sun 24 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT4.tmp" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Joey\Application Data\U3\temp\Launchpad Removal.exe" Thu 21 Feb 2008 147,456 ...H. --- "C:\Documents and Settings\Joey\Bureaublad\School\Werkvelden\~WRL3100.tmp" Finished! HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:41:16, on 28/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\CTHELPER.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Bittorrent\bittorrent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "D:\Program Files\Bittorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Joey\Local Settings\Temp\{C467D1A1-F182-494F-ADB1-E716E9777E27}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ngjoey.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) -- End of file - 9428 bytes Ik krijg in ieder geval nog steeds pop-up met reclame. Vooral over free e-cards ... toch al bedankt voor de hulp.

Ah stond in mijn taskmanager als een loped proces. Heb dit stop gezet en nu lukt het wel Hopelijk mocht ik dat doen ...

C:\Program Files\Viewpoint Kan vieuwpoint.ee niet verwijderen, de toegang is geweigerd. De map staat op alleen lezen. Heb dit uitgeschakeld maar elke keer staat het terug op alleen lezen. Diemap verwijderen gaat dus niet ... waarschijnlijk heb je wel iets waarmee ik dat wel kan doen ^^

Het staat er ondertussen al.

Zie hier overal HJT logs dus zal ik de mijne ook maar meteen geven. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:45:43, on 28/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\CTHELPER.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [d4f54361] rundll32.exe "C:\WINDOWS\system32\gfndltvi.dll",b O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "D:\Program Files\Bittorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Joey\Local Settings\Temp\{C467D1A1-F182-494F-ADB1-E716E9777E27}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ngjoey.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O21 - SSODL: KbdService - {2d966117-1886-43b3-ba15-75f9262e4286} - C:\WINDOWS\Resources\KbdService.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9844 bytes

Hoi Sinds enkele dagen heb ik volgens mijn symantec AntiVirus een Trojan.Packed.13, dit komt na het voorbeluisteren van muziek op een site. Muziek die ik wou kopen via discogs (doet niet echt ter zaken maar even wat randinformatie). Heb ondertussen al enkele scans gedaan (ook in safe mode) maar niets lijkt echt te helpen. Ook de ad-aware 2007 scans lijken niet echt doeltreffend te zijn. Het vervelende is dat ik constant van symantec antivirus de melding krijg en dat er ook op regematige basis reclame pop-ups krijg van virusscanners, online games, sms-sites etc. Ook internet explorer doet wat vreemd. Terwijl ik type vallen er constant letters weg ... Zo, iemand een idee wat ik hier aan kan doen? Moet ik een HijackThis file posten zodat er iemand een kijkje kan nemen? Alvast bedankt Mvg