Vraag & Antwoord

Beveiliging & privacy

niet te verwijderen trojaanse paarden

15 antwoorden
  • Hallo, Sinds dinsdag is mijn computer enorm traag, terwijl hij dat anders nooit is. Er komen ook enorm veel popups die ik normaal niet krijg. Ook heb ik een melding van windows beveiliging dat de automatische updates uitgeschakeld staan. Als ik hierop click kan ik deze weer aan zetten. Als ik dit probeer geeft hij aan dat dat niet lukt, maar via configuratiescherm> systeem> automatische updates. als ik dan naar systeem> automatische updates ga staat hij gewoon aan, terwijl ik continue die foutmelding zie. Me Norton 360 heb ik mijn hele computer gescand, maar hij vond niets. toen heb ik het via kaspersky online scanner gedaan. Deze vond 5 trojaanse paarden in mijn System 32 map. Deze kan ik via deze online scanner niet herstellen, handmatig verwijderen lukt ook niet. Hoe kan ik deze bestanden alsnog verwijderen, zodat mijn pc weer normaal werkt? Het gaat om de volgende bestanden: C:\WINDOWS\system32\urqRJYPj.dll C:\WINDOWS\system32\khfEVmnm.dll C:\WINDOWS\system32\qoMEDUkH.dll C:\WINDOWS\system32\rqRlcBqR.dll C:\WINDOWS\system32\urqRJYPj.dll Groetjes jaap.
  • Hardeschijf op een andere computer als externeschijf aansluiten. Dan kan je dat zo wissen. John
  • [quote:acb17b645d="osjohn"]Hardeschijf op een andere computer als externeschijf aansluiten. Dan kan je dat zo wissen.[/quote:acb17b645d] Dit is wel een erg optimistische suggestie voor een besmetting van die aard. Beter is het volgende uit te voeren : Download HiJackThis hier : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis Dubbelklik op HJTInstall.exe Hijackthis wordt nu op je PC geïnstalleerd, een snel koppeling wordt op je bureaublad geplaatst. Klik op "Do a systemscan and save a logfile". en hang dit logje aan je volgende bericht. NB. Ben je een gebruiker van Windows Vista dan moet je eerst rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".
  • Hieronder staat mijn logje. Volgens mij heeft het met mijn Nero te maken, maar ik neem aan als ik die verwijder, dat de trojans blijven. Ook als ik de processen van Nero uitzet bij het taakbeheer blijft het probleem namelijk, want het zit helemaal in me Windows volgens mij Groetjes Jaap Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:02:03, on 1-11-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Norton 360\MainStub.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton 360\MainStub.exe C:\Documents and Settings\Donker\Mijn documenten\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [809dc93f] rundll32.exe "C:\WINDOWS\system32\llmfjyim.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - AppInit_DLLs: fkbcxb.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccproxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 (nero backitup scheduler 4.0) - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 7135 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd: [b:62c58e948c]04 - HKLM\..\Run: [809dc93f] rundll32.exe "C:\WINDOWS\system32\llmfjyim.dll",b O20 - AppInit_DLLs: fkbcxb.dll[/b:62c58e948c] Klik op 'Fix checked' om de items te verwijderen. Download [b:62c58e948c]MBAM (Malwarebytes' Anti-Malware)[/b:62c58e948c] hier : http://www.besttechie.net/tools/mbam-setup.exe Dubbelklik op mbam-setup.exe om het programma te installeren. Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien". Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden. Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan. Het scannen kan een tijdje duren, dus wees geduldig. Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien. Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde. Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder) De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM. Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart. Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.
  • Hier staan de 2 bestanden. Wat mij wel opvalt, is dat er geen van die .dll bestanden zijn verwijderd die kaspersky vond. Alvast enorm bedankt voor het kijken. Met vriendelijke groet, Jaap Log 1: Malware Log Malwarebytes' Anti-Malware 1.30 Database versie: 1306 Windows 5.1.2600 Service Pack 3 2-11-2008 22:42:44 mbam-log-2008-11-02 (22-42-44).txt Scan type: Snelle Scan Objecten gescand: 47015 Verstreken tijd: 4 minute(s), 50 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 3 Registersleutels geïnfecteerd: 9 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 2 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 15 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\llmfjyim.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nnnmnlIC.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fkbcxb.dll (Trojan.Vundo.H) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dc9c25e-8a95-4c2e-b92a-c8bddda887be} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{8dc9c25e-8a95-4c2e-b92a-c8bddda887be} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af1db014-d63f-4a77-828f-aa2a21c3fada} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{af1db014-d63f-4a77-828f-aa2a21c3fada} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnmnlic -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnmnlic -> Delete on reboot. Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\WINDOWS\system32\nnnmnlIC.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\CIlnmnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\CIlnmnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fkbcxb.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jvumbimn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nmibmuvj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\llmfjyim.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\miyjfmll.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pcwbmucn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ncumbwcp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rfdmqdyg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gydqmdfr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svivcmix.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\26e08d97.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. Log 2: Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:57:28, on 2-11-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Donker\Mijn documenten\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [809dc93f] rundll32.exe "C:\WINDOWS\system32\qmxnrldl.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - AppInit_DLLs: daoclf.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccproxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 (nero backitup scheduler 4.0) - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 7308 bytes
  • Flink wat opgeruimd, maar we zijn er nog niet helemaal. Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd: [b:3c9f9aae5f]O4 - HKLM\..\Run: [809dc93f] rundll32.exe "C:\WINDOWS\system32\qmxnrldl.dll",b O20 - AppInit_DLLs: daoclf.dll[/b:3c9f9aae5f] Klik op 'Fix checked' om de items te verwijderen. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:3c9f9aae5f][color=blue:3c9f9aae5f]Combofix[/color:3c9f9aae5f][/b:3c9f9aae5f][/url] naar je Bureaublad. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:3c9f9aae5f]download Combofix opnieuw[/b:3c9f9aae5f]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:3c9f9aae5f] Dubbelklik op [b:3c9f9aae5f]Combofix.exe[/b:3c9f9aae5f] om het te starten. Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate. Volg de instructies, aanvaard de disclaimer door op [b:3c9f9aae5f]Ja[/b:3c9f9aae5f] te klikken. Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:3c9f9aae5f]JA[/b:3c9f9aae5f] te klikken in het "Query - Recovery Console" venster. Klik op [b:3c9f9aae5f]OK[/b:3c9f9aae5f] en [b:3c9f9aae5f]Ja[/b:3c9f9aae5f] om automatisch de Recovery Console te laten installeren. Klik na afloop terug op [b:3c9f9aae5f]Ja[/b:3c9f9aae5f] om het scannen op malware te starten. Tijdens het runnen van de fix, [b:3c9f9aae5f]NIET[/b:3c9f9aae5f] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:3c9f9aae5f] Wanneer de fix voltooid is en na herstart, zal de log [b:3c9f9aae5f]Combofix.txt[/b:3c9f9aae5f] openen. Post dit log in je volgende bericht, samen met een nieuw log van HJT.[/b]
  • Zo ik heb het uitgevoerd. Mijn computer wordt al iets beter, maar het opstarten duurt nu enorm lang. Ik zie al vrij snel mijn achtergrond, maar voordat ik mijn werkbalk en iconen zie duurt het 5 minuten ongeveer. Ook zie ik dat O20 - AppInit_DLLs: daoclf.dll Na de combofix scan weer in me Hijackthislog staat, terwijl ik hem voor de combofix verwijdert heb. Met vriendelijke groet, Jaap ComboFix 08-11-02.05 - Donker 2008-11-03 22:04:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.642 [GMT 1:00] Gestart vanuit: H:\ComboFix.exe * Nieuw herstelpunt werd aangemaakt [color=RED:7f0fcc3d16][b:7f0fcc3d16]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:7f0fcc3d16][/color:7f0fcc3d16] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ahiqvc.dll c:\windows\system32\bjnhoblt.dll c:\windows\system32\CKnXEfhk.ini c:\windows\system32\CKnXEfhk.ini2 c:\windows\system32\cxwkevcd.dll c:\windows\system32\daoclf.dll c:\windows\system32\dgjwtw.dll c:\windows\system32\dgxzcj.dll c:\windows\system32\dhubrohv.ini c:\windows\system32\ecutkmlo.dll c:\windows\system32\ggxwxovh.ini c:\windows\system32\hewutjvx.dll c:\windows\system32\jgwjkoqb.dll c:\windows\system32\khfEVmnm.dll c:\windows\system32\khfEXnKC.dll c:\windows\system32\ldlrnxmq.ini c:\windows\system32\mgdpxyvn.ini c:\windows\system32\moxhhont.dll c:\windows\system32\msssc.dll c:\windows\system32\mumzqb.dll c:\windows\system32\olhxce.dll c:\windows\system32\qmxnrldl.dll c:\windows\system32\qoMeDUkH.dll c:\windows\system32\sgxqstrc.dll c:\windows\system32\toesdm.dll c:\windows\system32\urqRJYPJ.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-03 to 2008-11-03 )))))))))))))))))))))))))))))) . 2008-11-03 20:51 . 2008-11-03 20:51 244 --ah----- C:\sqmnoopt05.sqm 2008-11-03 20:51 . 2008-11-03 20:51 232 --ah----- C:\sqmdata05.sqm 2008-11-03 20:28 . 2008-11-03 20:28 244 --ah----- C:\sqmnoopt04.sqm 2008-11-03 20:28 . 2008-11-03 20:28 232 --ah----- C:\sqmdata04.sqm 2008-11-02 22:36 . 2008-11-02 22:36 <DIR> d-------- c:\documents and settings\Donker\Application Data\Malwarebytes 2008-11-02 22:35 . 2008-11-02 22:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-02 22:35 . 2008-11-02 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-02 22:35 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-02 22:35 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-10-29 14:25 . 2008-11-03 08:07 <DIR> dr-h----- c:\documents and settings\Donker\Onlangs geopend 2008-10-28 13:23 . 2008-10-28 14:16 87 --a------ c:\windows\NeroDigital.ini 2008-10-28 10:55 . 2008-10-28 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\UDL 2008-10-28 10:52 . 2008-10-28 10:57 <DIR> d-------- c:\program files\epson 2008-10-28 10:52 . 2005-02-25 00:00 46,080 --a------ c:\windows\system32\escimgd.dll 2008-10-28 10:52 . 2005-02-25 00:00 29,696 --a------ c:\windows\system32\escwiad.dll 2008-10-28 10:52 . 2005-02-25 00:00 22,016 --a------ c:\windows\system32\esccmd.dll 2008-10-28 10:51 . 2008-10-28 10:51 25 --a------ c:\windows\CDE DX3800EFGIPSD.ini 2008-10-28 10:43 . 2008-10-28 10:44 <DIR> d-------- c:\documents and settings\Donker\Application Data\Nero 2008-10-28 09:31 . 2008-10-28 09:31 4,767 --a------ c:\windows\Irremote.ini 2008-10-28 09:24 . 2008-10-28 09:24 <DIR> d-------- c:\program files\Windows Sidebar 2008-10-28 08:48 . 2008-10-28 09:28 <DIR> d-------- c:\program files\Nero 2008-10-28 08:46 . 2008-10-28 14:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero 2008-10-28 08:16 . 1999-05-07 00:00 140,288 --a------ c:\windows\system32\Comdlg32.ocx 2008-10-28 08:16 . 2007-06-04 16:10 132,880 --a------ c:\windows\system32\MSINET.OCX 2008-10-28 08:16 . 2005-06-06 13:31 108,336 --a------ c:\windows\system32\Mswinsck.OCX 2008-10-27 15:57 . 2008-10-27 15:57 <DIR> d-------- c:\program files\MSECache 2008-10-24 07:29 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-22 18:09 . 2008-10-22 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2008-10-21 15:11 . 2001-08-17 20:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS 2008-10-21 15:11 . 2001-08-17 20:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys 2008-10-19 09:38 . 2008-10-19 09:38 244 --ah----- C:\sqmnoopt03.sqm 2008-10-19 09:38 . 2008-10-19 09:38 232 --ah----- C:\sqmdata03.sqm 2008-10-18 19:05 . 2008-10-18 19:05 <DIR> d-------- c:\program files\CCleaner 2008-10-18 17:14 . 2008-10-18 17:14 244 --ah----- C:\sqmnoopt02.sqm 2008-10-18 17:14 . 2008-10-18 17:14 244 --ah----- C:\sqmnoopt01.sqm 2008-10-18 17:14 . 2008-10-18 17:14 232 --ah----- C:\sqmdata02.sqm 2008-10-18 17:14 . 2008-10-18 17:14 232 --ah----- C:\sqmdata01.sqm 2008-10-18 09:49 . 2008-10-18 09:49 244 --ah----- C:\sqmnoopt00.sqm 2008-10-18 09:49 . 2008-10-18 09:49 232 --ah----- C:\sqmdata00.sqm 2008-10-17 08:32 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys 2008-10-17 08:32 . 2008-04-13 19:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys 2008-10-17 08:28 . 2008-10-17 08:28 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-10-17 08:28 . 2008-10-17 08:28 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-10-16 16:24 . 2008-10-16 16:24 <DIR> d-------- c:\program files\Google 2008-10-16 16:22 . 2008-10-18 18:11 <DIR> d-------- c:\windows\system32\Adobe 2008-10-16 12:24 . 2008-10-16 12:24 <DIR> d-------- c:\program files\MSXML 4.0 2008-10-15 18:12 . 2006-09-05 18:59 97,088 -ra------ c:\windows\system32\drivers\se58mdm.sys 2008-10-15 18:12 . 2006-09-05 18:57 90,800 -ra------ c:\windows\system32\drivers\se58unic.sys 2008-10-15 18:12 . 2006-09-05 19:00 88,624 -ra------ c:\windows\system32\drivers\se58mgmt.sys 2008-10-15 18:12 . 2006-09-05 19:00 86,432 -ra------ c:\windows\system32\drivers\se58obex.sys 2008-10-15 18:12 . 2006-09-05 18:57 18,704 -ra------ c:\windows\system32\drivers\se58nd5.sys 2008-10-15 18:12 . 2006-09-05 18:59 9,360 -ra------ c:\windows\system32\drivers\se58mdfl.sys 2008-10-15 18:12 . 2006-09-05 19:00 6,240 -ra------ c:\windows\system32\drivers\se58cmnt.sys 2008-10-15 18:12 . 2006-09-05 19:00 6,240 -ra------ c:\windows\system32\drivers\se58cm.sys 2008-10-15 18:12 . 2006-09-05 18:57 4,128 -ra------ c:\windows\system32\drivers\se58cr.sys 2008-10-15 18:10 . 2008-10-15 18:31 <DIR> d-------- c:\documents and settings\Donker\Application Data\Teleca 2008-10-15 18:09 . 2008-10-15 18:09 <DIR> d-------- c:\documents and settings\Donker\Application Data\Sony Ericsson 2008-10-15 18:01 . 2008-10-15 18:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson 2008-10-15 18:00 . 2008-10-21 15:46 <DIR> d-------- c:\program files\Sony Ericsson 2008-10-15 18:00 . 2008-10-15 18:01 <DIR> d-------- c:\program files\Common Files\Teleca Shared 2008-10-15 18:00 . 2008-10-15 18:01 <DIR> d-------- c:\program files\Common Files\Sony Ericsson Shared 2008-10-15 18:00 . 2008-10-15 18:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Teleca 2008-10-15 17:59 . 2008-10-15 17:59 <DIR> d-------- c:\windows\Downloaded Installations 2008-10-15 17:49 . 2006-09-05 18:58 61,536 -ra------ c:\windows\system32\drivers\se58bus.sys 2008-10-15 17:49 . 2006-09-05 18:58 5,872 -ra------ c:\windows\system32\drivers\se58whnt.sys 2008-10-15 17:49 . 2006-09-05 18:58 5,872 -ra------ c:\windows\system32\drivers\se58wh.sys 2008-10-15 17:45 . 2008-10-15 17:45 <DIR> d-------- c:\program files\Disc2Phone 2008-10-15 17:35 . 2008-10-15 17:37 <DIR> d-------- c:\windows\system32\URTTemp 2008-10-15 08:57 . 2004-11-25 04:07 79,679 --a------ c:\windows\system32\E_FLMACE.DLL 2008-10-15 08:57 . 2003-05-21 01:27 64,000 --a------ c:\windows\system32\E_FBCBACE.DLL 2008-10-15 08:57 . 2000-06-07 00:01 34,304 --a------ c:\windows\system32\E_FBCHACE.DLL 2008-10-15 08:54 . 2008-10-15 08:54 <DIR> d-------- C:\EPSON 2008-10-15 08:44 . 2008-10-16 12:42 <DIR> d-------- c:\program files\Common Files\EPSON 2008-10-15 08:44 . 2008-10-16 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\EPSON 2008-10-15 08:44 . 2006-12-08 01:04 76,800 --a------ c:\windows\system32\E_FLBDAE.DLL 2008-10-15 08:44 . 2006-04-19 01:00 62,976 --a------ c:\windows\system32\E_FD4BDAE.DLL 2008-10-15 08:44 . 2004-09-10 19:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL 2008-10-15 05:39 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-15 05:39 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-15 05:39 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-15 05:39 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-15 05:39 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-15 05:39 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-14 20:10 . 2008-10-14 20:10 151 --a------ c:\windows\PhotoSnapViewer.INI 2008-10-14 18:56 . 2008-10-15 05:59 <DIR> d-------- c:\program files\CyberLink 2008-10-14 18:53 . 2008-10-14 19:03 <DIR> d-------- c:\documents and settings\Donker\Application Data\Ahead 2008-10-14 18:47 . 2008-10-28 10:02 <DIR> d-------- c:\program files\Common Files\Nero 2008-10-14 18:46 . 2001-03-08 18:30 24,064 --------- c:\windows\system32\msxml3a.dll 2008-10-14 18:45 . 2008-10-16 12:23 <DIR> d-------- c:\program files\Common Files\Ahead 2008-10-14 18:45 . 2008-10-14 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead 2008-10-07 06:51 . 2008-10-07 06:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-06 09:46 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2008-10-06 09:46 . 2008-04-13 19:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2008-10-06 09:46 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-10-06 09:46 . 2008-04-13 19:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2008-10-05 21:31 . 2008-10-05 21:32 <DIR> d-------- c:\program files\Common Files\Adobe 2008-10-05 21:28 . 2008-10-06 07:52 <DIR> d-------- c:\program files\NOS 2008-10-05 21:28 . 2008-10-06 07:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-10-05 09:33 . 2008-07-18 21:07 270,880 --a------ c:\windows\system32\mucltui.dll 2008-10-05 09:33 . 2008-07-18 21:07 210,976 --a------ c:\windows\system32\muweb.dll 2008-10-05 09:33 . 2008-07-18 21:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui 2008-10-04 08:28 . 2008-10-20 13:36 <DIR> d-------- c:\documents and settings\Donker\Contacts 2008-10-04 08:26 . 2008-10-15 18:07 <DIR> d----c--- c:\windows\system32\DRVSTORE 2008-10-04 08:23 . 2008-10-04 08:25 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller 2008-10-04 08:22 . 2008-10-04 08:26 <DIR> d-------- c:\program files\Windows Live 2008-10-04 08:22 . 2008-10-04 08:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2008-10-03 14:09 . 2008-10-03 14:09 <DIR> d-------- c:\windows\Sun . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-01 10:04 --------- d-----w c:\program files\Norton 360 2008-10-31 18:36 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-10-31 18:34 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-10-31 14:24 --------- d-----w c:\documents and settings\Donker\Application Data\FrostWire 2008-10-28 10:03 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-28 10:02 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-02 15:07 --------- d-----w c:\program files\Windows Media Connect 2 2008-10-02 12:07 --------- d-----w c:\program files\BitComet 2008-10-02 11:59 --------- d-----w c:\program files\FrostWire 2008-10-02 10:04 --------- d-----w c:\program files\Java 2008-10-02 10:01 --------- d-----w c:\program files\Common Files\Java 2008-10-02 08:07 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2008-10-02 08:07 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2008-10-02 08:07 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2008-10-02 08:07 --------- d-----w c:\program files\Symantec 2008-10-02 07:54 --------- d-----w c:\documents and settings\Donker\Application Data\Symantec 2008-10-02 07:23 --------- d-----w c:\program files\DAEMON Tools Lite 2008-10-02 07:20 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-02 07:20 --------- d-----w c:\documents and settings\Donker\Application Data\DAEMON Tools 2008-10-02 06:43 --------- d-----w c:\program files\Microsoft.NET 2008-10-01 19:45 --------- d-----w c:\program files\Intel 2008-10-01 18:46 --------- d-----w c:\program files\Analog Devices 2008-10-01 18:39 --------- d-----w c:\program files\microsoft frontpage 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-24 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 116328] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=daoclf.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10224:TCP"= 10224:TCP:BitComet 10224 TCP "10224:UDP"= 10224:UDP:BitComet 10224 UDP "11354:TCP"= 11354:TCP:BitComet 11354 TCP "11354:UDP"= 11354:UDP:BitComet 11354 UDP R1 eeCtrl;Symantec Eraser Control driver;c:\program files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-17 371248] R1 SRTSPX;SRTSPX;c:\windows\system32\Drivers\SRTSPX.SYS [2007-11-30 43696] R2 nero backitup scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208] R3 aeaudio;aeaudio;c:\windows\system32\drivers\aeaudio.sys [2003-03-13 100224] R3 E100B;Intel(R) PRO Network Connection Driver;c:\windows\system32\DRIVERS\e100b325.sys [2007-11-16 165496] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-17 99376] R3 smwdm;smwdm;c:\windows\system32\drivers\smwdm.sys [2003-05-27 578304] R3 SYMNDIS;SYMNDIS;c:\windows\system32\Drivers\SYMNDIS.SYS [2007-01-09 35256] S1 26e08d97;26e08d97;c:\windows\system32\drivers\26e08d97.sys [ ] S2 LiveUpdate Notice Service;LiveUpdate Notice Service;c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] S3 comHost;COM Host;c:\program files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248] S3 NAL;Nal Service ;c:\windows\system32\Drivers\iqvw32.sys [2007-12-20 30816] S3 nmwcd;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmb.sys [2008-05-02 17536] S3 nmwcdc;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864] S3 se58bus;Sony Ericsson Device 088 driver (WDM);c:\windows\system32\DRIVERS\se58bus.sys [2006-09-05 61536] S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360] S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se58mdm.sys [2006-09-05 97088] S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624] S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS);c:\windows\system32\DRIVERS\se58nd5.sys [2006-09-05 18704] S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se58obex.sys [2006-09-05 86432] S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM);c:\windows\system32\DRIVERS\se58unic.sys [2006-09-05 90800] S3 SPBBCDrv;SPBBCDrv;c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-04-14 418104] S3 SRTSP;SRTSP;c:\windows\system32\Drivers\SRTSP.SYS [2007-11-30 279088] S3 SRTSPL;SRTSPL;c:\windows\system32\Drivers\SRTSPL.SYS [2007-11-30 317616] S3 usbser;Nokia USB Serial Port;c:\windows\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt;c:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064] S3 Wdf01000;Wdf01000;c:\windows\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WpdUsb;WpdUsb;c:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] Start Pending2 CLTNetCnService;Symantec Lic NetConnect service;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2007-03-15 109160] Start Pending2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2007-03-15 109160] *Newly Created Service* - COMHOST . - - - - ORPHANS VERWIJDERD - - - - BHO-{2A9FAB36-3DB4-45A9-9DBD-A6D20DDC20A7} - c:\windows\system32\khfEXnKC.dll BHO-{302d49ca-575b-4262-9b8c-2f26c2d9f83a} - c:\windows\system32\urqRJYPJ.dll BHO-{af6af1c5-f576-4816-a603-c3465c73cfd7} - c:\windows\system32\daoclf.dll ShellExecuteHooks-{302D49CA-575B-4262-9B8C-2F26C2D9F83A} - c:\windows\system32\urqRJYPJ.dll . ------- Bijkomende Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.nl/ O8 -: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-03 22:09:12 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\msiexec.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe c:\windows\system32\msiexec.exe c:\windows\system32\imapi.exe . ************************************************************************** . Voltooingstijd: 2008-11-03 22:18:23 - machine werd herstart ComboFix-quarantined-files.txt 2008-11-03 21:18:11 Pre-Run: 28.590.362.624 bytes beschikbaar Post-Run: 28,471,418,880 bytes beschikbaar 280 --- E O F --- 2008-10-24 11:30:11 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:20:17, on 3-11-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Donker\Mijn documenten\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: EpsonToolBandKicker Class - {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - AppInit_DLLs: daoclf.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccproxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 (nero backitup scheduler 4.0) - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 7828 bytes
  • De recovery console is trouwens niet geinstaleerd, volgens mij omdat Internet Explorer open stond terwijl ik aanklikte dat ik de recovery console wilde instaleren. Toen verdween mijn Internet Explorer scherm en ging hij scannen
  • Open een kladblokbestand. Kopieer en plak daarin de onderstaande vetgedrukte tekst. [b:1ede98a136]File:: C:\sqmnoopt05.sqm C:\sqmdata05.sqm C:\sqmnoopt04.sqm C:\sqmdata04.sqm C:\sqmnoopt03.sqm C:\sqmdata03.sqm C:\sqmnoopt02.sqm C:\sqmnoopt01.sqm C:\sqmdata02.sqm C:\sqmdata01.sqm C:\sqmnoopt00.sqm C:\sqmdata00.sqm Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows][/b:1ede98a136] Sla dit bestand op je bureaublad op als CFScript.txt. Sleep CFScript.txt in ComboFix.exe Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Verwijder dan opnieuw dat 020-lijntje met HiJackThis : [b:1ede98a136]O20 - AppInit_DLLs: daoclf.dll[/b:1ede98a136] Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.
  • Hallo Kape, Ik heb de stappen weer uitgevoerd, maar het duurt nog steeds ruim 5 minuten voordat mijn pc helemaal is opgestart. Het opstarten zelf gaat vrij snel, daarna zie ik 5 minuten lang alleen mijn windows achtergrond, zonder snelkoppelingen en werkbalken. Hieronder de Logs. ComboFix 08-11-02.05 - Donker 2008-11-05 20:26:19.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.709 [GMT 1:00] Gestart vanuit: c:\documents and settings\Donker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Donker\Bureaublad\CFScript.txt.txt * Nieuw herstelpunt werd aangemaakt [color=RED:01f5b258d4][b:01f5b258d4]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:01f5b258d4][/color:01f5b258d4] FILE :: C:\sqmdata00.sqm C:\sqmdata01.sqm C:\sqmdata02.sqm C:\sqmdata03.sqm C:\sqmdata04.sqm C:\sqmdata05.sqm C:\sqmnoopt00.sqm C:\sqmnoopt01.sqm C:\sqmnoopt02.sqm C:\sqmnoopt03.sqm C:\sqmnoopt04.sqm C:\sqmnoopt05.sqm . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\sqmdata00.sqm C:\sqmdata01.sqm C:\sqmdata02.sqm C:\sqmdata03.sqm C:\sqmdata04.sqm C:\sqmdata05.sqm C:\sqmnoopt00.sqm C:\sqmnoopt01.sqm C:\sqmnoopt02.sqm C:\sqmnoopt03.sqm C:\sqmnoopt04.sqm C:\sqmnoopt05.sqm . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-05 to 2008-11-05 )))))))))))))))))))))))))))))) . 2008-11-04 22:31 . 2008-11-04 22:31 244 --ah----- C:\sqmnoopt06.sqm 2008-11-04 22:31 . 2008-11-04 22:31 232 --ah----- C:\sqmdata06.sqm 2008-11-02 22:36 . 2008-11-02 22:36 <DIR> d-------- c:\documents and settings\Donker\Application Data\Malwarebytes 2008-11-02 22:35 . 2008-11-02 22:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-02 22:35 . 2008-11-02 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-02 22:35 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-02 22:35 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-10-29 14:25 . 2008-11-05 20:23 <DIR> dr-h----- c:\documents and settings\Donker\Onlangs geopend 2008-10-28 13:23 . 2008-10-28 14:16 87 --a------ c:\windows\NeroDigital.ini 2008-10-28 10:55 . 2008-10-28 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\UDL 2008-10-28 10:52 . 2008-10-28 10:57 <DIR> d-------- c:\program files\epson 2008-10-28 10:52 . 2005-02-25 00:00 46,080 --a------ c:\windows\system32\escimgd.dll 2008-10-28 10:52 . 2005-02-25 00:00 29,696 --a------ c:\windows\system32\escwiad.dll 2008-10-28 10:52 . 2005-02-25 00:00 22,016 --a------ c:\windows\system32\esccmd.dll 2008-10-28 10:51 . 2008-10-28 10:51 25 --a------ c:\windows\CDE DX3800EFGIPSD.ini 2008-10-28 10:43 . 2008-10-28 10:44 <DIR> d-------- c:\documents and settings\Donker\Application Data\Nero 2008-10-28 09:31 . 2008-10-28 09:31 4,767 --a------ c:\windows\Irremote.ini 2008-10-28 09:24 . 2008-10-28 09:24 <DIR> d-------- c:\program files\Windows Sidebar 2008-10-28 08:48 . 2008-10-28 09:28 <DIR> d-------- c:\program files\Nero 2008-10-28 08:46 . 2008-10-28 14:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero 2008-10-28 08:16 . 1999-05-07 00:00 140,288 --a------ c:\windows\system32\Comdlg32.ocx 2008-10-28 08:16 . 2007-06-04 16:10 132,880 --a------ c:\windows\system32\MSINET.OCX 2008-10-28 08:16 . 2005-06-06 13:31 108,336 --a------ c:\windows\system32\Mswinsck.OCX 2008-10-27 15:57 . 2008-10-27 15:57 <DIR> d-------- c:\program files\MSECache 2008-10-24 07:29 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-22 18:09 . 2008-10-22 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2008-10-21 15:11 . 2001-08-17 20:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS 2008-10-21 15:11 . 2001-08-17 20:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys 2008-10-18 19:05 . 2008-10-18 19:05 <DIR> d-------- c:\program files\CCleaner 2008-10-17 08:32 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys 2008-10-17 08:32 . 2008-04-13 19:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys 2008-10-17 08:28 . 2008-10-17 08:28 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-10-17 08:28 . 2008-10-17 08:28 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-10-16 16:24 . 2008-10-16 16:24 <DIR> d-------- c:\program files\Google 2008-10-16 16:22 . 2008-10-18 18:11 <DIR> d-------- c:\windows\system32\Adobe 2008-10-16 12:24 . 2008-10-16 12:24 <DIR> d-------- c:\program files\MSXML 4.0 2008-10-15 18:12 . 2006-09-05 18:59 97,088 -ra------ c:\windows\system32\drivers\se58mdm.sys 2008-10-15 18:12 . 2006-09-05 18:57 90,800 -ra------ c:\windows\system32\drivers\se58unic.sys 2008-10-15 18:12 . 2006-09-05 19:00 88,624 -ra------ c:\windows\system32\drivers\se58mgmt.sys 2008-10-15 18:12 . 2006-09-05 19:00 86,432 -ra------ c:\windows\system32\drivers\se58obex.sys 2008-10-15 18:12 . 2006-09-05 18:57 18,704 -ra------ c:\windows\system32\drivers\se58nd5.sys 2008-10-15 18:12 . 2006-09-05 18:59 9,360 -ra------ c:\windows\system32\drivers\se58mdfl.sys 2008-10-15 18:12 . 2006-09-05 19:00 6,240 -ra------ c:\windows\system32\drivers\se58cmnt.sys 2008-10-15 18:12 . 2006-09-05 19:00 6,240 -ra------ c:\windows\system32\drivers\se58cm.sys 2008-10-15 18:12 . 2006-09-05 18:57 4,128 -ra------ c:\windows\system32\drivers\se58cr.sys 2008-10-15 18:10 . 2008-10-15 18:31 <DIR> d-------- c:\documents and settings\Donker\Application Data\Teleca 2008-10-15 18:09 . 2008-10-15 18:09 <DIR> d-------- c:\documents and settings\Donker\Application Data\Sony Ericsson 2008-10-15 18:01 . 2008-10-15 18:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson 2008-10-15 18:00 . 2008-10-21 15:46 <DIR> d-------- c:\program files\Sony Ericsson 2008-10-15 18:00 . 2008-10-15 18:01 <DIR> d-------- c:\program files\Common Files\Teleca Shared 2008-10-15 18:00 . 2008-10-15 18:01 <DIR> d-------- c:\program files\Common Files\Sony Ericsson Shared 2008-10-15 18:00 . 2008-10-15 18:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Teleca 2008-10-15 17:59 . 2008-10-15 17:59 <DIR> d-------- c:\windows\Downloaded Installations 2008-10-15 17:49 . 2006-09-05 18:58 61,536 -ra------ c:\windows\system32\drivers\se58bus.sys 2008-10-15 17:49 . 2006-09-05 18:58 5,872 -ra------ c:\windows\system32\drivers\se58whnt.sys 2008-10-15 17:49 . 2006-09-05 18:58 5,872 -ra------ c:\windows\system32\drivers\se58wh.sys 2008-10-15 17:45 . 2008-10-15 17:45 <DIR> d-------- c:\program files\Disc2Phone 2008-10-15 17:35 . 2008-10-15 17:37 <DIR> d-------- c:\windows\system32\URTTemp 2008-10-15 08:57 . 2004-11-25 04:07 79,679 --a------ c:\windows\system32\E_FLMACE.DLL 2008-10-15 08:57 . 2003-05-21 01:27 64,000 --a------ c:\windows\system32\E_FBCBACE.DLL 2008-10-15 08:57 . 2000-06-07 00:01 34,304 --a------ c:\windows\system32\E_FBCHACE.DLL 2008-10-15 08:54 . 2008-10-15 08:54 <DIR> d-------- C:\EPSON 2008-10-15 08:44 . 2008-10-16 12:42 <DIR> d-------- c:\program files\Common Files\EPSON 2008-10-15 08:44 . 2008-10-16 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\EPSON 2008-10-15 08:44 . 2006-12-08 01:04 76,800 --a------ c:\windows\system32\E_FLBDAE.DLL 2008-10-15 08:44 . 2006-04-19 01:00 62,976 --a------ c:\windows\system32\E_FD4BDAE.DLL 2008-10-15 08:44 . 2004-09-10 19:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL 2008-10-15 05:39 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-15 05:39 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-15 05:39 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-15 05:39 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-15 05:39 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-15 05:39 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-14 20:10 . 2008-10-14 20:10 151 --a------ c:\windows\PhotoSnapViewer.INI 2008-10-14 18:56 . 2008-10-15 05:59 <DIR> d-------- c:\program files\CyberLink 2008-10-14 18:53 . 2008-10-14 19:03 <DIR> d-------- c:\documents and settings\Donker\Application Data\Ahead 2008-10-14 18:47 . 2008-10-28 10:02 <DIR> d-------- c:\program files\Common Files\Nero 2008-10-14 18:46 . 2001-03-08 18:30 24,064 --------- c:\windows\system32\msxml3a.dll 2008-10-14 18:45 . 2008-10-16 12:23 <DIR> d-------- c:\program files\Common Files\Ahead 2008-10-14 18:45 . 2008-10-14 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead 2008-10-07 06:51 . 2008-10-07 06:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-06 09:46 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2008-10-06 09:46 . 2008-04-13 19:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2008-10-06 09:46 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-10-06 09:46 . 2008-04-13 19:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2008-10-05 21:31 . 2008-10-05 21:32 <DIR> d-------- c:\program files\Common Files\Adobe 2008-10-05 21:28 . 2008-10-06 07:52 <DIR> d-------- c:\program files\NOS 2008-10-05 21:28 . 2008-10-06 07:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-10-05 09:33 . 2008-07-18 21:07 270,880 --a------ c:\windows\system32\mucltui.dll 2008-10-05 09:33 . 2008-07-18 21:07 210,976 --a------ c:\windows\system32\muweb.dll 2008-10-05 09:33 . 2008-07-18 21:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-05 18:28 --------- d-----w c:\documents and settings\Donker\Application Data\FrostWire 2008-11-01 10:04 --------- d-----w c:\program files\Norton 360 2008-10-31 18:36 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-10-31 18:34 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-10-28 10:03 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-28 10:02 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-04 07:26 --------- d-----w c:\program files\Windows Live 2008-10-04 07:25 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-10-04 07:22 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-10-02 15:07 --------- d-----w c:\program files\Windows Media Connect 2 2008-10-02 12:07 --------- d-----w c:\program files\BitComet 2008-10-02 11:59 --------- d-----w c:\program files\FrostWire 2008-10-02 10:04 --------- d-----w c:\program files\Java 2008-10-02 10:01 --------- d-----w c:\program files\Common Files\Java 2008-10-02 08:07 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2008-10-02 08:07 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL 2008-10-02 08:07 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2008-10-02 08:07 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2008-10-02 08:07 --------- d-----w c:\program files\Symantec 2008-10-02 07:54 --------- d-----w c:\documents and settings\Donker\Application Data\Symantec 2008-10-02 07:23 --------- d-----w c:\program files\DAEMON Tools Lite 2008-10-02 07:20 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-02 07:20 --------- d-----w c:\documents and settings\Donker\Application Data\DAEMON Tools 2008-10-02 06:43 --------- d-----w c:\program files\Microsoft.NET 2008-10-01 19:45 --------- d-----w c:\program files\Intel 2008-10-01 18:46 --------- d-----w c:\program files\Analog Devices 2008-10-01 18:39 --------- d-----w c:\program files\microsoft frontpage 2008-09-15 15:28 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 13:27 2,193,536 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 13:27 2,070,400 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-03_22.17.21.90 ))))))))))))))))))))))))))))))))))))))))) . + 2006-10-26 19:12:56 396,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:01f5b258d4]0[/u:01f5b258d4]0002109020090400000000000F01FEC\12.0.6021\MOC.EXE + 2007-05-08 10:10:18 16,874,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:01f5b258d4]0[/u:01f5b258d4]0002109020090400000000000F01FEC\12.0.6021\MSO.DLL + 2007-03-21 17:56:50 8,425,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:01f5b258d4]0[/u:01f5b258d4]0002109020090400000000000F01FEC\12.0.6021\OARTCONV.DLL + 2006-10-27 14:18:34 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:01f5b258d4]0[/u:01f5b258d4]0002109020090400000000000F01FEC\12.0.6021\OGL.DLL + 2007-05-10 08:04:28 846,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:01f5b258d4]0[/u:01f5b258d4]0002109020090400000000000F01FEC\12.0.6021\OICE.EXE + 2007-05-10 09:11:42 1,767,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:01f5b258d4]0[/u:01f5b258d4]0002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL + 2007-03-21 18:00:06 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:01f5b258d4]0[/u:01f5b258d4]0002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE + 2007-03-21 17:58:40 4,145,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:01f5b258d4]0[/u:01f5b258d4]0002109020090400000000000F01FEC\12.0.6021\WRD12CNV.DLL + 2007-03-21 17:58:46 24,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:01f5b258d4]0[/u:01f5b258d4]0002109020090400000000000F01FEC\12.0.6021\WRD12EXE.EXE + 2007-05-10 09:25:40 14,677,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:01f5b258d4]0[/u:01f5b258d4]0002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE - 2008-10-27 14:57:46 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-11-03 21:22:14 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-09-05 22:30:52 267,304 -c----w c:\windows\system32\dllcache\wgaLogon.dll + 2008-09-05 22:30:04 951,336 -c----w c:\windows\system32\dllcache\WgaTray.exe - 2008-03-20 16:06:36 1,480,232 ------w c:\windows\system32\LegitCheckControl.dll + 2008-09-05 22:30:06 1,480,232 ------w c:\windows\system32\LegitCheckControl.dll + 2008-09-05 22:30:52 267,304 ------w c:\windows\system32\WgaLogon.dll + 2008-09-05 22:30:04 951,336 ------w c:\windows\system32\WgaTray.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-24 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 116328] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10224:TCP"= 10224:TCP:BitComet 10224 TCP "10224:UDP"= 10224:UDP:BitComet 10224 UDP "11354:TCP"= 11354:TCP:BitComet 11354 TCP "11354:UDP"= 11354:UDP:BitComet 11354 UDP R2 nero backitup scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208] S1 26e08d97;26e08d97;c:\windows\system32\drivers\26e08d97.sys [ ] S3 NAL;Nal Service ;c:\windows\system32\Drivers\iqvw32.sys [2007-12-20 30816] *Newly Created Service* - COMHOST . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-05 20:28:17 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-11-05 20:30:35 ComboFix-quarantined-files.txt 2008-11-05 19:30:18 ComboFix2.txt 2008-11-03 21:18:25 Pre-Run: 28.289.335.296 bytes beschikbaar Post-Run: 28,351,184,896 bytes beschikbaar 243 --- E O F --- 2008-11-04 19:57:14 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:32:10, on 5-11-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Donker\Mijn documenten\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: EpsonToolBandKicker Class - {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccproxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 (nero backitup scheduler 4.0) - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 7752 bytes
  • Open een kladblokbestand. Kopieer en plak daarin de onderstaande vetgedrukte tekst. [b:bfe41392cc]File:: c:\windows\system32\drivers\26e08d97.sys Driver:: 26e08d97.sys[/b:bfe41392cc] Sla dit bestand op je bureaublad op als CFScript.txt. Sleep CFScript.txt in ComboFix.exe Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post na herstart de inhoud van de Combofix.txt in je volgende bericht en laat eens horen of dit iets verbeterd heeft ?
  • Hoi Kape, Ik heb de stappen weer uitgevoerd. Alle popups zijn verdwenen en ook mijn automatische updates staan weer aan. Voor de rest doet de computer het gewoon goed. Het enige probleem dat zich tijdens de herstelperiode heeft voorgedaan is dat de computer lang over het opstarten doet, zoals ik al vertelde. Hieronder de beloofde Log ComboFix 08-11-02.05 - Donker 2008-11-06 17:26:46.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.716 [GMT 1:00] Gestart vanuit: c:\documents and settings\Donker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Donker\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt [color=RED:f1d7b29247][b:f1d7b29247]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:f1d7b29247][/color:f1d7b29247] FILE :: c:\windows\system32\drivers\26e08d97.sys . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))) . 2008-11-04 22:31 . 2008-11-04 22:31 244 --ah----- C:\sqmnoopt06.sqm 2008-11-04 22:31 . 2008-11-04 22:31 232 --ah----- C:\sqmdata06.sqm 2008-11-02 22:36 . 2008-11-02 22:36 <DIR> d-------- c:\documents and settings\Donker\Application Data\Malwarebytes 2008-11-02 22:35 . 2008-11-02 22:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-02 22:35 . 2008-11-02 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-02 22:35 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-02 22:35 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-10-29 14:25 . 2008-11-06 17:25 <DIR> dr-h----- c:\documents and settings\Donker\Onlangs geopend 2008-10-28 13:23 . 2008-10-28 14:16 87 --a------ c:\windows\NeroDigital.ini 2008-10-28 10:55 . 2008-10-28 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\UDL 2008-10-28 10:52 . 2008-10-28 10:57 <DIR> d-------- c:\program files\epson 2008-10-28 10:52 . 2005-02-25 00:00 46,080 --a------ c:\windows\system32\escimgd.dll 2008-10-28 10:52 . 2005-02-25 00:00 29,696 --a------ c:\windows\system32\escwiad.dll 2008-10-28 10:52 . 2005-02-25 00:00 22,016 --a------ c:\windows\system32\esccmd.dll 2008-10-28 10:51 . 2008-10-28 10:51 25 --a------ c:\windows\CDE DX3800EFGIPSD.ini 2008-10-28 10:43 . 2008-10-28 10:44 <DIR> d-------- c:\documents and settings\Donker\Application Data\Nero 2008-10-28 09:31 . 2008-10-28 09:31 4,767 --a------ c:\windows\Irremote.ini 2008-10-28 09:24 . 2008-10-28 09:24 <DIR> d-------- c:\program files\Windows Sidebar 2008-10-28 08:48 . 2008-10-28 09:28 <DIR> d-------- c:\program files\Nero 2008-10-28 08:46 . 2008-10-28 14:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero 2008-10-28 08:16 . 1999-05-07 00:00 140,288 --a------ c:\windows\system32\Comdlg32.ocx 2008-10-28 08:16 . 2007-06-04 16:10 132,880 --a------ c:\windows\system32\MSINET.OCX 2008-10-28 08:16 . 2005-06-06 13:31 108,336 --a------ c:\windows\system32\Mswinsck.OCX 2008-10-27 15:57 . 2008-10-27 15:57 <DIR> d-------- c:\program files\MSECache 2008-10-24 07:29 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-22 18:09 . 2008-10-22 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2008-10-21 15:11 . 2001-08-17 20:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS 2008-10-21 15:11 . 2001-08-17 20:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys 2008-10-18 19:05 . 2008-10-18 19:05 <DIR> d-------- c:\program files\CCleaner 2008-10-17 08:32 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys 2008-10-17 08:32 . 2008-04-13 19:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys 2008-10-17 08:28 . 2008-10-17 08:28 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-10-17 08:28 . 2008-10-17 08:28 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-10-16 16:24 . 2008-10-16 16:24 <DIR> d-------- c:\program files\Google 2008-10-16 16:22 . 2008-10-18 18:11 <DIR> d-------- c:\windows\system32\Adobe 2008-10-16 12:24 . 2008-10-16 12:24 <DIR> d-------- c:\program files\MSXML 4.0 2008-10-15 18:12 . 2006-09-05 18:59 97,088 -ra------ c:\windows\system32\drivers\se58mdm.sys 2008-10-15 18:12 . 2006-09-05 18:57 90,800 -ra------ c:\windows\system32\drivers\se58unic.sys 2008-10-15 18:12 . 2006-09-05 19:00 88,624 -ra------ c:\windows\system32\drivers\se58mgmt.sys 2008-10-15 18:12 . 2006-09-05 19:00 86,432 -ra------ c:\windows\system32\drivers\se58obex.sys 2008-10-15 18:12 . 2006-09-05 18:57 18,704 -ra------ c:\windows\system32\drivers\se58nd5.sys 2008-10-15 18:12 . 2006-09-05 18:59 9,360 -ra------ c:\windows\system32\drivers\se58mdfl.sys 2008-10-15 18:12 . 2006-09-05 19:00 6,240 -ra------ c:\windows\system32\drivers\se58cmnt.sys 2008-10-15 18:12 . 2006-09-05 19:00 6,240 -ra------ c:\windows\system32\drivers\se58cm.sys 2008-10-15 18:12 . 2006-09-05 18:57 4,128 -ra------ c:\windows\system32\drivers\se58cr.sys 2008-10-15 18:10 . 2008-10-15 18:31 <DIR> d-------- c:\documents and settings\Donker\Application Data\Teleca 2008-10-15 18:09 . 2008-10-15 18:09 <DIR> d-------- c:\documents and settings\Donker\Application Data\Sony Ericsson 2008-10-15 18:01 . 2008-10-15 18:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson 2008-10-15 18:00 . 2008-10-21 15:46 <DIR> d-------- c:\program files\Sony Ericsson 2008-10-15 18:00 . 2008-10-15 18:01 <DIR> d-------- c:\program files\Common Files\Teleca Shared 2008-10-15 18:00 . 2008-10-15 18:01 <DIR> d-------- c:\program files\Common Files\Sony Ericsson Shared 2008-10-15 18:00 . 2008-10-15 18:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Teleca 2008-10-15 17:59 . 2008-10-15 17:59 <DIR> d-------- c:\windows\Downloaded Installations 2008-10-15 17:49 . 2006-09-05 18:58 61,536 -ra------ c:\windows\system32\drivers\se58bus.sys 2008-10-15 17:49 . 2006-09-05 18:58 5,872 -ra------ c:\windows\system32\drivers\se58whnt.sys 2008-10-15 17:49 . 2006-09-05 18:58 5,872 -ra------ c:\windows\system32\drivers\se58wh.sys 2008-10-15 17:45 . 2008-10-15 17:45 <DIR> d-------- c:\program files\Disc2Phone 2008-10-15 17:35 . 2008-10-15 17:37 <DIR> d-------- c:\windows\system32\URTTemp 2008-10-15 08:57 . 2004-11-25 04:07 79,679 --a------ c:\windows\system32\E_FLMACE.DLL 2008-10-15 08:57 . 2003-05-21 01:27 64,000 --a------ c:\windows\system32\E_FBCBACE.DLL 2008-10-15 08:57 . 2000-06-07 00:01 34,304 --a------ c:\windows\system32\E_FBCHACE.DLL 2008-10-15 08:54 . 2008-10-15 08:54 <DIR> d-------- C:\EPSON 2008-10-15 08:44 . 2008-10-16 12:42 <DIR> d-------- c:\program files\Common Files\EPSON 2008-10-15 08:44 . 2008-10-16 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\EPSON 2008-10-15 08:44 . 2006-12-08 01:04 76,800 --a------ c:\windows\system32\E_FLBDAE.DLL 2008-10-15 08:44 . 2006-04-19 01:00 62,976 --a------ c:\windows\system32\E_FD4BDAE.DLL 2008-10-15 08:44 . 2004-09-10 19:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL 2008-10-15 05:39 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-15 05:39 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-15 05:39 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-15 05:39 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-15 05:39 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-15 05:39 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-14 20:10 . 2008-10-14 20:10 151 --a------ c:\windows\PhotoSnapViewer.INI 2008-10-14 18:56 . 2008-10-15 05:59 <DIR> d-------- c:\program files\CyberLink 2008-10-14 18:53 . 2008-10-14 19:03 <DIR> d-------- c:\documents and settings\Donker\Application Data\Ahead 2008-10-14 18:47 . 2008-10-28 10:02 <DIR> d-------- c:\program files\Common Files\Nero 2008-10-14 18:46 . 2001-03-08 18:30 24,064 --------- c:\windows\system32\msxml3a.dll 2008-10-14 18:45 . 2008-10-16 12:23 <DIR> d-------- c:\program files\Common Files\Ahead 2008-10-14 18:45 . 2008-10-14 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead 2008-10-07 06:51 . 2008-10-07 06:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-06 09:46 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2008-10-06 09:46 . 2008-04-13 19:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2008-10-06 09:46 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-10-06 09:46 . 2008-04-13 19:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-06 16:25 --------- d-----w c:\documents and settings\Donker\Application Data\FrostWire 2008-11-01 10:04 --------- d-----w c:\program files\Norton 360 2008-10-31 18:36 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-10-31 18:34 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-10-28 10:03 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-28 10:02 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-06 06:52 --------- d-----w c:\program files\NOS 2008-10-06 06:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS 2008-10-05 20:32 --------- d-----w c:\program files\Common Files\Adobe 2008-10-04 07:26 --------- d-----w c:\program files\Windows Live 2008-10-04 07:25 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-10-04 07:22 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-10-02 15:07 --------- d-----w c:\program files\Windows Media Connect 2 2008-10-02 12:07 --------- d-----w c:\program files\BitComet 2008-10-02 11:59 --------- d-----w c:\program files\FrostWire 2008-10-02 10:04 --------- d-----w c:\program files\Java 2008-10-02 10:01 --------- d-----w c:\program files\Common Files\Java 2008-10-02 08:07 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2008-10-02 08:07 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL 2008-10-02 08:07 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2008-10-02 08:07 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2008-10-02 08:07 --------- d-----w c:\program files\Symantec 2008-10-02 07:54 --------- d-----w c:\documents and settings\Donker\Application Data\Symantec 2008-10-02 07:23 --------- d-----w c:\program files\DAEMON Tools Lite 2008-10-02 07:20 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-02 07:20 --------- d-----w c:\documents and settings\Donker\Application Data\DAEMON Tools 2008-10-02 06:43 --------- d-----w c:\program files\Microsoft.NET 2008-10-01 19:45 --------- d-----w c:\program files\Intel 2008-10-01 18:46 --------- d-----w c:\program files\Analog Devices 2008-10-01 18:39 --------- d-----w c:\program files\microsoft frontpage 2008-09-15 15:28 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 13:27 2,193,536 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 13:27 2,070,400 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-03_22.17.21.90 ))))))))))))))))))))))))))))))))))))))))) . + 2006-10-26 19:12:56 396,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:f1d7b29247]0[/u:f1d7b29247]0002109020090400000000000F01FEC\12.0.6021\MOC.EXE + 2007-05-08 10:10:18 16,874,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:f1d7b29247]0[/u:f1d7b29247]0002109020090400000000000F01FEC\12.0.6021\MSO.DLL + 2007-03-21 17:56:50 8,425,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:f1d7b29247]0[/u:f1d7b29247]0002109020090400000000000F01FEC\12.0.6021\OARTCONV.DLL + 2006-10-27 14:18:34 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:f1d7b29247]0[/u:f1d7b29247]0002109020090400000000000F01FEC\12.0.6021\OGL.DLL + 2007-05-10 08:04:28 846,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:f1d7b29247]0[/u:f1d7b29247]0002109020090400000000000F01FEC\12.0.6021\OICE.EXE + 2007-05-10 09:11:42 1,767,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:f1d7b29247]0[/u:f1d7b29247]0002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL + 2007-03-21 18:00:06 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:f1d7b29247]0[/u:f1d7b29247]0002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE + 2007-03-21 17:58:40 4,145,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:f1d7b29247]0[/u:f1d7b29247]0002109020090400000000000F01FEC\12.0.6021\WRD12CNV.DLL + 2007-03-21 17:58:46 24,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:f1d7b29247]0[/u:f1d7b29247]0002109020090400000000000F01FEC\12.0.6021\WRD12EXE.EXE + 2007-05-10 09:25:40 14,677,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u:f1d7b29247]0[/u:f1d7b29247]0002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE - 2008-10-27 14:57:46 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-11-03 21:22:14 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-09-05 22:30:52 267,304 -c----w c:\windows\system32\dllcache\wgaLogon.dll + 2008-09-05 22:30:04 951,336 -c----w c:\windows\system32\dllcache\WgaTray.exe - 2008-03-20 16:06:36 1,480,232 ------w c:\windows\system32\LegitCheckControl.dll + 2008-09-05 22:30:06 1,480,232 ------w c:\windows\system32\LegitCheckControl.dll + 2008-09-05 22:30:52 267,304 ------w c:\windows\system32\WgaLogon.dll + 2008-09-05 22:30:04 951,336 ------w c:\windows\system32\WgaTray.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-24 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 116328] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10224:TCP"= 10224:TCP:BitComet 10224 TCP "10224:UDP"= 10224:UDP:BitComet 10224 UDP "11354:TCP"= 11354:TCP:BitComet 11354 TCP "11354:UDP"= 11354:UDP:BitComet 11354 UDP R2 nero backitup scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208] S1 26e08d97;26e08d97;c:\windows\system32\drivers\26e08d97.sys [ ] S3 NAL;Nal Service ;c:\windows\system32\Drivers\iqvw32.sys [2007-12-20 30816] *Newly Created Service* - COMHOST . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-06 17:28:59 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-11-06 17:31:39 ComboFix-quarantined-files.txt 2008-11-06 16:31:24 ComboFix2.txt 2008-11-05 19:30:36 ComboFix3.txt 2008-11-03 21:18:25 Pre-Run: 28.324.478.976 bytes beschikbaar Post-Run: 28,330,221,568 bytes beschikbaar 215 --- E O F --- 2008-11-04 19:57:14
  • Nog een beetje rotzooi en gebruikte programma's opruimen : Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt. Download CCleaner hier : http://www.majorgeeks.com/download4191.html Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af. Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen. En hier http://users.telenet.be/bluepatchy/miekiemoes/tragecomputer.html nog wat tips i.v.m. een "trage" computer. Misschien kan dat je helpen om de snelheid wat op te drijven. That's it !
  • CCleaner heb ik al op mijn pc, maar die zal ik nog een keer uitvoeren, net als de andere tips. Maar er is verder geen andere manier om te achterhalen hoe het komt dat het opstarten zo lang duurt. Ik vind het verder geen probleem, maar het is natuurlijk altijd fijn als alles goed is. Ik wil je enorm bedanken voor je hulp

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.