Vraag & Antwoord
Weer problemen?
11 antwoorden
- Laptop zou geinfecteerd zijn.
MBAM en mallwareBOT hebben een 40-tal items verwijderd.
Hierbij HJTlog
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:00, on 2-5-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Ria\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ria\AppData\Roaming\Folding@home-x86\FahCore_78.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 8939 bytes - Misschien een keer overstappen naar een 64 bit systeem? :lol:
- Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:
[b:cd18ba2634]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)[/b:cd18ba2634]
Klik op 'Fix checked' om de items te verwijderen.
Download [b:cd18ba2634]MBAM (Malwarebytes' Anti-Malware).[/b:cd18ba2634]
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.
Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log. - Komen de logs
Malwarebytes' Anti-Malware 1.36
Database versie: 2164
Windows 6.0.6001 Service Pack 1
22-5-2009 12:35:15
mbam-log-2009-05-22 (12-35-15).txt
Scan type: Snelle Scan
Objecten gescand: 72135
Verstreken tijd: 6 minute(s), 10 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 6
Bestanden geïnfecteerd: 71
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42 (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20 (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Settings (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\rs.dat (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Log\2009 May 21 - 12_09_40 PM_420.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Log\2009 May 22 - 03_00_00 AM_279.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Log\2009 May 22 - 03_00_00 AM_416.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\0.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\0.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\1.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\1.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\10.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\10.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\11.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\11.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\12.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\12.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\13.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\13.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\14.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\14.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\15.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\15.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\16.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\16.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\17.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\17.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\18.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\18.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\2.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\2.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\3.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\3.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\4.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\4.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\5.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\5.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\6.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\6.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\7.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\7.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\8.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\8.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\9.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\19-05-2009-13-58-42\9.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\0.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\0.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\1.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\1.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\10.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\10.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\11.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\11.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\12.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\12.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\13.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\13.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\2.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\2.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\3.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\3.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\4.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\4.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\5.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\5.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\6.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\6.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\7.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\7.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\8.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\8.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\9.qit (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Quarantine\20-05-2009-09-00-20\9.qnf (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Ria\AppData\Roaming\MalwareRemovalBot\Settings\ScanResults.pie (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:00, on 2-5-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Ria\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ria\AppData\Roaming\Folding@home-x86\FahCore_78.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 8939 bytes
Ik wacht af - Mooie opruiming met Malwarebytes
Dit nog even :
Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:
[b:35b6024359]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)[/b:35b6024359]
Klik op 'Fix checked' om de items te verwijderen. En laat dan even weten hoe het dan staat ?
P.S. : Die Malware Removal Bot ruimt niets op, maar zet enkel rommel op je PC. - Alles lijkt t te doen, behalve Symantic Anti virus, dat wil niiet openen
hierbij logs.
BTW PC 1 geeft wel een hoop ellende, maar daar start ik mo een draad over
Malwarebytes' Anti-Malware 1.36
Database versie: 2168
Windows 6.0.6001 Service Pack 1
23-5-2009 10:45:44
mbam-log-2009-05-23 (10-45-44).txt
Scan type: Snelle Scan
Objecten gescand: 72412
Verstreken tijd: 4 minute(s), 57 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:00, on 2-5-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Ria\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ria\AppData\Roaming\Folding@home-x86\FahCore_78.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 8939 bytes - Logjes zien er goed uit
Nog even dit proberen om (eventueel) het Symantec-probleem een boost te geven :
Download [b:d86c39943e]Combofix[/b:d86c39943e] naar je Bureaublad.
Lees [b:d86c39943e]hier[/b:d86c39943e] meer over correct gebruik van Combofix.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:d86c39943e]download Combofix opnieuw[/b:d86c39943e].
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:d86c39943e]
Dubbelklik op [b:d86c39943e]Combofix.exe[/b:d86c39943e] om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op [b:d86c39943e]Ja[/b:d86c39943e] te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:d86c39943e]JA[/b:d86c39943e] te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op [b:d86c39943e]OK[/b:d86c39943e] en [b:d86c39943e]Ja[/b:d86c39943e] om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op [b:d86c39943e]Ja[/b:d86c39943e] om het scannen op malware te starten.
Tijdens het runnen van de fix, [b:d86c39943e]NIET[/b:d86c39943e] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:d86c39943e]
Wanneer de fix voltooid is en na herstart, zal de log [b:d86c39943e]Combofix.txt[/b:d86c39943e] openen.
Post dit logje in je volgende antwoord. - combo.txt:
ComboFix 09-05-24.07 - Ria 25-05-2009 12:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.31.1043.18.1013.248 [GMT 2:00]
Gestart vanuit: d:\downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: MalwareRemovalBot *enabled* (Updated) {4497F8B6-C0D0-4902-94BC-D47F5D9F994D}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-25 to 2009-05-25 ))))))))))))))))))))))))))))))
.
2009-05-25 10:26 . 2009-05-25 10:26 ——– d—–w c:\users\Ria\AppData\Local\temp
2009-05-22 11:42 . 2009-05-22 11:42 ——– d—–w c:\program files\backups
2009-05-22 10:06 . 2009-05-13 06:16 1476 —-a-w c:\programdata\Symantec\Definitions\VirusDefs\tmp341a.tmp\hub.scr
2009-05-22 09:48 . 2009-05-22 09:48 ——– d—–w c:\programdata\Stentec
2009-05-22 04:15 . 2009-05-06 18:06 4784464 —-a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{2222DA9B-D8C8-4964-9A93-017D28254F5D}\mpengine.dll
2009-05-17 17:50 . 2009-05-17 17:50 ——– d—–w c:\program files\Enigma Software Group
2009-05-16 17:22 . 2009-05-16 17:22 ——– d—–w c:\programdata\WindowsSearch
2009-05-14 07:49 . 2009-05-14 07:49 ——– d—–w c:\programdata\LightScribe
2009-05-13 23:58 . 2009-05-25 09:39 12 —-a-w c:\windows\bthservsdp.dat
2009-05-13 23:18 . 2009-05-15 16:26 ——– d—–w c:\users\Ria\AppData\Roaming\Nero
2009-05-13 12:23 . 2009-05-13 12:42 ——– d—–w c:\programdata\Nero
2009-05-13 12:12 . 2009-05-14 01:03 ——– d—–w c:\program files\Common Files\Nero
2009-05-13 12:10 . 2000-06-26 09:45 106496 —-a-w c:\windows\system32\TwnLib20.dll
2009-05-13 12:10 . 2001-07-09 09:50 155648 —-a-w c:\windows\system32\NeroCheck.exe
2009-05-13 12:10 . 2009-05-13 12:10 ——– d—–w c:\program files\Common Files\Ahead
2009-05-13 11:21 . 2009-05-13 11:22 ——– d—–w c:\windows\ShellNew
2009-05-11 20:26 . 2009-05-11 20:26 1656832 —-a-w c:\users\Ria\AppData\Roaming\Folding@home-x86\FahCore_a0.exe
2009-05-11 20:26 . 2009-05-11 20:26 1382280 —-a-w c:\users\Ria\AppData\Roaming\Folding@home-x86\libfftw3f-3.dll
2009-05-11 20:25 . 2009-05-11 20:25 ——– d—–w c:\users\Ria\AppData\Roaming\Template
2009-05-11 12:30 . 2009-05-11 12:30 ——– d—–w c:\users\Ria\AppData\Roaming\SmartFix
2009-05-11 12:30 . 2009-05-11 12:30 ——– d—–w c:\users\Ria\AppData\Local\SmartFix
2009-05-11 12:30 . 2009-05-11 12:30 ——– d—–w c:\programdata\SmartFix
2009-05-11 12:30 . 2009-05-11 12:30 ——– d—–w c:\program files\SmartFix
2009-05-10 19:30 . 2009-05-10 19:30 ——– d—–w c:\programdata\NtiDvdCopy
2009-05-09 12:56 . 2009-05-09 12:56 ——– d—–w c:\programdata\Microsoft Corporation
2009-05-06 12:41 . 2008-06-20 01:14 97800 —-a-w c:\windows\system32\infocardapi.dll
2009-05-06 12:41 . 2008-06-20 01:14 105016 —-a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-06 12:41 . 2008-06-20 01:14 43544 —-a-w c:\windows\system32\PresentationHostProxy.dll
2009-05-06 12:41 . 2008-06-20 01:14 11264 —-a-w c:\windows\system32\icardres.dll
2009-05-06 12:41 . 2008-06-20 01:14 622080 —-a-w c:\windows\system32\icardagt.exe
2009-05-06 12:41 . 2008-06-20 01:14 781344 —-a-w c:\windows\system32\PresentationNative_v0300.dll
2009-05-06 12:40 . 2008-06-20 01:14 326160 —-a-w c:\windows\system32\PresentationHost.exe
2009-05-05 01:01 . 2008-05-27 05:17 34816 —-a-w c:\windows\system32\msscb.dll
2009-05-05 01:01 . 2008-05-27 05:17 11776 —-a-w c:\windows\system32\msshooks.dll
2009-05-05 01:01 . 2008-05-27 04:59 18904 —-a-w c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-05-05 01:01 . 2008-05-27 04:59 106605 —-a-w c:\windows\system32\StructuredQuerySchema.bin
2009-05-05 01:01 . 2008-05-27 05:18 44032 —-a-w c:\windows\system32\msstrc.dll
2009-05-05 01:01 . 2008-05-27 05:18 231936 —-a-w c:\windows\system32\msshsq.dll
2009-05-05 01:01 . 2008-05-27 05:18 71680 —-a-w c:\windows\system32\propdefs.dll
2009-05-05 01:01 . 2008-05-27 05:17 87552 —-a-w c:\windows\system32\SearchFilterHost.exe
2009-05-05 01:01 . 2008-05-27 05:17 754176 —-a-w c:\windows\system32\propsys.dll
2009-05-05 01:01 . 2008-05-27 05:17 32768 —-a-w c:\windows\system32\mssprxy.dll
2009-05-05 01:01 . 2008-05-27 05:17 87552 —-a-w c:\windows\system32\mssitlb.dll
2009-05-04 18:06 . 2008-04-12 03:32 784896 —-a-w c:\windows\system32\rpcrt4.dll
2009-05-04 16:25 . 2009-05-21 00:18 1470 —-a-w c:\programdata\Symantec\Definitions\VirusDefs\tmp341a.tmp\cur.scr
2009-05-04 13:06 . 2009-05-04 13:06 ——– d—–w C:\PerfLogs
2009-05-03 22:14 . 2009-05-03 22:14 ——– d—–w c:\programdata\AVS4YOU
2009-05-03 22:11 . 2009-05-03 22:11 ——– d—–w c:\users\Ria\AppData\Roaming\AVS4YOU
2009-05-03 22:11 . 2009-05-03 22:12 ——– d—–w c:\program files\Common Files\AVSMedia
2009-05-03 22:11 . 2003-05-21 10:50 24576 —-a-w c:\windows\system32\msxml3a.dll
2009-05-03 22:11 . 2009-05-03 22:12 ——– d—–w c:\program files\AVS4YOU
2009-05-03 20:59 . 2009-05-03 20:59 ——– d—–w c:\program files\Common Files\PX Storage Engine
2009-05-03 20:59 . 2009-05-03 22:34 ——– d—–w c:\program files\Winamp
2009-05-03 06:33 . 2009-05-03 06:33 1915520 —-a-w c:\users\Ria\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-02 10:25 . 2009-05-02 10:25 396288 —-a-w c:\program files\HijackThis.exe
2009-05-02 10:21 . 2009-05-02 10:21 ——– d—–w c:\users\Ria\AppData\Roaming\Malwarebytes
2009-05-02 10:20 . 2009-04-06 13:32 15504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-05-02 10:20 . 2009-04-06 13:32 38496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 10:20 . 2009-05-02 10:21 ——– d—–w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 10:20 . 2009-05-02 10:20 ——– d—–w c:\programdata\Malwarebytes
2009-05-02 05:03 . 2008-01-19 07:35 1589248 —-a-w c:\windows\system32\msjet40.dll
2009-05-02 05:02 . 2008-01-19 07:36 240128 —-a-w c:\windows\system32\uxtheme.dll
2009-05-02 05:01 . 2008-01-19 07:37 767488 —-a-w c:\windows\system32\WMVSENCD.DLL
2009-05-02 05:00 . 2007-01-24 10:21 105352 —-a-w c:\windows\system32\rapi.dll
2009-05-02 05:00 . 2007-01-24 10:20 24456 —-a-w c:\windows\system32\rapiproxystub.dll
2009-05-02 05:00 . 2007-01-24 10:20 23944 —-a-w c:\windows\system32\wcescommproxy.dll
2009-05-02 05:00 . 2006-11-02 09:46 20480 —-a-w c:\windows\system32\wmcoinst.dll
2009-05-02 05:00 . 2008-01-19 07:36 357888 —-a-w c:\windows\system32\wbemcomn.dll
2009-05-02 04:59 . 2008-01-19 07:36 129536 —-a-w c:\windows\system32\sqmapi.dll
2009-05-02 04:59 . 2008-01-19 07:36 704512 —-a-w c:\windows\system32\SmiEngine.dll
2009-05-02 04:59 . 2008-01-19 07:36 139264 —-a-w c:\windows\system32\SmiInstaller.dll
2009-05-02 04:59 . 2008-01-19 07:36 218624 —-a-w c:\windows\system32\wdscore.dll
2009-05-02 04:59 . 2008-01-19 07:33 130560 —-a-w c:\windows\system32\PkgMgr.exe
2009-05-02 04:58 . 2008-01-19 07:34 246784 —-a-w c:\windows\system32\drvstore.dll
2009-05-02 04:58 . 2008-01-19 07:35 35328 —-a-w c:\windows\system32\mspatcha.dll
2009-05-02 04:58 . 2008-01-19 07:34 305152 —-a-w c:\windows\system32\msdelta.dll
2009-05-02 04:58 . 2008-01-19 07:34 258560 —-a-w c:\windows\system32\dpx.dll
2009-05-01 23:30 . 2009-05-01 23:30 2338816 —-a-w c:\users\Ria\AppData\Roaming\Folding@home-x86\FahCore_78.exe
2009-05-01 01:04 . 2009-05-01 01:04 269312 —-a-w c:\windows\system32\es.dll
2009-04-30 09:23 . 2009-04-30 09:23 ——– d—–w c:\program files\Common Files\Adobe
2009-04-30 09:12 . 2009-05-01 09:19 ——– d—–w c:\users\Ria\AppData\Local\Adobe
2009-04-29 23:18 . 2009-04-29 23:18 3 —-a-w c:\windows\AFirst.cmd
2009-04-29 23:18 . 2007-05-09 11:34 16437832 —-a-w c:\windows\eRy.exe
2009-04-29 23:18 . 2007-05-23 10:18 100358 —-a-w c:\windows\system32\Vxdif.dll
2009-04-29 23:18 . 2006-11-02 00:09 1419232 —-a-w c:\windows\system32\WdfCoInstaller01005.dll
2009-04-29 23:18 . 2007-06-14 02:33 154624 —-a-w c:\windows\system32\drivers\Apfiltr.sys
2009-04-29 23:17 . 2007-01-15 12:28 336 —-a-w c:\windows\ACERTOURREMINDERRUN.REG
2009-04-29 23:17 . 2009-04-29 13:38 1550 —-a-w c:\windows\CLEANUP.CMD
2009-04-29 23:17 . 2007-01-11 09:50 23 —-a-w c:\windows\system32\$Acer$.cmd
2009-04-29 23:17 . 2007-01-11 09:50 23 —-a-w c:\programdata\Microsoft\Crypto\RSA\MachineKeys\$Acer$.cmd
2009-04-29 23:17 . 2002-11-14 14:32 55808 —-a-w c:\windows\devcon.exe
2009-04-29 21:03 . 2009-04-30 12:18 ——– d—–w c:\windows\system32\oodag
2009-04-29 21:02 . 2009-04-29 21:02 28672 —-a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-29 21:02 . 2009-04-29 21:02 61440 —-a-w c:\windows\system32\winipsec.dll
2009-04-29 21:02 . 2009-04-29 21:02 361984 —-a-w c:\windows\system32\IPSECSVC.DLL
2009-04-29 21:02 . 2009-04-29 21:02 272896 —-a-w c:\windows\system32\polstore.dll
2009-04-29 21:01 . 2009-04-29 21:01 94720 —-a-w c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-29 21:01 . 2009-04-29 21:01 241152 —-a-w c:\windows\system32\PortableDeviceApi.dll
2009-04-29 21:01 . 2009-04-29 21:01 160768 —-a-w c:\windows\system32\PortableDeviceTypes.dll
2009-04-29 20:58 . 2009-04-29 20:58 376832 —-a-w c:\windows\system32\winhttp.dll
2009-04-29 20:57 . 2009-04-29 20:57 296960 —-a-w c:\windows\system32\gdi32.dll
2009-04-29 20:56 . 2009-04-29 20:56 212480 —-a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-29 20:55 . 2009-04-29 20:55 562176 —-a-w c:\windows\system32\msdtcprx.dll
2009-04-29 20:55 . 2009-04-29 20:55 38912 —-a-w c:\windows\system32\xolehlp.dll
2009-04-29 20:54 . 2009-04-29 20:54 28672 —-a-w c:\windows\system32\Apphlpdm.dll
2009-04-29 20:54 . 2009-04-29 20:54 4240384 —-a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-29 20:54 . 2009-04-29 20:54 1695744 —-a-w c:\windows\system32\gameux.dll
2009-04-29 20:53 . 2009-04-29 20:53 303616 —-a-w c:\windows\system32\wmpeffects.dll
2009-04-29 20:52 . 2009-04-29 20:52 1191936 —-a-w c:\windows\system32\msxml3.dll
2009-04-29 20:52 . 2009-04-29 20:52 2048 —-a-w c:\windows\system32\msxml3r.dll
2009-04-29 20:50 . 2009-04-29 20:50 2048 —-a-w c:\windows\system32\tzres.dll
2009-04-29 20:48 . 2009-04-29 20:48 8147456 —-a-w c:\windows\system32\wmploc.DLL
2009-04-29 20:48 . 2009-04-29 20:48 7680 —-a-w c:\windows\system32\spwmp.dll
2009-04-29 20:48 . 2009-04-29 20:48 4096 —-a-w c:\windows\system32\dxmasf.dll
2009-04-29 20:45 . 2009-04-29 20:45 ——– d—–w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-29 20:43 . 2009-04-29 20:43 2927104 —-a-w c:\windows\explorer.exe
2009-04-29 20:38 . 2009-04-29 20:38 6656 —-a-w c:\windows\system32\kbd106n.dll
2009-04-29 20:38 . 2009-04-29 20:38 988216 —-a-w c:\windows\system32\winload.exe
2009-04-29 20:38 . 2009-04-29 20:38 927288 —-a-w c:\windows\system32\winresume.exe
2009-04-29 20:38 . 2009-04-29 20:38 40960 —-a-w c:\windows\system32\srclient.dll
2009-04-29 20:38 . 2009-04-29 20:38 378368 —-a-w c:\windows\system32\srcore.dll
2009-04-29 20:38 . 2009-04-29 20:38 318464 —-a-w c:\windows\system32\rstrui.exe
2009-04-29 20:38 . 2009-04-29 20:38 14848 —-a-w c:\windows\system32\srdelayed.exe
2009-04-29 20:38 . 2009-04-29 20:38 615992 —-a-w c:\windows\system32\ci.dll
2009-04-29 20:38 . 2009-04-29 20:38 46592 —-a-w c:\windows\system32\setbcdlocale.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 09:47 . 2006-11-02 16:07 667352 —-a-w c:\windows\system32\perfh013.dat
2009-05-25 09:47 . 2006-11-02 16:07 126854 —-a-w c:\windows\system32\perfc013.dat
2009-05-14 19:29 . 2006-11-02 11:18 ——– d—–w c:\program files\Windows Mail
2009-05-13 23:21 . 2009-05-13 23:21 0 —ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-13 12:28 . 2009-05-13 12:28 0 —ha-w c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-05-11 20:47 . 2009-05-11 20:25 106 —-a-w c:\users\Ria\AppData\Roaming\wklnhst.dat
2009-05-04 13:07 . 2006-11-02 12:35 ——– d—–w c:\program files\Windows Sidebar
2009-05-04 13:07 . 2006-11-02 12:35 ——– d—–w c:\program files\Windows Calendar
2009-05-04 13:07 . 2006-11-02 12:35 ——– d—–w c:\program files\Windows Photo Gallery
2009-05-04 13:07 . 2006-11-02 12:35 ——– d—–w c:\program files\Windows Collaboration
2009-05-04 13:07 . 2006-11-02 12:35 ——– d—–w c:\program files\Windows Defender
2009-05-04 13:06 . 2006-11-02 10:25 665600 —-a-w c:\windows\inf\drvindex.dat
2009-05-04 12:34 . 2006-11-02 10:32 101888 —-a-w c:\windows\system32\ifxcardm.dll
2009-05-04 12:34 . 2006-11-02 10:32 82432 —-a-w c:\windows\system32\axaltocm.dll
2009-05-02 10:26 . 2009-05-02 10:26 8940 —-a-w c:\program files\hijackthis.log
2009-04-29 19:12 . 2007-08-17 07:05 ——– d—–w c:\program files\Acer GameZone
2009-04-29 19:08 . 2007-08-17 07:03 ——– d—–w c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-04-29 19:07 . 2007-08-17 05:42 ——– d–h–w c:\program files\InstallShield Installation Information
2009-04-29 15:27 . 2007-08-17 07:10 ——– d—–w c:\programdata\Symantec
2009-04-29 15:27 . 2007-08-17 07:10 ——– d—–w c:\program files\Common Files\Symantec Shared
2009-04-29 15:26 . 2007-08-17 07:13 ——– d—–w c:\program files\Norton Internet Security
2009-04-29 15:12 . 2007-08-17 06:55 ——– d—–w c:\programdata\Microsoft Help
2009-04-29 14:36 . 2007-08-17 06:47 ——– d—–w c:\programdata\CyberLink
2009-04-29 14:17 . 2007-08-17 07:11 ——– d—–w c:\program files\Symantec
2009-04-29 14:16 . 2007-08-17 07:11 805 —-a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-29 14:16 . 2007-08-17 07:11 8014 —-a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-29 14:16 . 2007-08-17 07:11 109744 —-a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-29 13:47 . 2009-04-29 13:47 0 —ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-04-15 11:04 . 2007-08-17 07:15 89104 —-a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub
aveng.sys
2009-04-15 11:04 . 2007-08-17 07:15 876144 —-a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub
avex15.sys
2009-04-15 11:04 . 2007-08-17 07:15 371248 —-a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-04-15 11:04 . 2007-08-17 07:15 259368 —-a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-04-15 11:04 . 2007-08-17 07:15 2414128 —-a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-04-15 11:04 . 2007-08-17 07:15 177520 —-a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub
aveng32.dll
2009-04-15 11:04 . 2007-08-17 07:15 1181040 —-a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub
avex32a.dll
2009-04-15 11:04 . 2007-08-17 07:15 101936 —-a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2009-03-08 11:34 . 2009-05-08 05:16 914944 —-a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-08 05:16 43008 —-a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-08 05:16 18944 —-a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-08 05:16 109056 —-a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-08 05:16 109568 —-a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-08 05:16 132608 —-a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-08 05:16 107520 —-a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-08 05:16 107008 —-a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-08 05:16 103936 —-a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-08 05:16 420352 —-a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-08 05:16 72704 —-a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-08 05:16 71680 —-a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-08 05:16 66560 —-a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-08 05:16 169472 —-a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-08 05:16 34816 —-a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-08 05:16 48128 —-a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-08 05:16 45568 —-a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-08 05:16 156160 —-a-w c:\windows\system32\msls31.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2006-10-24 46728]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SupportAgent_HCC"="c:\program files\SmartFix\SupportAgent_HCC\SupportAgent.exe" [2009-05-11 3989504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"THGuard"="d:\program files\TrojanHunter 5.1\THGuard.exe" [2009-05-18 1061536]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-17 535336]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u:3ed987410e]0[/u:3ed987410e]OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B1DE5FF2-A496-49BC-9B27-3CDB5626DF05}"= UDP:990:LocalSubnet:LocalSubnet|IF={ACB435BD-7C0C-452E-8554-8D6FE63A1213}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{3823A5C4-4D03-423A-B808-AD632CAB9BA4}"= UDP:5721:LocalSubnet:LocalSubnet|IF={ACB435BD-7C0C-452E-8554-8D6FE63A1213}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{85D23BAD-11E9-4E48-8AAD-B5492D914637}"= UDP:1034:LocalSubnet:LocalSubnet|IF={ACB435BD-7C0C-452E-8554-8D6FE63A1213}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{F161884F-12C5-4F2D-9E9A-EBD966872E4E}"= UDP:5678:LocalSubnet:LocalSubnet|IF={ACB435BD-7C0C-452E-8554-8D6FE63A1213}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{5942E95D-9F21-4F87-91AC-153C2163EEB5}"= UDP:999:LocalSubnet:LocalSubnet|IF={ACB435BD-7C0C-452E-8554-8D6FE63A1213}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{A3C14F41-6F1D-405A-8249-D90CA877509A}"= UDP:26675:LocalSubnet:LocalSubnet|IF={ACB435BD-7C0C-452E-8554-8D6FE63A1213}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{F4077B1C-9AC4-4CEE-8E42-57AC74827019}"= UDP:990:LocalSubnet:LocalSubnet|IF={ACB435BD-7C0C-452E-8554-8D6FE63A1213}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [17-8-2007 15:59 179712]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [17-8-2007 9:17 202872]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [17-3-2006 6:34 115952]
— Andere Services/Drivers In Geheugen —
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map
2009-05-25 c:\windows\Tasks\RegCure Program Check.job
- d:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
2009-05-14 c:\windows\Tasks\RegCure.job
- d:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
2009-05-25 c:\windows\Tasks\User_Feed_Synchronization-{955D44C3-3D49-465E-AF3A-C5C779012F7B}.job
- c:\windows\system32\msfeedssync.exe [2009-05-08 11:31]
.
- - - - ORPHANS VERWIJDERD - - - -
HKLM-Run-eRecoveryService - (no file)
SafeBoot-procexp90.Sys
.
——- Bijkomende Scan ——-
.
uStart Page = www.startpagina.nl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://nl.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xporteren naar Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 12:26
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u:3ed987410e]0[/u:3ed987410e]000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\eNetHook.dll
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\eNetHook.dll
- - - - - - - > 'Explorer.exe'(4220)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Voltooingstijd: 2009-05-25 12:28
ComboFix-quarantined-files.txt 2009-05-25 10:28
Pre-Run: 13.410.488.320 bytes beschikbaar
Post-Run: 16.709.619.712 bytes beschikbaar
324 — E O F — 2009-05-22 04:15 - En hoe staat het nu met je Symantec ?
- Die gilt dat äuto protect niet ingeschakeld is , maar in t hoofdscherm zegt ie van wél, snap t ff niet…
- Heb je deze op CD of via donwload met licentie ? Dan zou je de versie - voor alle zekerheid - nog eens opnieuw kunnen installeren.
Doe ondertussen ook dit :
Verwijder Combofix: Start -> Uitvoeren en typ: [b:3b344f279a]combofix /u[/b:3b344f279a]
Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.