Hallo,

Mijn laptop gedraagt zich heel eigenaardig, het begon met webpagina's die ongevraagd opengingen, meestal diverse reclame, gaande van lingerie, diëten en iets van buzzed driving of zoiets, ik moest telkens de pagina's eerst sluiten vooraleer ik kon verder werken. Dit was het begin, soms gaan er ook spontaan een 40tal pagina's achtereen open, wat tevens mijn laptop blokkeert en nadien sluiten ze zichzelf weer af. dit is probleem één.

Het tweede is dat mijn pc enorm traag werkt en dat er opeens een heleboel ( en daarmee bedoel ik honderden, of misschien zelfs duizenden) bestanden in mijn documenten staan van het type POS1A00, POS1A0A en dat gaat zo door tot en met POSFFF, deze bestanden zijn niet te openen en ook op geen enkele manier te verwijderen.

Ik heb norton 360 op mijn pc staan en laat die momenteel dagelijks scannen, maar die vindt het probleem niet of lost het niet op.

Gisteren heb ik windows advanced care 2 erop los gelaten en die gaf enorm veel foutmeldingen die nu allemaal zouden opgelost zijn, maar nu heb ik een nieuw en veel ernstiger probleem. Wanneer windows start en mijn bureaublad met windows taakbalk en pictogrammen tevoorschijn komt, dan blijft dit maar enige minuten staan, mijn scherm wordt één seconde zwart en mijn bureaublad komt volledig leeg terug, de afbeelding blijft staan, maar de taakbalk en pictogrammen zijn verdwenen, ik kan enkel nog in mijn programma's via control alt delete via windows taakbeheer. Wie kan er mij aub helpen, ik heb onlangs mijn harde schijf moeten vervangen en vorige week windows laten herinstalleren, wat mij allemaal veel geld heeft gekost. Weet iemand een oplossing die ik zelf kan doen hiervoor want ik ben bang dat mijn pc binnenkort helemaal niet meer werkt

Alvast bedankt

Hier is mijn log:

Logfile of HijackThis v1.99.1
Scan saved at 21:57:31, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\gebruiker\Mijn documenten\pro\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://zylom.king.com/ctl/kingcomie.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Voor zover je nog iets kàn uitvoeren, begin alvast met Hijackthis (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) te downloaden. Zet het in een eigen map op C, bv C::\Hijackthis\Hijackthis.exe.
Start het op door op dat dynamietstaafje te dubbelklikken en klik op Do a scan and save a logfile. Even wachten tot je een txt-document voor je krijgt. Sla het op onder een makkelijke naam (datum of zo) of post meteen de inhoud in dit topic. Via menu Bewerken - alles selecteren - kopiëren. Doe de topic post open, klik met je muis er even in en tik dan tegelijk op Ctrl + V. De inhoud van het logje komt dan hier te staan.
Onze "jagers" zullen hun geluk niet op kunnen... denk ik.

* Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je bureaublad.
Dubbelklik combofix.exe
Volg de instructies.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix gedaan heeft en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw hijackthislog

Alvast bedankt om me zo snel te willen helpen, dit is de combolog

ComboFix 07-12-21.4 - gebruiker 2007-12-26 22:30:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.144 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\gebruiker\Local Settings\Temporary Internet Files\Content.IE5\WR0J0TIP\ComboFix[1].exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\StorageProtector
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\aiamqkvm.dll
C:\WINDOWS\system32\ajlbgadd.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\elbeigqt.dll
C:\WINDOWS\system32\fccdawx.dll
C:\WINDOWS\system32\fljjkjxu.dll
C:\WINDOWS\system32\hphxrnii.dll
C:\WINDOWS\system32\ixiampyb.dll
C:\WINDOWS\system32\jmmoq.bak1
C:\WINDOWS\system32\jmmoq.bak2
C:\WINDOWS\system32\jmmoq.ini
C:\WINDOWS\system32\jmmoq.ini2
C:\WINDOWS\system32\jmmoq.tmp
C:\WINDOWS\system32\lhvkvdsb.dll
C:\WINDOWS\system32\mtwfieod.dll
C:\WINDOWS\system32\nejarbxl.dllbox
C:\WINDOWS\system32\ngdgrtgk.dll
C:\WINDOWS\system32\qommj.dll
C:\WINDOWS\system32\tivgswhj.dll
C:\WINDOWS\system32\uhkspigh.dll
C:\WINDOWS\system32\wiqevbhb.dll
C:\WINDOWS\system32\xpyiexbn.dll
C:\x.dat
C:\z.dat
C:\WINDOWS\Fonts\'
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))
.
2007-12-26 20:54 . 2007-12-26 21:35 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-26 20:54 . 2007-12-26 20:54 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\PC Tools
2007-12-26 20:54 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-26 20:54 . 2007-12-26 21:00 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-26 20:54 . 2007-12-26 21:00 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-26 20:54 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-26 20:54 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-26 15:19 . 2004-08-04 00:55 274,816 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-12-26 15:19 . 2004-08-04 00:55 274,816 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2007-12-26 15:18 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-12-26 15:18 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2007-12-26 00:11 . 2007-12-26 00:11 <DIR> d----c--- C:\Documents and Settings\gebruiker\temp
2007-12-26 00:11 . 2007-12-26 00:11 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\TeamViewer
2007-12-25 20:32 . 2007-12-25 20:32 294 ---hs---- C:\WINDOWS\system32\wqkfnurf.ini
2007-12-25 20:10 . 2007-12-25 20:10 <DIR> d-------- C:\Program Files\IObit
2007-12-25 20:09 . 2007-12-25 20:09 1,018,691 ---hs---- C:\WINDOWS\system32\btbifkta.ini
2007-12-25 19:33 . 2007-12-25 19:33 <DIR> d-------- C:\Program Files\Xvid
2007-12-25 19:33 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-25 19:33 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-25 19:33 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-12-25 19:30 . 2007-12-25 20:03 354 ---hs---- C:\WINDOWS\system32\riwulexg.ini
2007-12-25 17:28 . 2007-12-25 21:36 7,168 --a------ C:\WINDOWS\system32\windows
2007-12-25 17:10 . 2007-12-25 17:10 294 ---hs---- C:\WINDOWS\system32\ctleugbg.ini
2007-12-25 16:38 . 2007-12-25 16:38 294 ---hs---- C:\WINDOWS\system32\immynotw.ini
2007-12-25 16:23 . 2007-12-25 16:24 1,010,146 ---hs---- C:\WINDOWS\system32\fixxvacd.ini
2007-12-25 00:35 . 2007-12-25 00:35 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\CyberLink
2007-12-24 22:02 . 2007-12-25 16:21 1,010,086 ---hs---- C:\WINDOWS\system32\aqcqmyxm.ini
2007-12-24 21:12 . 2007-12-24 21:48 1,010,155 ---hs---- C:\WINDOWS\system32\libdgdst.ini
2007-12-24 18:42 . 2007-12-24 18:42 <DIR> d-------- C:\WINDOWS\Sun
2007-12-24 16:38 . 2007-12-24 21:10 992,845 ---hs---- C:\WINDOWS\system32\eflleusu.ini
2007-12-24 16:26 . 2007-12-24 16:28 <DIR> d-------- C:\N360_BACKUP
2007-12-24 14:32 . 2007-12-24 16:33 992,716 ---hs---- C:\WINDOWS\system32\xgwcgrro.ini
2007-12-24 14:07 . 2007-12-24 14:07 992,656 ---hs---- C:\WINDOWS\system32\itteswdk.ini
2007-12-24 06:11 . 2007-12-24 06:11 990,717 ---hs---- C:\WINDOWS\system32\dfuvuosi.ini
2007-12-24 05:28 . 2007-12-24 06:11 987,383 ---hs---- C:\WINDOWS\system32\fbmimypa.ini
2007-12-24 04:49 . 2007-12-24 05:26 990,810 ---hs---- C:\WINDOWS\system32\ootbeqyn.ini
2007-12-24 04:30 . 2007-12-24 04:44 354 ---hs---- C:\WINDOWS\system32\mvtxxntu.ini
2007-12-23 18:41 . 2007-12-23 18:41 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\Symantec
2007-12-23 15:34 . 2007-12-24 02:26 990,649 ---hs---- C:\WINDOWS\system32\mulbraic.ini
2007-12-23 01:42 . 2007-12-23 15:31 990,811 ---hs---- C:\WINDOWS\system32\avcaghft.ini
2007-12-23 01:42 . 2007-12-25 20:35 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-23 00:00 . 2007-12-23 01:31 990,640 ---hs---- C:\WINDOWS\system32\nmdlqpbr.ini
2007-12-22 23:54 . 2007-12-22 23:54 268 --ah-c--- C:\sqmdata15.sqm
2007-12-22 23:54 . 2007-12-22 23:54 244 --ah-c--- C:\sqmnoopt15.sqm
2007-12-22 22:52 . 2007-12-22 22:52 268 --ah-c--- C:\sqmdata14.sqm
2007-12-22 22:52 . 2007-12-22 22:52 244 --ah-c--- C:\sqmnoopt14.sqm
2007-12-22 21:54 . 2007-12-22 21:54 991,353 ---hs---- C:\WINDOWS\system32\pknxaruv.ini
2007-12-22 20:35 . 2007-12-25 22:44 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\Zylom
2007-12-22 20:34 . 2007-12-22 20:34 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Zylom
2007-12-22 16:45 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-22 16:45 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-22 16:45 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-22 16:28 . 2007-12-22 21:54 990,690 ---hs---- C:\WINDOWS\system32\gqqqwhwv.ini
2007-12-22 03:01 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-22 01:20 . 2007-12-22 01:20 268 --ah-c--- C:\sqmdata13.sqm
2007-12-22 01:20 . 2007-12-22 01:20 244 --ah-c--- C:\sqmnoopt13.sqm
2007-12-21 23:54 . 2007-12-21 23:54 <DIR> d----c--- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-21 23:19 . 2007-12-21 23:19 268 --ah-c--- C:\sqmdata12.sqm
2007-12-21 23:19 . 2007-12-21 23:19 244 --ah-c--- C:\sqmnoopt12.sqm
2007-12-21 22:41 . 2007-12-23 00:42 <DIR> d-------- C:\Program Files\Norton 360
2007-12-21 22:38 . 2007-12-21 23:39 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-21 22:38 . 2007-12-21 23:39 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-21 22:38 . 2007-12-21 23:39 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-21 22:38 . 2007-12-21 23:39 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-21 22:31 . 2007-12-21 22:37 991,560 ---hs---- C:\WINDOWS\system32\lbeevfve.ini
2007-12-21 22:26 . 2007-12-21 22:26 268 --ah-c--- C:\sqmdata11.sqm
2007-12-21 22:26 . 2007-12-21 22:26 244 --ah-c--- C:\sqmnoopt11.sqm
2007-12-21 22:03 . 2007-12-21 22:03 <DIR> d---s---- C:\Documents and Settings\gebruiker\UserData
2007-12-21 20:56 . 2007-12-21 20:56 268 --ah-c--- C:\sqmdata10.sqm
2007-12-21 20:56 . 2007-12-21 20:56 244 --ah-c--- C:\sqmnoopt10.sqm
2007-12-21 19:42 . 2007-12-21 19:42 <DIR> dr---c--- C:\Documents and Settings\All Users\Application Data\SalesMon
2007-12-21 16:00 . 2007-12-21 16:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-21 15:59 . 2007-12-21 15:59 268 --ah-c--- C:\sqmdata09.sqm
2007-12-21 15:59 . 2007-12-21 15:59 244 --ah-c--- C:\sqmnoopt09.sqm
2007-12-19 22:21 . 2007-12-19 22:21 268 --ah-c--- C:\sqmdata08.sqm
2007-12-19 22:21 . 2007-12-19 22:21 244 --ah-c--- C:\sqmnoopt08.sqm
2007-12-19 22:09 . 2007-12-19 22:09 7,175 --a------ C:\WINDOWS\system32\cxqnnrnr.dll
2007-12-19 20:45 . 2007-12-19 21:00 6,613 ---hs---- C:\WINDOWS\system32\tvycf.tmp
2007-12-19 20:17 . 2007-12-23 15:22 <DIR> d----c--- C:\Documents and Settings\gebruiker\Contacts
2007-12-19 16:59 . 2007-12-19 16:59 268 --ah-c--- C:\sqmdata07.sqm
2007-12-19 16:59 . 2007-12-19 16:59 244 --ah-c--- C:\sqmnoopt07.sqm
2007-12-19 15:50 . 2007-12-19 15:50 32,408 --a--c--- C:\Documents and Settings\gebruiker\Application Data\GDIPFONTCACHEV1.DAT
2007-12-19 02:02 . 2007-12-19 02:02 268 --ah-c--- C:\sqmdata06.sqm
2007-12-19 02:02 . 2007-12-19 02:02 244 --ah-c--- C:\sqmnoopt06.sqm
2007-12-18 23:47 . 2007-12-18 23:47 268 --ah-c--- C:\sqmdata05.sqm
2007-12-18 23:47 . 2007-12-18 23:47 244 --ah-c--- C:\sqmnoopt05.sqm
2007-12-18 23:38 . 2007-12-18 23:38 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\Nero
2007-12-18 23:32 . 2007-12-21 23:39 <DIR> d-------- C:\Program Files\Symantec
2007-12-18 23:31 . 2007-12-26 22:13 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-18 23:31 . 2007-12-26 22:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-18 21:37 . 2007-12-18 21:37 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-12-18 20:54 . 2007-12-18 20:54 379 --a------ C:\WINDOWS\ODBC.INI
2007-12-18 20:34 . 2007-12-18 20:34 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-18 20:32 . 2007-12-18 20:34 <DIR> d-------- C:\WINDOWS\ShellNew
2007-12-18 20:26 . 2007-12-18 20:26 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-18 20:23 . 2007-12-18 20:23 134 --a--c--- C:\n.bat
2007-12-18 20:21 . 2007-12-26 22:49 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-18 18:35 . 2007-12-18 18:35 <DIR> d-------- C:\WINDOWS\__SkypeIEToolbar_Cache
2007-12-18 18:24 . 2007-12-18 18:24 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Macrovision
2007-12-18 17:38 . 2007-12-18 17:38 <DIR> d----c--- C:\Documents and Settings\gebruiker\Incomplete
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-17 16:29 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"ares"="C:\Program Files\Ares\Ares.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 02:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 13:00 C:\WINDOWS\system32\bthprops.cpl]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nejarbxl]
nejarbxl.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 00:00]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ADM851X.SYS [2004-10-27 16:05]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows [2007-12-25 21:36]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{caece3a2-ad74-11dc-bc87-00904bcdfe39}]
\Shell\AutoRun\command - G:\setupSNK.exe
*Newly Created Service* - COMHOST
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 22:49:38
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-12-26 22:51:37 - machine was rebooted
.
2007-12-21 15:02:17 --- E O F ---


En dit is de nieuwe hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 22:56:30, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\gebruiker\Mijn documenten\pro\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://zylom.king.com/ctl/kingcomie.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nejarbxl - nejarbxl.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Mijn bureaublad is terug en ik kan weer vrij vlot werken, voorlopig ook geen ongewenste pagina's maar die vreemde bestanden staan nog steeds in mijn documenten, dus ik vermoed dat er nog iets aan de hand is, maar ik ken er niets van. Bedankt alvast om eens te kijken

Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\WINDOWS\system32\wqkfnurf.ini
C:\WINDOWS\system32\riwulexg.ini
C:\WINDOWS\system32\ctleugbg.ini
C:\WINDOWS\system32\immynotw.ini
C:\WINDOWS\system32\fixxvacd.ini
C:\WINDOWS\system32\aqcqmyxm.ini
C:\WINDOWS\system32\libdgdst.ini
C:\WINDOWS\system32\eflleusu.ini
C:\N360_BACKUP
C:\WINDOWS\system32\xgwcgrro.ini
C:\WINDOWS\system32\itteswdk.ini
C:\WINDOWS\system32\dfuvuosi.ini
C:\WINDOWS\system32\fbmimypa.ini
C:\WINDOWS\system32\ootbeqyn.ini
C:\WINDOWS\system32\mvtxxntu.ini
C:\WINDOWS\system32\mulbraic.ini
C:\WINDOWS\system32\avcaghft.ini
C:\WINDOWS\system32\nmdlqpbr.ini
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\WINDOWS\system32\pknxaruv.ini
C:\WINDOWS\system32\gqqqwhwv.ini
C:\WINDOWS\system32\lbeevfve.ini
C:\WINDOWS\system32\cxqnnrnr.dll
C:\WINDOWS\system32\tvycf.tmp
C:\WINDOWS\system32\vbzip10.dll
C:\n.bat
C:\WINDOWS\system32\mcrh.tmp

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nejarbxl]
nejarbxl.dll



Sla dit op op je Bureaublad als CFScript .

Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThis logje.

hey,

Nogmaals bedankt voor de hulp, ik heb dat bestand opgeslaan als CFScript om mijn bureaublad maar ik heb geen combofix icoon om naar te slepen. Kun je mij ook iets vertellen over de aard van het probleem? Is het ernstig? Is het een virus? Gaat mijn systeem crashen?

Hey,

Dit zijn de nieuwe logs:

ComboFix 07-12-21.4 - gebruiker 2007-12-27 0:14:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.110 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\gebruiker\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\gebruiker\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE
C:\n.bat
C:\N360_BACKUP
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\WINDOWS\system32\aqcqmyxm.ini
C:\WINDOWS\system32\avcaghft.ini
C:\WINDOWS\system32\ctleugbg.ini
C:\WINDOWS\system32\cxqnnrnr.dll
C:\WINDOWS\system32\dfuvuosi.ini
C:\WINDOWS\system32\eflleusu.ini
C:\WINDOWS\system32\fbmimypa.ini
C:\WINDOWS\system32\fixxvacd.ini
C:\WINDOWS\system32\gqqqwhwv.ini
C:\WINDOWS\system32\immynotw.ini
C:\WINDOWS\system32\itteswdk.ini
C:\WINDOWS\system32\lbeevfve.ini
C:\WINDOWS\system32\libdgdst.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mulbraic.ini
C:\WINDOWS\system32\mvtxxntu.ini
C:\WINDOWS\system32\nmdlqpbr.ini
C:\WINDOWS\system32\ootbeqyn.ini
C:\WINDOWS\system32\pknxaruv.ini
C:\WINDOWS\system32\riwulexg.ini
C:\WINDOWS\system32\tvycf.tmp
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\wqkfnurf.ini
C:\WINDOWS\system32\xgwcgrro.ini
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\n.bat
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\WINDOWS\system32\aqcqmyxm.ini
C:\WINDOWS\system32\avcaghft.ini
C:\WINDOWS\system32\ctleugbg.ini
C:\WINDOWS\system32\cxqnnrnr.dll
C:\WINDOWS\system32\dfuvuosi.ini
C:\WINDOWS\system32\eflleusu.ini
C:\WINDOWS\system32\fbmimypa.ini
C:\WINDOWS\system32\fixxvacd.ini
C:\WINDOWS\system32\gqqqwhwv.ini
C:\WINDOWS\system32\immynotw.ini
C:\WINDOWS\system32\itteswdk.ini
C:\WINDOWS\system32\lbeevfve.ini
C:\WINDOWS\system32\libdgdst.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mulbraic.ini
C:\WINDOWS\system32\mvtxxntu.ini
C:\WINDOWS\system32\nmdlqpbr.ini
C:\WINDOWS\system32\ootbeqyn.ini
C:\WINDOWS\system32\pknxaruv.ini
C:\WINDOWS\system32\riwulexg.ini
C:\WINDOWS\system32\tvycf.tmp
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\wqkfnurf.ini
C:\WINDOWS\system32\xgwcgrro.ini
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))
.
2007-12-27 00:10 . 2007-12-27 00:10 6,144 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-26 20:54 . 2007-12-26 21:35 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-26 20:54 . 2007-12-26 20:54 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\PC Tools
2007-12-26 20:54 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-26 20:54 . 2007-12-26 21:00 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-26 20:54 . 2007-12-26 21:00 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-26 20:54 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-26 20:54 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-26 15:19 . 2004-08-04 00:55 274,816 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-12-26 15:19 . 2004-08-04 00:55 274,816 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2007-12-26 15:18 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-12-26 15:18 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2007-12-26 00:11 . 2007-12-26 00:11 <DIR> d----c--- C:\Documents and Settings\gebruiker\temp
2007-12-26 00:11 . 2007-12-26 00:11 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\TeamViewer
2007-12-25 20:10 . 2007-12-25 20:10 <DIR> d-------- C:\Program Files\IObit
2007-12-25 20:09 . 2007-12-25 20:09 1,018,691 ---hs---- C:\WINDOWS\system32\btbifkta.ini
2007-12-25 19:33 . 2007-12-25 19:33 <DIR> d-------- C:\Program Files\Xvid
2007-12-25 19:33 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-25 19:33 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-25 19:33 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-12-25 17:28 . 2007-12-25 21:36 7,168 --a------ C:\WINDOWS\system32\windows
2007-12-25 00:35 . 2007-12-25 00:35 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\CyberLink
2007-12-24 18:42 . 2007-12-24 18:42 <DIR> d-------- C:\WINDOWS\Sun
2007-12-24 16:26 . 2007-12-24 16:28 <DIR> d-------- C:\N360_BACKUP
2007-12-23 18:41 . 2007-12-23 18:41 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\Symantec
2007-12-22 20:35 . 2007-12-25 22:44 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\Zylom
2007-12-22 20:34 . 2007-12-22 20:34 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Zylom
2007-12-22 16:45 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-22 16:45 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-22 16:45 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-22 03:01 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-22 01:20 . 2007-12-22 01:20 268 --ah-c--- C:\sqmdata13.sqm
2007-12-22 01:20 . 2007-12-22 01:20 244 --ah-c--- C:\sqmnoopt13.sqm
2007-12-21 23:54 . 2007-12-21 23:54 <DIR> d----c--- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-21 23:19 . 2007-12-21 23:19 268 --ah-c--- C:\sqmdata12.sqm
2007-12-21 23:19 . 2007-12-21 23:19 244 --ah-c--- C:\sqmnoopt12.sqm
2007-12-21 22:41 . 2007-12-23 00:42 <DIR> d-------- C:\Program Files\Norton 360
2007-12-21 22:38 . 2007-12-21 23:39 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-21 22:38 . 2007-12-21 23:39 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-21 22:38 . 2007-12-21 23:39 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-21 22:38 . 2007-12-21 23:39 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-21 22:26 . 2007-12-21 22:26 268 --ah-c--- C:\sqmdata11.sqm
2007-12-21 22:26 . 2007-12-21 22:26 244 --ah-c--- C:\sqmnoopt11.sqm
2007-12-21 22:03 . 2007-12-21 22:03 <DIR> d---s---- C:\Documents and Settings\gebruiker\UserData
2007-12-21 20:56 . 2007-12-21 20:56 268 --ah-c--- C:\sqmdata10.sqm
2007-12-21 20:56 . 2007-12-21 20:56 244 --ah-c--- C:\sqmnoopt10.sqm
2007-12-21 19:42 . 2007-12-21 19:42 <DIR> dr---c--- C:\Documents and Settings\All Users\Application Data\SalesMon
2007-12-21 16:00 . 2007-12-21 16:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-21 15:59 . 2007-12-21 15:59 268 --ah-c--- C:\sqmdata09.sqm
2007-12-21 15:59 . 2007-12-21 15:59 244 --ah-c--- C:\sqmnoopt09.sqm
2007-12-19 22:21 . 2007-12-19 22:21 268 --ah-c--- C:\sqmdata08.sqm
2007-12-19 22:21 . 2007-12-19 22:21 244 --ah-c--- C:\sqmnoopt08.sqm
2007-12-19 20:17 . 2007-12-23 15:22 <DIR> d----c--- C:\Documents and Settings\gebruiker\Contacts
2007-12-19 16:59 . 2007-12-19 16:59 268 --ah-c--- C:\sqmdata07.sqm
2007-12-19 16:59 . 2007-12-19 16:59 244 --ah-c--- C:\sqmnoopt07.sqm
2007-12-19 15:50 . 2007-12-19 15:50 32,408 --a--c--- C:\Documents and Settings\gebruiker\Application Data\GDIPFONTCACHEV1.DAT
2007-12-19 02:02 . 2007-12-19 02:02 268 --ah-c--- C:\sqmdata06.sqm
2007-12-19 02:02 . 2007-12-19 02:02 244 --ah-c--- C:\sqmnoopt06.sqm
2007-12-18 23:47 . 2007-12-18 23:47 268 --ah-c--- C:\sqmdata05.sqm
2007-12-18 23:47 . 2007-12-18 23:47 244 --ah-c--- C:\sqmnoopt05.sqm
2007-12-18 23:38 . 2007-12-18 23:38 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\Nero
2007-12-18 23:32 . 2007-12-21 23:39 <DIR> d-------- C:\Program Files\Symantec
2007-12-18 23:31 . 2007-12-26 22:13 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-18 23:31 . 2007-12-27 00:00 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-18 21:37 . 2007-12-18 21:37 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-12-18 20:54 . 2007-12-18 20:54 379 --a------ C:\WINDOWS\ODBC.INI
2007-12-18 20:34 . 2007-12-18 20:34 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-18 20:32 . 2007-12-18 20:34 <DIR> d-------- C:\WINDOWS\ShellNew
2007-12-18 20:21 . 2007-12-26 22:49 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-18 18:35 . 2007-12-18 18:35 <DIR> d-------- C:\WINDOWS\__SkypeIEToolbar_Cache
2007-12-18 18:24 . 2007-12-18 18:24 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Macrovision
2007-12-18 17:38 . 2007-12-18 17:38 <DIR> d----c--- C:\Documents and Settings\gebruiker\Incomplete
2007-12-18 17:37 . 2007-12-23 20:44 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\LimeWirePlus
2007-12-18 17:36 . 2007-12-18 17:36 <DIR> d-------- C:\Program Files\LimeWire Plus
2007-12-18 17:24 . 2007-12-18 17:24 244 --ah-c--- C:\sqmnoopt04.sqm
2007-12-18 17:24 . 2007-12-18 17:24 232 --ah-c--- C:\sqmdata04.sqm
2007-12-18 17:22 . 2007-12-18 17:22 244 --ah-c--- C:\sqmnoopt03.sqm
2007-12-18 17:22 . 2007-12-18 17:22 232 --ah-c--- C:\sqmdata03.sqm
2007-12-18 17:21 . 2007-12-18 17:21 244 --ah-c--- C:\sqmnoopt02.sqm
2007-12-18 17:21 . 2007-12-18 17:21 232 --ah-c--- C:\sqmdata02.sqm
2007-12-18 17:12 . 2007-12-27 00:10 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-18 14:31 . 2007-12-18 14:31 268 --ah-c--- C:\sqmdata01.sqm
2007-12-18 14:31 . 2007-12-18 14:31 244 --ah-c--- C:\sqmnoopt01.sqm
2007-12-18 14:29 . 2007-12-18 14:29 268 --ah-c--- C:\sqmdata00.sqm
2007-12-18 14:29 . 2007-12-18 14:29 244 --ah-c--- C:\sqmnoopt00.sqm
2007-12-18 14:28 . 2007-12-18 14:28 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\Template
2007-12-18 14:28 . 2007-12-18 14:28 0 --a--c--- C:\Documents and Settings\gebruiker\Application Data\wklnhst.dat
2007-12-18 14:15 . 2007-12-18 14:15 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\Apple Computer
2007-12-18 14:15 . 2007-12-22 01:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-18 14:15 . 2007-12-18 14:15 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-18 14:14 . 2007-12-18 14:14 <DIR> d-------- C:\Program Files\QuickTime
2007-12-18 14:14 . 2007-12-18 14:14 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-18 14:14 . 2007-12-18 14:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-18 14:13 . 2007-12-18 14:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-18 14:13 . 2007-12-18 14:13 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-18 14:11 . 2007-12-18 14:11 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-18 14:11 . 2007-12-18 14:31 <DIR> d----c--- C:\Documents and Settings\gebruiker\Application Data\Skype
2007-12-18 14:11 . 2007-12-18 14:11 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-18 14:09 . 2007-12-18 14:09 <DIR> d-------- C:\Program Files\CyberLink
2007-12-18 14:09 . 2007-12-18 14:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\CyberLink
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-17 16:29 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"ares"="C:\Program Files\Ares\Ares.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 02:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 13:00 C:\WINDOWS\system32\bthprops.cpl]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 00:00]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ADM851X.SYS [2004-10-27 16:05]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows [2007-12-25 21:36]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{caece3a2-ad74-11dc-bc87-00904bcdfe39}]
\Shell\AutoRun\command - G:\setupSNK.exe
*Newly Created Service* - COMHOST
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 00:18:50
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-12-27 0:20:00
C:\ComboFix2.txt ... 2007-12-26 22:51
.
2007-12-21 15:02:17 --- E O F ---


En dit is de hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 0:30:53, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\gebruiker\Mijn documenten\pro\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://zylom.king.com/ctl/kingcomie.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Thanx

Hoi Sixties,


Kun je mij ook iets vertellen over de aard van het probleem? Is het ernstig? Is het een virus? Gaat mijn systeem crashen?
Je had de vundo infectie te pakken!! Heel ernstig is het niet hoor en het is een virus!! Je systeem gaat er niet van crashen hoor!

Dat ziet er nu goed uit.
Hoe werkt alles verder?

Hey,

Alles werkt weer min of meer prima, ik raak weer vlot op internet, mijn programma's draaien vlot en ik ben ook die vervelende opspringende websites kwijt. Hiervoor alvast heel hard bedankt. Het enige wat ik nu nog heb zijn die bestanden in de map mijn documenten, windows media player blokkeert en hierdoor raakt soms mijn pc weer vast. Maar het is weer leefbaar!!

Nogmaals bedankt!

ps: Ik zou graag ook zelf wat meer bijleren over het oplossen van problemen, waar heb je nu precies in die logs gezien waar het probleem was?

Hey,

Het enige wat ik nu nog heb zijn die bestanden in de map mijn documenten,
Kun je die niet verwijderen dan? Al dan niet in veilige mode!


ps: Ik zou graag ook zelf wat meer bijleren over het oplossen van problemen, waar heb je nu precies in die logs gezien waar het probleem was?


Door ieder regeltje die al dan niet voorkomt in de log voorkomt op te zoeken op speciale site's, zien we of het malware is of niet!! Typisch bijjou was dat er geen O2 en O20 regels aanwezig waren en dit wijst op de Vundoinfectie.

Lees hier: http://www.minatica.be/showthread.php?t=39088 hoe en waar je dit kan leren onder het hoofdstuk "opmerking"!

Nu gaan we Combofix de-instaleren!!

Ga naar Start -> Uitvoeren
Typ in: ComboFix /U en druk op OK.

Je hebt nu ook een nieuw Systeemherstel punt die zuiver is.

Combofix is succesvol verwijderd, nogmaals duizend maal dank, mij pc draait weer optimaal en ik heb die bestanden kunnen verwijderen uit de map mijn documenten, het waren er duizenden!! En bedankt voor de tip, ik ga zeker eens kijken naar die pagina om zelf wat bij te leren

Ik heb nog steeds problemen wanneer ik windows media player wil gebruiken, van zodra ik een filmbestand wil afspelen wordt media player een volledig wit scherm en blokkeert alles zodat ik enkel nog de batterij kan uithalen en opnieuw laten opstarten, maar dat is dan ook het enige.

Dit is de laatste nieuwe log:
Logfile of HijackThis v1.99.1
Scan saved at 14:36:17, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\gebruiker\Mijn documenten\pro\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://zylom.king.com/ctl/kingcomie.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Ik zie geen malware meer hoor.
Ik denk je je probleem beter HIER (http://www.minatica.be/forumdisplay.php?f=36) eens voorlegt.

Groet,

Rosty.

Hartelijk bedankt voor alle hulp en vooral juiste en zeer snelle hulp! Ik vind dit super dat jullie zomaar helpen in jullie vrije tijd! Hoezeer ik dit ook op prijs stel, toch hoop ik dat ik jullie hulp nooit meer zal nodig hebben! ;)

Bedankt van mij en mijn laptop!!