Virus, malware etc... Help

[mudsliptones]

Hy,

I just got an infected laptop from my sister. She claims her explorer isn't wortking properly and more slow downs en such things.

Now, I did allot of scans and cleaning...All with the latets definitions off course

I did a NOD32 scan...Came out with some virusses, but is now clean

I then did Spybot search and destroy. It only found the virtumonde virsu, wich couldn't be deleted... I then used a program to delete the virtumonde virus, but the program says it isn't there. LOG

then I ran Malwarebytes - Antimalware
It also gave allot of trash LOG
I ran is again LOG
And one last scan LOG
Finally clean!!!

I then ran Ad Aware
First time LOG
Second time LOG


All clean right
Hopefully

I then finally ran Hijakthis
LOG

So, what more do I have to do??

thx in advance, Hope this post is complete

[Recep]

Hello Mudsliptones,

I'm going to provide you a fix, but my fix must be checked by the experts here, then I'll post it. Be patient please.

Recep

[Recep]

Hello,

1. We need to update your version of Hijackthis to the latest release.
Please find and delete the Hijackthis.exe you already have installed.

Click here to download HijackThis.
Save HJTInstall.exe to your Desktop.
Double click on the HJTInstall.exe icon to start the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis
After the final dialogue box it will launch HijackThis. Close HijackThis for now.

2. Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   -----------------------------------------------------------
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Good luck,
Recep

[mudsliptones]

Alvast bedankt voor de aangeboden hulp (Ik merk net dat dit nederlands forum is . Was blijkbaar niet goed wakker

Enfin
verse highjackthis 2.0.2 log voor de fix: LOG
Log Van de combofix: LOG
Highjackthis log na fix: LOG

bijkomstig iets, krijg dit bij het opstarten. Zou ook malware zijn
http://users.pandora.be/Mudsliptones...s/logs/zus.jpg

[Recep]

Hallo,

Open een nieuw kladblok bestand.

Kopieer en plak daarin de onderstaande dik gedrukte blauwe tekst.
Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.

Folder::
C:\PROGRA~1\MYWEBS~1

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Acer Tour"=-
"eRecoveryService"=-
"MyWebSearch Plugin"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Driver::
CLTNetCnService
MyWebSearchService

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

Succes,
Recep

PS: Je mag je logjes ook gewoon hier posten

[mudsliptones]

Opstartfout is opgelost

combolog:

ComboFix 08-07-01.3 - Renske 2008-07-02 15:07:14.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1176 [GMT 2:00]
Gestart vanuit: C:\Users\Renske\Desktop\ComboFix.exe
Command switches used :: C:\Users\Renske\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-01 10:53 --------- d-----w C:\Program Files\Trend Micro
2008-06-30 13:50 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-30 12:53 91,568 ------w C:\Windows\System32\ovvnpnop.dll
2008-06-30 12:16 --------- d-----w C:\Users\Renske\AppData\Roaming\Malwarebytes
2008-06-30 12:16 --------- d-----w C:\ProgramData\Malwarebytes
2008-06-30 12:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 12:07 --------- d-----w C:\Program Files\Eset
2008-06-28 12:16 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-28 12:16 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-23 18:47 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-12 17:45 --------- d-----w C:\Program Files\Zattoo
2008-05-11 14:27 --------- d-----w C:\Program Files\Windows Live
2008-05-11 14:27 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-11 14:25 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-11 14:25 --------- d-----w C:\Program Files\Windows Live Favorites
2008-05-11 14:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-11 14:12 --------- d-----w C:\ProgramData\WLInstaller
2008-05-08 09:47 --------- d-----w C:\Users\Renske\AppData\Roaming\U3
2008-05-05 14:29 --------- d-----w C:\Users\Renske\AppData\Roaming\vlc
2008-05-05 14:26 --------- d-----w C:\Program Files\VideoLAN
2008-05-05 14:21 --------- d-----w C:\ProgramData\Sony Corporation
2007-09-09 12:58 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-07-01_13.06.37.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 11:04:17 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-02 13:01:39 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-02 13:01:39 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2008-07-02 13:01:39 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2008-07-01 11:04:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-02 13:02:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-02 13:02:02 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2008-07-01 11:04:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-07-02 13:09:06 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-07-02 13:09:06 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
- 2008-07-01 10:59:25 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.da t
+ 2008-07-02 12:54:45 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.da t
- 2008-07-01 10:53:55 104,768 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-02 13:08:52 104,768 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-01 10:53:55 123,842 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-07-02 13:08:53 123,842 ----a-w C:\Windows\System32\perfc013.dat
- 2008-07-01 10:53:55 613,046 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-02 13:08:53 613,046 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-01 10:53:55 692,574 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-07-02 13:08:54 692,574 ----a-w C:\Windows\System32\perfh013.dat
- 2008-07-01 10:51:39 8,522 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2844471780-1270450630-923830078-1000_UserData.bin
+ 2008-07-02 13:04:36 8,816 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2844471780-1270450630-923830078-1000_UserData.bin
- 2008-07-01 10:51:38 83,086 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-07-02 13:04:35 83,452 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2008-07-01 10:51:36 46,902 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2008-07-02 12:50:54 46,910 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35 1196032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 21:00 815104]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 18:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 18:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2006-11-06 18:02 81920]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2007-01-10 11:34 200704]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2006-08-29 09:26 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 14:37 86016]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp. exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 09:01 151552]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-07 16:44 949376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-20 13:19 286720]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 20:57 3784704 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-17 08:46:34 528384]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 06:10:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i263_32.drv
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2844471780-1270450630-923830078-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{C38FA4AF-85DF-4CB8-94E8-E2BB8BFC0A20}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{957DC1A9-7591-49DA-B4E8-9FB6BD786AD7}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{F246C54D-F9EE-4325-B879-02107C570E3B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{F5279FB8-C754-468E-A8D2-9C6AB3582826}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{FE37E09E-AF6F-4E66-9E3C-7B59A659712A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2948CCFF-935C-478A-B46B-C57C9EC715CF}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F11B69A6-7141-4FFC-BAFD-66E625FDD947}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CF53F1C4-E86E-428A-A91E-FBA956C32FBA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2DA0544E-CE12-48F8-A014-BCAF9DD0953F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{74B3DC8E-2A39-4172-AF3E-BE821856F548}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1975F0C0-0F40-4BC7-85D3-28C9C1921E58}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{E9D050ED-50CD-465A-BBE7-95C1182ED844}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F52B0B53-70D9-4D56-A21B-9B39705C6F00}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{D6137A0F-7D84-4D25-93FB-16820AE2D9AE}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{145C7634-FB6C-4215-AAA0-835512C2D017}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C8A25708-3C67-4BEB-9E42-2BD80EC7BEE4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B61BAADA-8040-40A4-A7A0-885B7362AE43}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood
"UDP Query User{6D7E15C7-CBE4-4EE5-BB41-ED2AAE8B15BA}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood
"TCP Query User{B1C99334-3CEE-43B8-9B00-7AE50DAF9132}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe:
"UDP Query User{5E9C3D02-3D92-4B7E-94CF-4C79F491C89F}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe:

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSf su
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled: encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled: decryption

R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.s ys [2003-04-28 11:27]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 19:29]
R3 WisLMSvc;WisLMSvc;"C:\Program Files\Launch Manager\WisLMSvc.exe" [2006-11-17 20:45]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{30e21806-1cc9-11dd-afff-0016d35e694a}]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5a27c793-8dcd-11dc-907f-0016d35e694a}]
\shell\AutoRun\command - F:\setupSNK.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-07-02 13:08:04 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 15:09:34
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2008-07-02 15:10:27
ComboFix-quarantined-files.txt 2008-07-02 13:10:16
ComboFix2.txt 2008-07-01 11:07:06

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Post-Run: 28,532,785,152 bytes beschikbaar

163 --- E O F --- 2007-10-31 08:48:50









Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:41, on 2-7-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ua.ac.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Search - ?p=ZCYYYYYYYYBE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1214204136495
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames...e.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10576 bytes

[Recep]

Hallo,

Je logs zien er goed uit. Heb je nog problemen?

1. Deinstalleer Combofix:
Ga naar start, klik in de zoekbar en typ daar: ComboFix /u en druk op ctrl + shift + enter. Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

2. Rechtsklik Hijackthis en kies voor "Uitvoeren als Administrator", kies daarna voor 'Do a system scan only' en vink onderstaande regels aan:

O8 - Extra context menu item: &Search - ?p=ZCYYYYYYYYBE

Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

3. Download Java Runtime Environment (JRE) 6u6.

• Scroll omlaag naar : Java Runtime Environment (JRE) 6u6
• Klik op de Download knop aan de rechterkant.
• In het uitklapmenu rechts naast Platform, selecteer Windows
• Vink aan: I agree to the Java SE Runtime Environment 6 License Agreement, en klik op Continue.
• De pagina zal herladen.
• Klik op de jre-6u6-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.
• Herstart je PC.

Post dan een nieuw HijackThis logje en vertel me hoe alles gaat.

Succes,
Recep

[mudsliptones]

Alles gedaan wat u zei, laptop lijkt in orde nu. U heeft men zusje blij gemaakt...

Hier is de nieuwe log, moest er nog iets zijn, zegt u het maar:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:06, on 3-7-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ua.ac.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1214204136495
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames...e.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10600 bytes

[Recep]

Hallo,

Je log is schoon.

Om herinfectie te voorkomen kun je deze beveiligingstips doorlezen.

Veel plezier op het net,
Recep

[mudsliptones]

heb net een link gekregen van men zus haar laptop:
http://haar naam.imageswitch.info

blijkbaar toch niet helemaal weg?