Mededeling

Collapse
No announcement yet.

Virus?

Collapse
X
Collapse
  •  
  • Page of 2
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige 1 2 template Volgende
  • #1

    Virus?

    Afgesplitst van:
    http://www.nucia.eu/forum/showthread.php?t=34693


    hier is het logje


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:56:34, on 28-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\JASPER\Mijn documenten\msn spul 1\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [TP CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [60344b6f] rundll32.exe "C:\WINDOWS\system32\mnlxyhtq.dll",b
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\JASPER\Mijn documenten\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://anne-mariehj.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://160.36.60.7:9004/activex/AMC.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - http://sdccam.netacad.be/activex/AMC.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://209.20.250.7/activex/AMC.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/SITE/xupload/XUpload.ocx
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe (file missing)
    O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 7605 bytes
    Last edited by Crash; 28-02-08, 17:39.
    Labels: Geen
    • Citaat
  • #2
    Volg deze instructies om ComboFix te downloaden:
    • Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
      Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
      schakel dan deze scanner uit en download Combofix opnieuw.
      Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

      • Dubbelklik op Combofix.exe
        Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.


      Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
      Plaats deze log in je volgende post, samen met een vers HijackThis logje.
    Groet,
    Pimmerd
    • Citaat

    Comment

    • #3
      ik kreeg geen combofix logje want de pc herstarte en niet in veilige modus
      dus liep hij weer vast en kreeg ik geen logje
      Last edited by spycid; 29-02-08, 14:13.
      • Citaat

      Comment

      • #4
        heb nu wel internet weer
        maar krijg steeds de melding symcuw.exe is een fout op getreden
        • Citaat

        Comment

        • #5
          ComboFix 08-02-25.3 - JASPER 2008-02-29 14:49:39.3 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.677 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\JASPER\Bureaublad\ComboFix.exe

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          ---- Previous Run -------
          .
          C:\Documents and Settings\GERBEN\Application Data\macromedia\Flash Player\#SharedObjects\2XR3MNA5\iforex.com
          C:\Documents and Settings\GERBEN\Application Data\macromedia\Flash Player\#SharedObjects\2XR3MNA5\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
          C:\Documents and Settings\GERBEN\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
          C:\Documents and Settings\GERBEN\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
          C:\Documents and Settings\JASPER\Application Data\macromedia\Flash Player\#SharedObjects\NVWKLHCM\iforex.com
          C:\Documents and Settings\JASPER\Application Data\macromedia\Flash Player\#SharedObjects\NVWKLHCM\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
          C:\Documents and Settings\JASPER\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
          C:\Documents and Settings\JASPER\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
          C:\Documents and Settings\SJOUKJE\Application Data\macromedia\Flash Player\#SharedObjects\9NM28PRZ\iforex.com
          C:\Documents and Settings\SJOUKJE\Application Data\macromedia\Flash Player\#SharedObjects\9NM28PRZ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
          C:\Documents and Settings\SJOUKJE\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
          C:\Documents and Settings\SJOUKJE\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
          C:\WINDOWS\Downloaded Program Files\Quarantine
          C:\WINDOWS\system32\bbugndem.dll
          C:\WINDOWS\system32\fykmddjm.dll
          C:\WINDOWS\system32\hheqoaql.dll
          C:\WINDOWS\system32\hheqoaql.dllbox
          C:\WINDOWS\system32\ilkkj.ini
          C:\WINDOWS\system32\ilkkj.ini2
          C:\WINDOWS\system32\jkkli.dll
          C:\WINDOWS\system32\mcrh.tmp
          C:\WINDOWS\system32\mnlxyhtq.dll
          C:\WINDOWS\system32\qthyxlnm.ini
          C:\WINDOWS\system32\vtuvwxw.dll

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\nm






          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))
          .

          2008-02-22 18:12 . 2008-02-22 18:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
          2008-02-21 22:20 . 2008-02-21 22:20 102 --a------ C:\Platform.ini
          2008-02-21 17:18 . 2006-06-16 19:58 <DIR> d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\UserData
          2008-02-21 17:17 . 2006-06-16 19:58 <DIR> d---s---- C:\Documents and Settings\NetworkService\UserData
          2008-02-21 16:57 . 2008-02-21 16:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
          2008-02-20 15:05 . 2008-02-20 15:05 8 --a------ C:\WINDOWS\system32\603459e1
          2008-02-20 13:30 . 2008-02-20 13:30 <DIR> d-------- C:\Program Files\Sierra
          2008-02-18 11:52 . 2008-02-21 16:14 <DIR> d-------- C:\Program Files\Norton 360
          2008-02-18 11:51 . 2008-02-18 11:54 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
          2008-02-18 11:51 . 2008-02-18 11:54 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
          2008-02-18 11:51 . 2008-02-18 11:54 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
          2008-02-18 11:51 . 2008-02-18 11:54 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
          2008-02-18 11:48 . 2008-02-20 13:37 <DIR> d-------- C:\Program Files\Symantec
          2008-02-18 11:48 . 2008-02-24 15:26 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
          2008-02-18 11:48 . 2008-02-20 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
          2008-02-17 20:59 . 2008-02-17 20:59 <DIR> d-------- C:\Documents and Settings\NetworkService\Menu Start
          2008-02-17 20:56 . 2008-02-17 20:56 <DIR> d-------- C:\Documents and Settings\JASPER\Application Data\InstallShield
          2008-02-12 17:44 . 2008-02-12 17:48 <DIR> d-------- C:\Documents and Settings\JASPER\.housecall6.6

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-29 13:07 100,178 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
          2008-02-20 13:56 487 ----a-w C:\Program Files\Snelkoppeling naar Norton 360.lnk
          2008-02-20 12:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-02-19 21:26 18,870 ----a-w C:\Documents and Settings\GERBEN\Application Data\wklnhst.dat
          2008-02-16 19:13 28,730 ----a-w C:\Documents and Settings\SJOUKJE\Application Data\wklnhst.dat
          2008-02-16 11:34 --------- d-----w C:\Program Files\SpywareBlaster
          2008-02-13 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
          2008-02-12 16:44 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
          2008-02-06 18:54 --------- d-----w C:\Documents and Settings\JASPER\Application Data\ubi.com
          2008-02-04 16:16 --------- d-----w C:\Program Files\Windows Live Safety Center
          2008-02-01 18:40 --------- d-----w C:\Documents and Settings\JASPER\Application Data\LimeWire
          2007-12-26 23:33 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
          2007-12-16 18:52 318 ----a-w C:\delete.bat
          2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
          2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
          2007-05-29 09:30 553 ----a-w C:\Program Files\Snelkoppeling naar Microsoft Games.lnk
          2007-02-07 20:27 19,668 ----a-w C:\Documents and Settings\JASPER\Application Data\wklnhst.dat
          2006-04-16 08:15 1,788 ----a-w C:\Documents and Settings\DOETIE\Application Data\wklnhst.dat
          2006-02-05 21:14 59 ----a-w C:\Documents and Settings\SJOUKJE\IB2004.DAT
          2005-02-23 00:20 73,728 ------w C:\Documents and Settings\SJOUKJE\IB2004u.exe
          2005-02-23 00:20 402,432 ----a-r C:\Documents and Settings\SJOUKJE\IB2004.scr
          2005-02-23 00:20 122,880 ----a-r C:\Documents and Settings\SJOUKJE\IB2004s.exe
          2005-02-23 00:20 1,605,632 ----a-r C:\Documents and Settings\SJOUKJE\IB2004.exe
          2004-01-11 18:23 64,168 ----a-w C:\Documents and Settings\SJOUKJE\Application Data\GDIPFONTCACHEV1.DAT
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-19 15:17 171448]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09 57344]
          "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-28 16:37 394240]
          "TP CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" [2007-08-24 04:42 820616]
          "BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 09:03 33792 C:\WINDOWS\system32\rundll32.exe]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-07 20:46 282624]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

          C:\Documents and Settings\GERBEN\Menu Start\Programma's\Opstarten\
          Registration-InstantCopy.lnk - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 13:18:00 245760]

          C:\Documents and Settings\JASPER\Menu Start\Programma's\Opstarten\
          Registration-InstantCopy.lnk - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 13:18:00 245760]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          WinZip Quick Pick.lnk - C:\Documents and Settings\JASPER\Mijn documenten\WinZip\WZQKPICK.EXE [2007-04-14 13:58:39 122880]

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
          backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2004-09-10 12:24]
          R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
          R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
          R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 17:29]
          R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
          R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 07:04]
          R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2003-05-22 16:44]
          R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 07:47]
          R3 wlags48d;Agere Wireless PCCard Service;C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-07-09 12:18]
          S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Anti-Virus\Anti-Virus\Win2K\FSfilter.sys
          S2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Anti-Virus\Anti-Virus\Win2K\FSgk.sys
          S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Anti-Virus\Anti-Virus\Win2K\FSrec.sys
          S3 CA_LIC_CLNT;CA License Client;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 17:27]
          S3 CA_LIC_SRVR;CA License Server;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 17:41]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-02-29 13:44:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
          - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-29 14:54:28
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-02-29 14:56:20
          ComboFix-quarantined-files.txt 2008-02-29 13:56:13
          .
          2008-02-13 22:05:20 --- E O F ---





          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 15:26:35, on 29-2-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\netdde.exe
          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
          C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Documents and Settings\JASPER\Mijn documenten\WinZip\WZQKPICK.EXE
          C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
          C:\Program Files\CA\eTrust Antivirus\InoRT.exe
          C:\Program Files\CA\eTrust Antivirus\InoTask.exe
          C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\WINDOWS\system32\HPZipm12.exe
          C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\UAService7.exe
          C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
          C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
          C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Documents and Settings\JASPER\Mijn documenten\msn spul 1\HijackThis.exe

          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
          O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
          O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
          O4 - HKLM\..\Run: [TP CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
          O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\JASPER\Mijn documenten\WinZip\WZQKPICK.EXE
          O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
          O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
          O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://anne-mariehj.spaces.live.com//PhotoUpload/MsnPUpld.cab
          O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
          O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
          O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://160.36.60.7:9004/activex/AMC.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab
          O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
          O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
          O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
          O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - http://sdccam.netacad.be/activex/AMC.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://209.20.250.7/activex/AMC.cab
          O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/SITE/xupload/XUpload.ocx
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
          O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
          O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe (file missing)
          O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe (file missing)
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
          O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
          O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
          O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
          O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
          O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

          --
          End of file - 9933 bytes
          • Citaat

          Comment

          • #6
            Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

            File::
            C:\WINDOWS\system32\603459e1

            Driver::
            F-Secure File System Filter
            F-Secure Gatekeeper
            F-Secure File System Recognizer

            Folder::
            C:\Program Files\F-Secure Anti-Virus

            Sla dit op op je Bureaublad als CFScript.txt

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.
            Start opnieuw op als daarom gevraagd wordt,
            en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

            Hoe is het met je problemen?
            Groet,
            Pimmerd
            • Citaat

            Comment

            • #7
              help

              kom alleen niet meer in windows
              alleen caldera ms/dos komt er voor
              Last edited by spycid; 29-02-08, 19:37.
              • Citaat

              Comment

              • #8
                Caldera MS/DOS? Volgens mij is dat van een driver
                Zit er toevallig een CD in je speler, verwijder deze eruit en herstart daarna je PC.
                Groet,
                Pimmerd
                • Citaat

                Comment

                • #9
                  nee dat was het niet laat maar is al weer goed



                  Command switches used :: C:\Documents and Settings\JASPER\Bureaublad\CFScript.txt

                  WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                  FILE ::
                  C:\WINDOWS\system32\603459e1
                  .

                  (((((((((((((((((((( Bestanden Gemaakt van 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))
                  .

                  2008-02-22 18:12 . 2008-02-22 18:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
                  2008-02-21 22:20 . 2008-02-21 22:20 102 --a------ C:\Platform.ini
                  2008-02-21 17:18 . 2006-06-16 19:58 <DIR> d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\UserData
                  2008-02-21 17:17 . 2006-06-16 19:58 <DIR> d---s---- C:\Documents and Settings\NetworkService\UserData
                  2008-02-21 16:57 . 2008-02-21 16:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
                  2008-02-20 13:30 . 2008-02-20 13:30 <DIR> d-------- C:\Program Files\Sierra
                  2008-02-18 11:52 . 2008-02-29 17:01 <DIR> d-------- C:\Program Files\Norton 360
                  2008-02-18 11:51 . 2008-02-29 17:54 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
                  2008-02-18 11:51 . 2008-02-29 17:54 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
                  2008-02-18 11:51 . 2008-02-29 17:54 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
                  2008-02-18 11:51 . 2008-02-29 17:54 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
                  2008-02-18 11:48 . 2008-02-29 17:54 <DIR> d-------- C:\Program Files\Symantec
                  2008-02-18 11:48 . 2008-02-29 18:03 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
                  2008-02-18 11:48 . 2008-02-29 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
                  2008-02-17 20:59 . 2008-02-17 20:59 <DIR> d-------- C:\Documents and Settings\NetworkService\Menu Start

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-02-29 15:53 100,812 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
                  2008-02-20 13:56 487 ----a-w C:\Program Files\Snelkoppeling naar Norton 360.lnk
                  2008-02-20 12:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
                  2008-02-19 21:26 18,870 ----a-w C:\Documents and Settings\GERBEN\Application Data\wklnhst.dat
                  2008-02-16 19:13 28,730 ----a-w C:\Documents and Settings\SJOUKJE\Application Data\wklnhst.dat
                  2008-02-16 11:34 --------- d-----w C:\Program Files\SpywareBlaster
                  2008-02-13 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
                  2008-02-12 16:44 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
                  2008-02-04 16:16 --------- d-----w C:\Program Files\Windows Live Safety Center
                  2007-12-16 18:52 318 ----a-w C:\delete.bat
                  2007-05-29 09:30 553 ----a-w C:\Program Files\Snelkoppeling naar Microsoft Games.lnk
                  2006-04-16 08:15 1,788 ----a-w C:\Documents and Settings\DOETIE\Application Data\wklnhst.dat
                  2006-02-05 21:14 59 ----a-w C:\Documents and Settings\SJOUKJE\IB2004.DAT
                  2005-02-23 00:20 73,728 ------w C:\Documents and Settings\SJOUKJE\IB2004u.exe
                  2005-02-23 00:20 402,432 ----a-r C:\Documents and Settings\SJOUKJE\IB2004.scr
                  2005-02-23 00:20 122,880 ----a-r C:\Documents and Settings\SJOUKJE\IB2004s.exe
                  2005-02-23 00:20 1,605,632 ----a-r C:\Documents and Settings\SJOUKJE\IB2004.exe
                  2004-01-11 18:23 64,168 ----a-w C:\Documents and Settings\SJOUKJE\Application Data\GDIPFONTCACHEV1.DAT
                  .

                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09 57344]
                  "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
                  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
                  "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-28 16:37 394240]
                  "TP CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" [2007-08-24 04:42 820616]
                  "BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 09:03 33792 C:\WINDOWS\system32\rundll32.exe]
                  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-07 20:46 282624]
                  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 02:54 116072]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

                  C:\Documents and Settings\GERBEN\Menu Start\Programma's\Opstarten\
                  Registration-InstantCopy.lnk - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 13:18:00 245760]

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
                  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
                  backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                  "EnableFirewall"= 0 (0x0)

                  R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2004-09-10 12:24]
                  R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
                  R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
                  R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 17:29]
                  R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
                  R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 07:04]
                  R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2003-05-22 16:44]
                  R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 07:47]
                  R3 wlags48d;Agere Wireless PCCard Service;C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-07-09 12:18]
                  S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Anti-Virus\Anti-Virus\Win2K\FSfilter.sys
                  S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Anti-Virus\Anti-Virus\Win2K\FSrec.sys
                  S3 CA_LIC_CLNT;CA License Client;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 17:27]
                  S3 CA_LIC_SRVR;CA License Server;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 17:41]

                  .
                  Inhoud van de 'Gedeelde Taken' map
                  "2008-02-29 17:44:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
                  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
                  .
                  **************************************************************************

                  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-02-29 23:22:37
                  Windows 5.1.2600 Service Pack 2 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  Scan succesvol afgerond
                  verborgen bestanden: 0

                  **************************************************************************
                  .
                  ------------------------ Other Running Processes ------------------------
                  .
                  C:\WINDOWS\system32\netdde.exe
                  C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
                  C:\Program Files\CA\eTrust Antivirus\InoRT.exe
                  C:\Program Files\CA\eTrust Antivirus\InoTask.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                  C:\WINDOWS\system32\msiexec.exe
                  C:\WINDOWS\system32\HPZipm12.exe
                  C:\WINDOWS\system32\UAService7.exe
                  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
                  C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
                  C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
                  .
                  **************************************************************************
                  .
                  Voltooingstijd: 2008-02-29 23:27:05 - machine was rebooted [GERBEN]
                  ComboFix-quarantined-files.txt 2008-02-29 22:26:56
                  ComboFix2.txt 2008-02-29 13:56:22
                  • Citaat

                  Comment

                  • #10
                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 01:45, on 2008-03-01
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\WINDOWS\system32\netdde.exe
                    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
                    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
                    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
                    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                    C:\WINDOWS\system32\HPZipm12.exe
                    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\UAService7.exe
                    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
                    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
                    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
                    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                    C:\WINDOWS\system32\rundll32.exe
                    C:\Program Files\QuickTime\qttask.exe
                    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Documents and Settings\JASPER\Mijn documenten\WinZip\WZQKPICK.EXE
                    C:\Program Files\Internet Explorer\IEXPLORE.EXE
                    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                    C:\WINDOWS\system32\wuauclt.exe
                    C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
                    C:\Documents and Settings\JASPER\Mijn documenten\msn spul 1\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                    O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
                    O4 - HKLM\..\Run: [TP CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config
                    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-21-3060073373-1796464045-3419403462-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'GERBEN')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                    O4 - S-1-5-21-3060073373-1796464045-3419403462-1008 Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (User 'GERBEN')
                    O4 - S-1-5-21-3060073373-1796464045-3419403462-1008 User Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (User 'GERBEN')
                    O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
                    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\JASPER\Mijn documenten\WinZip\WZQKPICK.EXE
                    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
                    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
                    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://anne-mariehj.spaces.live.com//PhotoUpload/MsnPUpld.cab
                    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
                    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://160.36.60.7:9004/activex/AMC.cab
                    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab
                    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
                    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
                    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
                    O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - http://sdccam.netacad.be/activex/AMC.cab
                    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://209.20.250.7/activex/AMC.cab
                    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/SITE/xupload/XUpload.ocx
                    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
                    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
                    O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe (file missing)
                    O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe (file missing)
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
                    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
                    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
                    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
                    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
                    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
                    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

                    --
                    End of file - 10078 bytes
                    • Citaat

                    Comment

                    • #11
                      Open een leeg kladblok venster en kopieer/plak onderstaande dikgedrukte tekst daarin:

                      sc delete "F-Secure Firewall Driver"
                      sc delete "F-Secure File System Filter"
                      sc delete "F-Secure File System Recognizer"

                      Sla het vervolgens op als fix.bat op je Bureaublad
                      Kies bij Opslaan als type voor Alle bestanden.

                      Dubbelklik vervolgens op fix.bat.

                      Hoe is het met je problemen?
                      Groet,
                      Pimmerd
                      • Citaat

                      Comment

                      • #12
                        alles is volgens mij weer goed bedankt :
                        maar norton 360 zit nog steeds in mijn register
                        Last edited by spycid; 01-03-08, 16:23.
                        • Citaat

                        Comment

                        • #13
                          heb je ervaring met regsweep want die heb ik gedowload en die vind allemaal fouten in mijn register
                          • Citaat

                          Comment

                          • #14
                            heb het met cc cleaner verwijderd
                            • Citaat

                            Comment

                            • #15
                              Persoonlijk ben ik geen fan van Registercleaners, meestal richten ze meer schade aan dan ze nuttige dingen doen.
                              Heb al meerdere keren gezien dat mensen moesten gaan formatteren omdat het register teveel schade heeft opgelopen.

                              Je kan met deze tool de restjes verwijderen van Norton:
                              http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039


                              Nog problemen verder?
                              Groet,
                              Pimmerd
                              • Citaat

                              Comment

                              Vorige 1 2 template Volgende
                              Sorry, you are not authorized to view this page
                              Working...
                              X