iveen.2ma

Onwijs bedankt, ben er heel blij mee!!

En wat denk je? Is het allemaal weer helemaal in orde? Ik krijg geen pop ups meer dus volgens mij wel... ComboFix 09-01-07.02 - Gebruiker 2009-01-08 11:28:05.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1790.1222 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt.txt * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\system32\62.tmp c:\windows\system32\bgvrdmfxojhaxxocl.exe c:\windows\system32\comres32.dll c:\windows\system32\cont_milehighads-remove.exe c:\windows\system32\D.tmp c:\windows\system32\E.tmp c:\windows\system32\qzhppienursis.dll-uninst.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Gebruiker\Application Data\02000000291a733f511C.manifest c:\documents and settings\Gebruiker\Application Data\02000000291a733f511O.manifest c:\documents and settings\Gebruiker\Application Data\02000000291a733f511P.manifest c:\documents and settings\Gebruiker\Application Data\02000000291a733f511S.manifest c:\windows\GnuHashes.ini c:\windows\system32\2.tmp c:\windows\system32\62.tmp c:\windows\system32\comres32.dll c:\windows\system32\cont_milehighads-remove.exe c:\windows\system32\GroupPolicy000.dat c:\windows\system32\GroupPolicyManifest c:\windows\system32\GroupPolicyManifest\1.music.mp3 c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd c:\windows\system32\GroupPolicyManifest\10.setup.zip c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd c:\windows\system32\GroupPolicyManifest\11.unpack.zip c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd c:\windows\system32\GroupPolicyManifest\12.limepro.zip c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd c:\windows\system32\GroupPolicyManifest\13.keygen.zip c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd c:\windows\system32\GroupPolicyManifest\2.crack.zip c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd c:\windows\system32\GroupPolicyManifest\9.remix.mp3 c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd c:\windows\system32\qzhppienursis.dll-uninst.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))) . 2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-07 10:03 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-07 10:03 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-18 11:27 . 2009-01-08 11:20 <DIR> dr-h----- c:\documents and settings\Gebruiker\Onlangs geopend 2008-12-18 11:24 . 2008-12-18 11:24 <DIR> d-------- c:\program files\CCleaner 2008-12-18 09:47 . 2008-12-18 09:47 <DIR> d-------- c:\program files\Enigma Software Group 2008-12-18 09:40 . 2008-12-18 09:40 <DIR> d-------- c:\program files\Trend Micro 2008-12-16 15:09 . 2008-12-16 15:41 <DIR> d-------- c:\program files\DivX 2008-12-16 15:03 . 2008-12-16 15:03 <DIR> d-------- c:\program files\Conduit 2008-12-16 09:46 . 2008-12-16 15:42 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\LimeWire 2008-12-16 09:43 . 2008-12-16 09:43 <DIR> d-------- c:\windows\Sun 2008-12-16 09:43 . 2008-12-16 09:42 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-16 09:43 . 2008-12-16 09:42 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-12-16 09:42 . 2008-12-16 09:42 <DIR> d-------- c:\program files\Java 2008-12-16 09:41 . 2008-12-16 09:41 <DIR> d-------- c:\program files\LimeWire 2008-12-12 15:33 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-08 10:32 --------- d-----w c:\program files\Symantec AntiVirus 2008-11-13 13:10 --------- d-----w c:\program files\InterActual 1822-06-21 10:12 4,263 --sh--w c:\windows\windllreg1c.sys . ------- Sigcheck ------- 2008-04-14 18:03 14336 e410ec73e2be2a41d923b006f51c8427 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\svchost.exe 2004-08-04 00:03 14336 ab8c6d89a897bacba4657fdf00e344a6 c:\windows\system32\svchost.exe 2004-08-04 00:03 14336 ab8c6d89a897bacba4657fdf00e344a6 c:\windows\system32\dllcache\svchost.exe 2008-04-14 18:02 82432 520391367546218929749612abfe840c c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\ws2_32.dll 2004-08-04 00:03 82944 06ebcbe58321e924980148b7e3dbd753 c:\windows\system32\ws2_32.dll 2004-08-04 00:03 82944 06ebcbe58321e924980148b7e3dbd753 c:\windows\system32\dllcache\ws2_32.dll 2008-04-14 18:03 510464 1247d4d5444e28519bbe31be8ab4c029 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\winlogon.exe 2004-08-04 00:03 504832 732ed791711df9c9dd15e5515bc681b8 c:\windows\system32\winlogon.exe 2004-08-04 00:03 504832 732ed791711df9c9dd15e5515bc681b8 c:\windows\system32\dllcache\winlogon.exe 2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\ndis.sys 2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys 2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys 2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\ip6fw.sys 2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys 2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys 2008-04-14 18:03 109056 b77bc5cd88eb96d4352af5202ec4aec2 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\services.exe 2004-08-04 00:03 108544 39991cd3c17b7529d039151a88e84499 c:\windows\system32\services.exe 2004-08-04 00:03 108544 39991cd3c17b7529d039151a88e84499 c:\windows\system32\dllcache\services.exe 2008-04-14 18:03 13312 8754210a3399d19610ce2d71e0c3e5d9 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\lsass.exe 2004-08-04 00:03 13312 34a82debefb057fcccbe15f619fc98a7 c:\windows\system32\lsass.exe 2004-08-04 00:03 13312 34a82debefb057fcccbe15f619fc98a7 c:\windows\system32\dllcache\lsass.exe 2008-04-14 18:02 15360 e98a8c802cdb31fcf4121d9dfbea3677 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\ctfmon.exe 2004-08-04 00:03 15360 7de46c9c40abb58c8fdfe0212a3bf2b4 c:\windows\system32\ctfmon.exe 2004-08-04 00:03 15360 7de46c9c40abb58c8fdfe0212a3bf2b4 c:\windows\system32\dllcache\ctfmon.exe 2008-04-14 18:03 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\userinit.exe 2004-08-04 00:03 24576 de7a0ee4a6a28e6dfe3118eb22468da6 c:\windows\system32\userinit.exe 2004-08-04 00:03 24576 de7a0ee4a6a28e6dfe3118eb22468da6 c:\windows\system32\dllcache\userinit.exe 2008-04-14 18:02 297472 e0aef86a594c9990d6321c5ca239c5b7 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\termsrv.dll 2004-08-04 00:03 297472 e2ce999886a4636026f157deb886aa94 c:\windows\system32\termsrv.dll 2004-08-04 00:03 297472 e2ce999886a4636026f157deb886aa94 c:\windows\system32\dllcache\termsrv.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-07_ 9.52.28,56 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-07 07:06:14 71,642 ----a-w c:\windows\system32\perfc009.dat + 2009-01-08 10:36:04 71,642 ----a-w c:\windows\system32\perfc009.dat - 2009-01-07 07:06:14 91,438 ----a-w c:\windows\system32\perfc013.dat + 2009-01-08 10:36:04 91,438 ----a-w c:\windows\system32\perfc013.dat - 2009-01-07 07:06:14 441,958 ----a-w c:\windows\system32\perfh009.dat + 2009-01-08 10:36:04 441,958 ----a-w c:\windows\system32\perfh009.dat - 2009-01-07 07:06:14 510,006 ----a-w c:\windows\system32\perfh013.dat + 2009-01-08 10:36:04 510,006 ----a-w c:\windows\system32\perfh013.dat + 2009-01-08 10:32:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_760.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-09 68856] "HyvesKwekker"="c:\program files\Hyves Kwekker\HyvesDesktop_2.exe" [2007-04-06 1588736] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 66680] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-19 761946] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "InterWrite Device Manager SysTray"="c:\program files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe" [2008-06-19 688128] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-09-06 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2008-03-27 09:00 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure] -ra------ 2006-08-14 03:51 352256 c:\windows\system32\JMRaidTool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-03-14 21:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp] -ra------ 2005-10-31 20:15 163840 c:\windows\system32\S3Trayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] -ra------ 2006-06-16 03:33 53248 c:\windows\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Interwrite Learning\\Interwrite Workspace\\_jvm_1.5\\bin\\java.exe"= R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-07-31 11264] S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2006-06-22 808448] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-10-06 173392] . . ------- Bijkomende Scan ------- . uStart Page = www.google.nl/ uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-08 11:41:47 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\Ati2evxx.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\windows\system32\ati2evxx.exe c:\program files\Interwrite Learning\Interwrite Workspace\IWDM.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Voltooingstijd: 2009-01-08 11:44:53 - machine werd herstart [Gebruiker] ComboFix-quarantined-files.txt 2009-01-08 10:44:50 ComboFix2.txt 2009-01-07 11:30:51 ComboFix3.txt 2009-01-07 08:53:15 Pre-Run: 146.243.100.672 bytes beschikbaar Post-Run: 146,241,785,856 bytes beschikbaar 219 --- E O F --- 2009-01-05 09:29:09 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:47:01, on 8-1-2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDM.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search: R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [interWrite Device Manager SysTray] "C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185884657406 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229417050739&h=fc4160dc1b1f5300a074cbb58e18fca0/&filename=jinstall-6u11-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 8032 bytes

Volgens mij is het voor een deel gelukt, (zie ik ook terug in die logfiles) Het enige wat nu nog gebeurt (op dit moment tenminste) is dat wanneer ik internet open, ik een "warning" krijg en vervolgens wordt er een virusscan gemaakt. Natuurlijk leidt dit weer tot het kopen/ downloaden van iets. Ik kan dit alles wegklikken, maar het zou mooi zijn als ook dit verholpen kan worden. Tot zover wel al bedankt, ik ben weer een stuk wijzer! Wat een gedoe... Hieronder vind je de logfiles. Groeten Ilse ComboFix 09-01-06.02 - Gebruiker 2009-01-07 9:50:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1790.1241 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Gebruiker\Application Data\02000000291a733f511C.manifest c:\documents and settings\Gebruiker\Application Data\02000000291a733f511O.manifest c:\documents and settings\Gebruiker\Application Data\02000000291a733f511P.manifest c:\documents and settings\Gebruiker\Application Data\02000000291a733f511S.manifest c:\documents and settings\Gebruiker\Application Data\ShoppingReport c:\documents and settings\Gebruiker\Application Data\ShoppingReport\cs\Config.xml c:\documents and settings\Gebruiker\Application Data\ShoppingReport\cs\db\Aliases.dbs c:\documents and settings\Gebruiker\Application Data\ShoppingReport\cs\db\Sites.dbs c:\documents and settings\Gebruiker\Application Data\ShoppingReport\cs\dwld\WhiteList.xip c:\documents and settings\Gebruiker\Application Data\ShoppingReport\cs\report\aggr_storage.xml c:\documents and settings\Gebruiker\Application Data\ShoppingReport\cs\report\send_storage.xml c:\documents and settings\Gebruiker\Application Data\ShoppingReport\cs\res1\WhiteList.dbs c:\documents and settings\Gebruiker\Menu Start\Antivirus 360 c:\documents and settings\Gebruiker\Menu Start\Antivirus 360\Antivirus 360.lnk c:\documents and settings\Gebruiker\Menu Start\Antivirus 360\Help.lnk c:\documents and settings\Gebruiker\Menu Start\Antivirus 360\Registration.lnk c:\windows\GnuHashes.ini c:\windows\system32\Desktop_.ini c:\windows\system32\evijejqnkqry.dll c:\windows\system32\GroupPolicy000.dat c:\windows\system32\GroupPolicyManifest c:\windows\system32\GroupPolicyManifest\1.music.mp3 c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd c:\windows\system32\GroupPolicyManifest\10.setup.zip c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd c:\windows\system32\GroupPolicyManifest\11.unpack.zip c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd c:\windows\system32\GroupPolicyManifest\12.limepro.zip c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd c:\windows\system32\GroupPolicyManifest\13.keygen.zip c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd c:\windows\system32\GroupPolicyManifest\2.crack.zip c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd c:\windows\system32\GroupPolicyManifest\9.remix.mp3 c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd c:\windows\system32\ieupdates.exe.tmp c:\windows\system32\qzhppienursis.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))) . 2009-01-06 08:44 . 2009-01-06 08:44 0 --a------ c:\windows\system32\E.tmp 2009-01-06 08:44 . 2009-01-06 08:44 0 --a------ c:\windows\system32\D.tmp 2008-12-18 11:27 . 2008-12-18 11:27 <DIR> dr-h----- c:\documents and settings\Gebruiker\Onlangs geopend 2008-12-18 11:24 . 2008-12-18 11:24 <DIR> d-------- c:\program files\CCleaner 2008-12-18 09:47 . 2008-12-18 09:47 <DIR> d-------- c:\program files\Enigma Software Group 2008-12-18 09:40 . 2008-12-18 09:40 <DIR> d-------- c:\program files\Trend Micro 2008-12-16 15:21 . 2008-12-16 15:21 68,513 --a------ c:\windows\system32\qzhppienursis.dll-uninst.exe 2008-12-16 15:21 . 2008-12-16 15:21 53,958 --a------ c:\windows\system32\cont_milehighads-remove.exe 2008-12-16 15:21 . 2008-12-16 15:21 47,575 --a------ c:\windows\system32\bgvrdmfxojhaxxocl.exe 2008-12-16 15:13 . 2008-12-16 15:13 373,760 --ahs---- c:\windows\system32\62.tmp 2008-12-16 15:13 . 2008-12-16 15:13 135,168 --a------ c:\windows\system32\comres32.dll 2008-12-16 15:09 . 2008-12-16 15:41 <DIR> d-------- c:\program files\DivX 2008-12-16 15:03 . 2008-12-16 15:03 <DIR> d-------- c:\program files\Conduit 2008-12-16 09:46 . 2008-12-16 15:42 <DIR> d-------- c:\documents and settings\Gebruiker\Application Data\LimeWire 2008-12-16 09:43 . 2008-12-16 09:43 <DIR> d-------- c:\windows\Sun 2008-12-16 09:43 . 2008-12-16 09:42 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-16 09:43 . 2008-12-16 09:42 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-12-16 09:42 . 2008-12-16 09:42 <DIR> d-------- c:\program files\Java 2008-12-16 09:41 . 2008-12-16 09:41 <DIR> d-------- c:\program files\LimeWire 2008-12-12 15:33 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-07 07:02 --------- d-----w c:\program files\Symantec AntiVirus 2008-12-01 15:25 678,400 ----a-w c:\windows\system32\nsd73.dll 2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-13 13:10 --------- d-----w c:\program files\InterActual 2008-10-23 13:02 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 1822-06-21 10:12 4,263 --sh--w c:\windows\windllreg1c.sys . ------- Sigcheck ------- 2008-04-14 18:03 14336 e410ec73e2be2a41d923b006f51c8427 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\svchost.exe 2004-08-04 00:03 14336 ab8c6d89a897bacba4657fdf00e344a6 c:\windows\system32\svchost.exe 2004-08-04 00:03 14336 ab8c6d89a897bacba4657fdf00e344a6 c:\windows\system32\dllcache\svchost.exe 2008-04-14 18:02 82432 520391367546218929749612abfe840c c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\ws2_32.dll 2004-08-04 00:03 82944 06ebcbe58321e924980148b7e3dbd753 c:\windows\system32\ws2_32.dll 2004-08-04 00:03 82944 06ebcbe58321e924980148b7e3dbd753 c:\windows\system32\dllcache\ws2_32.dll 2008-04-14 18:03 510464 1247d4d5444e28519bbe31be8ab4c029 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\winlogon.exe 2004-08-04 00:03 504832 732ed791711df9c9dd15e5515bc681b8 c:\windows\system32\winlogon.exe 2004-08-04 00:03 504832 732ed791711df9c9dd15e5515bc681b8 c:\windows\system32\dllcache\winlogon.exe 2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\ndis.sys 2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys 2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys 2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\ip6fw.sys 2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys 2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys 2008-04-14 18:03 109056 b77bc5cd88eb96d4352af5202ec4aec2 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\services.exe 2004-08-04 00:03 108544 39991cd3c17b7529d039151a88e84499 c:\windows\system32\services.exe 2004-08-04 00:03 108544 39991cd3c17b7529d039151a88e84499 c:\windows\system32\dllcache\services.exe 2008-04-14 18:03 13312 8754210a3399d19610ce2d71e0c3e5d9 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\lsass.exe 2004-08-04 00:03 13312 34a82debefb057fcccbe15f619fc98a7 c:\windows\system32\lsass.exe 2004-08-04 00:03 13312 34a82debefb057fcccbe15f619fc98a7 c:\windows\system32\dllcache\lsass.exe 2008-04-14 18:02 15360 e98a8c802cdb31fcf4121d9dfbea3677 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\ctfmon.exe 2004-08-04 00:03 15360 7de46c9c40abb58c8fdfe0212a3bf2b4 c:\windows\system32\ctfmon.exe 2004-08-04 00:03 15360 7de46c9c40abb58c8fdfe0212a3bf2b4 c:\windows\system32\dllcache\ctfmon.exe 2008-04-14 18:03 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\userinit.exe 2004-08-04 00:03 24576 de7a0ee4a6a28e6dfe3118eb22468da6 c:\windows\system32\userinit.exe 2004-08-04 00:03 24576 de7a0ee4a6a28e6dfe3118eb22468da6 c:\windows\system32\dllcache\userinit.exe 2008-04-14 18:02 297472 e0aef86a594c9990d6321c5ca239c5b7 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\termsrv.dll 2004-08-04 00:03 297472 e2ce999886a4636026f157deb886aa94 c:\windows\system32\termsrv.dll 2004-08-04 00:03 297472 e2ce999886a4636026f157deb886aa94 c:\windows\system32\dllcache\termsrv.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-09 68856] "HyvesKwekker"="c:\program files\Hyves Kwekker\HyvesDesktop_2.exe" [2007-04-06 1588736] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 66680] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-19 761946] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "InterWrite Device Manager SysTray"="c:\program files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe" [2008-06-19 688128] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-09-06 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\b439e295511] 2008-12-16 15:13 135168 c:\windows\system32\comres32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\comres32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2008-03-27 09:00 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure] -ra------ 2006-08-14 03:51 352256 c:\windows\system32\JMRaidTool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-03-14 21:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp] -ra------ 2005-10-31 20:15 163840 c:\windows\system32\S3Trayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] -ra------ 2006-06-16 03:33 53248 c:\windows\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-07-31 11264] S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2006-06-22 808448] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-10-06 173392] . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{C0D70ED8-D984-40C3-9666-8939CE76EA13} - (no file) HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe HKLM-RunOnce-<NO NAME> - (no file) . ------- Bijkomende Scan ------- . uStart Page = www.google.nl/ uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-07 09:52:02 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(632) c:\windows\System32\comres32.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(696) c:\windows\System32\comres32.dll . Voltooingstijd: 2009-01-07 9:53:14 ComboFix-quarantined-files.txt 2009-01-07 08:53:11 Pre-Run: 146.255.781.888 bytes beschikbaar Post-Run: 146,274,635,776 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 227 --- E O F --- 2009-01-05 09:29:09 Malwarebytes' Anti-Malware 1.32 Database versie: 1627 Windows 5.1.2600 Service Pack 2 7-1-2009 10:08:42 mbam-log-2009-01-07 (10-08-42).txt Scan type: Snelle Scan Objecten gescand: 51777 Verstreken tijd: 3 minute(s), 20 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 1 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 5 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bgvrdmfxojhaxxocl (Adware.Adrotator) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\WINDOWS\system32\bgvrdmfxojhaxxocl.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:17:02, on 7-1-2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDM.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search: R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [interWrite Device Manager SysTray] "C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185884657406 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229417050739&h=fc4160dc1b1f5300a074cbb58e18fca0/&filename=jinstall-6u11-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\comres32.dll O20 - Winlogon Notify: b439e295511 - C:\WINDOWS\System32\comres32.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 8483 bytes

Nee het lukt ook niet in de gewone modus. Het is geen bedrijfspc, maar van een basisschool. De IT jongens zijn van een extern bureau en komen alleen maar langs als het echt niet anders kan. (betaal je ook voor) Het wachtwoord zit er op zodat niet elke leerkracht zomaar wat op de pc kan verknallen. En het wachtwoord is alleen zichtbaar bij het opstarten in de veilige modus. Omdat het verwijderen alsnog ook niet in de gewone modus lukt, moet ik dan wel doorgaan met de volgende stappen (combofix downloaden etc) of heeft dat geen nut en kan ik beter kijken of ik het wachtwoord kan krijgen?

Ik kom niet verder dan je eerste advioes, want wanneer ik de pc opstart in de veilige modus dan doet ie dit, maar vervolgens krijg ik telkens de windows pop up: windows wordt nu opgestart in de veilige modus klik op ja als je in de veilige modus wilt werken. Nee als je met systeemherstel een vorige staus van de computer wilt herstellen. Ik druk dan natuurlijk op "ja" maar de pop up blijft verschijnen. Als ik de pop up wegsleep en probeer om via hijack die genoemde items te "fixen" dan lukt dit alsnog niet. Kan dit zijn omdat ik als gebruiker bepaalde rechten niet heb? In de veilige modus kon ik nl. als gebruiker en als administrator inloggen. Voor dat laatste heb ik een wachtwoord nodig (het is een pc van m'n werk) waar ik dan om moet gaan vragen als dit het geval is.

Hoi Ik heb geprobeerd om via Hijack alle zaken te verwijderen, maar zoals je in de onderstaande logfile ziet, lukt dit niet met alle punten, ik heb ze voor het gemak dik gedrukt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:39:02, on 6-1-2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search: R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [interWrite Device Manager SysTray] "C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185884657406 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229417050739&h=fc4160dc1b1f5300a074cbb58e18fca0/&filename=jinstall-6u11-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\comres32.dll O20 - Winlogon Notify: b439e295511 - C:\WINDOWS\System32\comres32.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 9004 bytes Hoe nu verder? En ook: O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe –boot kreeg ik na meerdere keren pas verwijderd maar niet in de Program files, dan geeft de pc aan dat het bestand rlls.dll beveiligd is of dat mogelijk de schijf vol is. Hoe kan ik dat probleem oplossen? Groetjes Ilse

Hallo Het zal voor jullie wel een beetje saai worden, mar ook ik heb problemen met het verwijderen van het anti virus programma A360. Ook bij mij verschijnt telkens het blauwe scherm, wordt mijn beeld 3 keer zo groot (picto's en lettertekengrootte) en krijg ik om de haverklap een melding. Ik heb mijn logfile (van Hijack this) bijgevoegd. Alvast bedankt voor de hulp! Groetjes Ilse Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:47:20, on 18-12-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\program files\relevantknowledge\rlvknlg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe C:\Program Files\A360\av360.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\WINDOWS\explorer.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search: R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Peer2Peer-NE Toolbar - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - C:\Program Files\Peer2Peer-NE\tbPeer.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O2 - BHO: milehighads browser enhancer - {5C50982A-C55E-812A-5315-2EE60D96C481} - C:\WINDOWS\system32\evijejqnkqry.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: milehighads - {779a89ec-e63f-cf00-1d11-530d3da014a2} - C:\WINDOWS\system32\nsd73.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: mysidesearch search enhancer - {AEA09661-4AC8-0027-6AB9-1435D3BE03F9} - C:\WINDOWS\system32\qzhppienursis.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Peer2Peer-NE Toolbar - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - C:\Program Files\Peer2Peer-NE\tbPeer.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Peer2Peer-NE Toolbar - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - C:\Program Files\Peer2Peer-NE\tbPeer.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [interWrite Device Manager SysTray] "C:\Program Files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [evrjqvpfixy] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\evijejqnkqry.dll" O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" O4 - HKCU\..\Run: [96354363544415797130869605711464] C:\Program Files\A360\av360.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185884657406 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229417050739&h=fc4160dc1b1f5300a074cbb58e18fca0/&filename=jinstall-6u11-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\System32\comres32.dll O20 - Winlogon Notify: b439e295511 - C:\WINDOWS\System32\comres32.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 10500 bytes