Mededeling

Collapse
No announcement yet.

Computer geinfecteerd

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Computer geinfecteerd

    Hoi,

    mijn laptop is overduidelijk geinfecteerd met spyware. Ik had niet door dat mijn gratis versie van AVG anti-spyware geen permanente beveiliging bood, en op die manier is de spyware dus binnengeraakt. Ik heb Windows Defender dan maar geinstalleerd (is dit een degelijk programma?) en deze in veilige modus laten scannen, maar toen ik terug bij de laptop kwam was deze opeens uitgevallen (stekker stak wel in hoor). Misschien heeft dat ook met de spyware te maken?

    In ieder geval, hier mijn log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:34:20, on 18/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\PurgeIE\PurgeIE_Service.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://pac.telenet.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O2 - BHO: QuickTalk 2.1 - {CF26FAC0-7D4E-46D8-AE64-B277B11443AC} - C:\WINDOWS\system32\iesearch.dll
    O3 - Toolbar: Encarta Winkler Prins Webassistent - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
    O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AntiVirusPro] C:\Program Files\AntiVirusPro\AntiVirusPro.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)

    --
    End of file - 10612 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      Ziehier de twee logjes:

      ---RVAXO.exe Updated: 2008-03-19---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\iesearch.dll
      C:\WINDOWS\system32\vbzip11.dll
      C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
      C:\WINDOWS\bokpkov.dll
      C:\WINDOWS\altvxvm.dll

      Folders Found:
      C:\Program Files\AntiVirusPro
      C:\Documents and Settings\Calsius-Olaerts\Application Data\Anti-Virus-Pro.com

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------


      _________________________________________________________________


      ComboFix 08-03-18.1 - Calsius-Olaerts 2008-03-19 20:21:28.1 - FAT32x86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.507 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Calsius-Olaerts\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Calsius-Olaerts\Application Data\macromedia\Flash Player\#SharedObjects\MLVECSPC\iforex.com
      C:\Documents and Settings\Calsius-Olaerts\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))
      .

      2008-03-19 20:16 . 2008-03-19 20:16 <DIR> d-------- C:\RVAXO
      2008-03-19 20:13 . 2008-03-19 12:50 746,824 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-03-19 20:13 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-03-19 19:56 . 2008-03-19 19:56 269,334 --a------ C:\WINDOWS\system32\honidcf.bmp
      2008-03-19 07:14 . 2008-03-19 07:14 269,334 --a------ C:\WINDOWS\system32\jehsb.bmp
      2008-03-18 23:57 . 2008-03-18 23:57 269,334 --a------ C:\WINDOWS\system32\nmpgbmh.bmp
      2008-03-18 18:24 . 2008-03-18 18:24 <DIR> d-------- C:\Program Files\Trend Micro
      2008-03-18 18:19 . 2008-03-18 18:19 269,334 --a------ C:\WINDOWS\system32\qlsfetkfmt.bmp
      2008-03-18 16:54 . 2008-03-18 16:54 <DIR> d-------- C:\Program Files\Windows Defender
      2008-03-18 16:45 . 2008-03-18 16:45 269,334 --a------ C:\WINDOWS\system32\cbehojipcfit.bmp
      2008-03-18 11:51 . 2006-05-25 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
      2008-03-18 11:51 . 2006-05-25 17:16 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-03-18 11:51 . 2006-05-25 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
      2008-03-18 11:51 . 2006-05-25 17:16 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten
      2008-03-18 11:51 . 2006-05-25 17:04 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
      2008-03-18 11:51 . 2006-05-25 17:16 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
      2008-03-18 11:51 . 2006-05-25 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
      2008-03-18 11:51 . 2006-05-25 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
      2008-03-17 20:39 . 2008-03-17 20:40 <DIR> d-------- C:\Documents and Settings\Calsius-Olaerts\Application Data\InfeStop.com
      2008-03-15 11:15 . 2008-03-15 11:15 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InfeStop.com
      2008-03-15 11:15 . 2008-03-15 11:15 <DIR> d-------- C:\Program Files\InfeStop
      2008-03-12 17:07 . 2008-03-12 17:07 <DIR> d-------- C:\Program Files\PC Inspector File Recovery
      2008-03-12 17:07 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD
      2008-03-11 17:13 . 2008-03-11 17:13 <DIR> d-------- C:\Program Files\Runtime Software
      2008-03-11 15:59 . 2008-03-11 15:59 <DIR> d-------- C:\Program Files\PowerQuest
      2008-03-03 15:35 . 2008-03-03 15:35 <DIR> d-------- C:\Program Files\iPod
      2008-03-03 13:05 . 2008-03-03 13:05 <DIR> d-------- C:\Documents and Settings\Calsius-Olaerts\Application Data\Samsung
      2008-03-02 14:00 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
      2008-03-02 13:59 . 2008-03-02 13:59 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
      2008-03-02 13:59 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
      2008-03-02 13:59 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
      2008-03-02 13:59 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
      2008-03-02 13:59 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
      2008-03-02 13:59 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
      2008-03-02 13:59 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
      2008-03-02 13:59 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
      2008-03-02 13:59 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
      2008-03-02 13:59 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
      2008-03-02 13:58 . 2008-03-02 13:58 <DIR> d-------- C:\Program Files\Samsung
      2008-02-21 20:19 . 2008-02-21 20:19 <DIR> d-------- C:\Program Files\MSECache

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-03 18:35 --------- d-----w C:\Program Files\uTorrent
      2008-02-03 18:35 --------- d-----w C:\Documents and Settings\Calsius-Olaerts\Application Data\uTorrent
      2008-02-02 23:31 --------- d-----w C:\Program Files\URUSoft
      2008-01-16 13:10 737,280 ----a-w C:\WINDOWS\iun6002.exe
      2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
      2008-01-10 17:56 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
      2008-01-10 17:56 249,856 ------w C:\WINDOWS\Setup1.exe
      2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
      2007-12-19 22:57 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
      2007-08-10 20:19 58,848 ----a-w C:\Documents and Settings\Calsius-Olaerts\Application Data\GDIPFONTCACHEV1.DAT
      2007-04-19 07:57 50,008 ----a-w C:\Documents and Settings\Presentaties\Application Data\GDIPFONTCACHEV1.DAT
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
      "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-20 17:58 579072]
      "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 21:59 602112]
      "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
      "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
      "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
      "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
      "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50 155648]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
      "AntiVirusPro"="C:\Program Files\AntiVirusPro\AntiVirusPro.exe" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-26 18:55 219136]

      C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
      Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-05-31 12:31:54 45056]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
      backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
      C:\Program Files\BitTorrent\bittorrent.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
      --a------ 2002-11-02 08:33 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
      --a------ 2002-12-02 16:17 73728 C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]
      --a------ 2003-09-20 20:23 45056 C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
      --a------ 2004-08-04 05:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
      --a------ 2006-06-23 21:59 602112 C:\PROGRA~1\LAUNCH~1\LManager.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
      --a------ 2004-08-04 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
      --a------ 2005-05-11 17:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
      --a------ 2006-03-21 13:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
      --a------ 2004-08-04 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
      --a------ 2004-08-04 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
      --a------ 2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
      --a------ 2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
      -ra------ 2003-09-30 00:14 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
      --a------ 2006-09-07 18:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
      "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
      "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
      "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
      "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
      "C:\\WINDOWS\\System32\\dplaysvr.exe"=
      "C:\\Program Files\\Microsoft Games\\Age of Empires II\\Age2_X1\\AGE2_X1.ICD"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\uTorrent\\uTorrent.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 12:43]
      R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]
      R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]
      S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
      S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-19 20:25:52
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      C:\WINDOWS\system32ntos.exe 458752 bytes
      C:\WINDOWS\system32wsnpoem

      Scan succesvol afgerond
      verborgen bestanden: 2

      **************************************************************************
      .
      Voltooingstijd: 2008-03-19 20:27:50
      .
      2008-03-19 19:02:43 --- E O F ---

      Comment


      • #4
        Open een nieuw kladblok bestand.

        Kopieer en plak daarin de onderstaande code.
        Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.

        File::
        C:\WINDOWS\system32\honidcf.bmp
        C:\WINDOWS\system32\jehsb.bmp
        C:\WINDOWS\system32\nmpgbmh.bmp
        C:\WINDOWS\system32\qlsfetkfmt.bmp
        C:\WINDOWS\system32\cbehojipcfit.bmp
        C:\WINDOWS\system32ntos.exe
        C:\WINDOWS\system32\ntos.exe
        Folder::
        C:\Documents and Settings\Calsius-Olaerts\Application Data\InfeStop.com
        C:\WINDOWS\system32\config\systemprofile\Application Data\InfeStop.com
        C:\Program Files\InfeStop
        C:\WINDOWS\system32\wsnpoem
        C:\WINDOWS\system32wsnpoem
        Registry::
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "AntiVirusPro"=-


        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



        Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
        Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

        Comment


        • #5
          Combofix log:

          ComboFix 08-03-18.1 - Calsius-Olaerts 2008-03-20 17:26:20.2 - FAT32x86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.390 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Calsius-Olaerts\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Calsius-Olaerts\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE ::
          C:\WINDOWS\system32\cbehojipcfit.bmp
          C:\WINDOWS\system32\honidcf.bmp
          C:\WINDOWS\system32\jehsb.bmp
          C:\WINDOWS\system32\nmpgbmh.bmp
          C:\WINDOWS\system32\ntos.exe
          C:\WINDOWS\system32\qlsfetkfmt.bmp
          C:\WINDOWS\system32ntos.exe
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Documents and Settings\Calsius-Olaerts\Application Data\InfeStop.com
          C:\Program Files\InfeStop
          C:\WINDOWS\system32\cbehojipcfit.bmp
          C:\WINDOWS\system32\config\systemprofile\Application Data\InfeStop.com
          C:\WINDOWS\system32\honidcf.bmp
          C:\WINDOWS\system32\jehsb.bmp
          C:\WINDOWS\system32\nmpgbmh.bmp
          C:\WINDOWS\system32\ntos.exe
          C:\WINDOWS\system32\qlsfetkfmt.bmp
          C:\WINDOWS\system32\wsnpoem
          C:\WINDOWS\system32\wsnpoem\audio.dll
          C:\WINDOWS\system32\wsnpoem\video.dll

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))
          .

          2008-03-19 20:16 . 2008-03-19 20:16 <DIR> d-------- C:\RVAXO
          2008-03-19 20:13 . 2008-03-19 12:50 746,824 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-03-19 20:13 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2008-03-18 18:24 . 2008-03-18 18:24 <DIR> d-------- C:\Program Files\Trend Micro
          2008-03-18 16:54 . 2008-03-18 16:54 <DIR> d-------- C:\Program Files\Windows Defender
          2008-03-18 11:51 . 2006-05-25 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
          2008-03-18 11:51 . 2006-05-25 17:16 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
          2008-03-18 11:51 . 2006-05-25 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
          2008-03-18 11:51 . 2006-05-25 17:16 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten
          2008-03-18 11:51 . 2006-05-25 17:04 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
          2008-03-18 11:51 . 2006-05-25 17:16 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
          2008-03-18 11:51 . 2006-05-25 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
          2008-03-18 11:51 . 2006-05-25 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
          2008-03-12 17:07 . 2008-03-12 17:07 <DIR> d-------- C:\Program Files\PC Inspector File Recovery
          2008-03-12 17:07 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD
          2008-03-11 17:13 . 2008-03-11 17:13 <DIR> d-------- C:\Program Files\Runtime Software
          2008-03-11 15:59 . 2008-03-11 15:59 <DIR> d-------- C:\Program Files\PowerQuest
          2008-03-03 15:35 . 2008-03-03 15:35 <DIR> d-------- C:\Program Files\iPod
          2008-03-03 13:05 . 2008-03-03 13:05 <DIR> d-------- C:\Documents and Settings\Calsius-Olaerts\Application Data\Samsung
          2008-03-02 14:00 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
          2008-03-02 13:59 . 2008-03-02 13:59 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
          2008-03-02 13:59 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
          2008-03-02 13:59 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
          2008-03-02 13:59 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
          2008-03-02 13:59 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
          2008-03-02 13:59 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
          2008-03-02 13:59 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
          2008-03-02 13:59 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
          2008-03-02 13:59 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
          2008-03-02 13:59 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
          2008-03-02 13:58 . 2008-03-02 13:58 <DIR> d-------- C:\Program Files\Samsung
          2008-02-21 20:19 . 2008-02-21 20:19 <DIR> d-------- C:\Program Files\MSECache

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-03 18:35 --------- d-----w C:\Program Files\uTorrent
          2008-02-03 18:35 --------- d-----w C:\Documents and Settings\Calsius-Olaerts\Application Data\uTorrent
          2008-02-02 23:31 --------- d-----w C:\Program Files\URUSoft
          2008-01-16 13:10 737,280 ----a-w C:\WINDOWS\iun6002.exe
          2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
          2008-01-10 17:56 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
          2008-01-10 17:56 249,856 ------w C:\WINDOWS\Setup1.exe
          2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
          2007-08-10 20:19 58,848 ----a-w C:\Documents and Settings\Calsius-Olaerts\Application Data\GDIPFONTCACHEV1.DAT
          2007-04-19 07:57 50,008 ----a-w C:\Documents and Settings\Presentaties\Application Data\GDIPFONTCACHEV1.DAT
          .

          ((((((((((((((((((((((((((((( [email protected]_20.26.44,73 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-03-13 07:19:48 593,920 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
          + 2008-03-20 16:24:52 593,920 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
          - 2008-03-13 07:19:48 12,288 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
          + 2008-03-20 16:24:52 12,288 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
          - 2008-03-13 07:19:48 86,016 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
          + 2008-03-20 16:24:52 86,016 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
          - 2008-03-13 07:19:48 135,168 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
          + 2008-03-20 16:24:52 135,168 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
          - 2008-03-13 07:19:48 11,264 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
          + 2008-03-20 16:24:52 11,264 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
          - 2008-03-13 07:19:48 27,136 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
          + 2008-03-20 16:24:52 27,136 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
          - 2008-03-13 07:19:48 4,096 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
          + 2008-03-20 16:24:52 4,096 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
          - 2008-03-13 07:19:48 794,624 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
          + 2008-03-20 16:24:52 794,624 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
          - 2008-03-13 07:19:48 249,856 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
          + 2008-03-20 16:24:52 249,856 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
          - 2008-03-13 07:19:48 61,440 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
          + 2008-03-20 16:24:52 61,440 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
          - 2008-03-13 07:19:50 23,040 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
          + 2008-03-20 16:24:52 23,040 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
          - 2008-03-13 07:19:48 286,720 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
          + 2008-03-20 16:24:52 286,720 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
          - 2008-03-13 07:19:46 409,600 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
          + 2008-03-20 16:24:52 409,600 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
          "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
          "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-20 17:58 579072]
          "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 21:59 602112]
          "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
          "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
          "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
          "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
          "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
          "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50 155648]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
          "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-26 18:55 219136]

          C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
          Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-05-31 12:31:54 45056]

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
          backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
          C:\Program Files\BitTorrent\bittorrent.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
          --a------ 2002-11-02 08:33 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
          --a------ 2002-12-02 16:17 73728 C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]
          --a------ 2003-09-20 20:23 45056 C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
          --a------ 2004-08-04 05:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
          --a------ 2006-06-23 21:59 602112 C:\PROGRA~1\LAUNCH~1\LManager.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
          --a------ 2004-08-04 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
          --a------ 2005-05-11 17:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
          --a------ 2006-03-21 13:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
          --a------ 2004-08-04 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
          --a------ 2004-08-04 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
          --a------ 2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
          --a------ 2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
          -ra------ 2003-09-30 00:14 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
          --a------ 2006-09-07 18:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\security center]
          "AntiVirusDisableNotify"=dword:00000001

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
          "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
          "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
          "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
          "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
          "C:\\WINDOWS\\System32\\dplaysvr.exe"=
          "C:\\Program Files\\Microsoft Games\\Age of Empires II\\Age2_X1\\AGE2_X1.ICD"=
          "C:\\Program Files\\Messenger\\msmsgs.exe"=
          "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
          "C:\\Program Files\\MSN Messenger\\livecall.exe"=
          "C:\\Program Files\\uTorrent\\uTorrent.exe"=
          "C:\\Program Files\\iTunes\\iTunes.exe"=

          R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 12:43]
          S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
          S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys
          S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]
          S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]

          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-03-20 17:43:26
          Windows 5.1.2600 Service Pack 2 FAT NTAPI

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\Program Files\PurgeIE\PurgeIE_Service.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\wscntfy.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-03-20 19:48:29 - machine was rebooted
          ComboFix2.txt 2008-03-19 19:27:56
          ComboFix-quarantined-files.txt 2008-03-20 18:48:24
          .
          2008-03-20 16:24:57 --- E O F ---

          _______________________________________________________________


          Hijackthis log:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 19:52:23, on 20/03/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\Program Files\PurgeIE\PurgeIE_Service.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://pac.telenet.be:8080
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
          O3 - Toolbar: Encarta Winkler Prins Webassistent - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
          O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
          O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
          O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
          O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
          O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
          O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
          O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
          O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
          O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Acer Empowering Technology.lnk = ?
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
          O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
          O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
          O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
          O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
          O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)

          --
          End of file - 9137 bytes

          Comment


          • #6
            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
            Dit zal alles van RVAXO doen verwijderen.

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Zijn alle problemen nu voorbij?

            Comment


            • #7
              Mijn laptop gaat weer lekker snel!
              Heel erg bedankt voor de hulp.

              Nog een laatste vraag: Is Windows Defender degelijke anti-spyware software? Ik wil namelijk voorkomen dat dit nog eens gebeurt. Tips zijn altijd welkom.

              Comment


              • #8
                Windows Defender is wel OK

                Kijk hier voor meer beveiligingstips:

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X