Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

"schijven beveiligd tegen schrijven"+"u bent

None
33 antwoorden
  • Hallo, ik heb een probleem met mijn computer, deze werkt onder Windows XP. Norton updates kan ik downloaden maar niet instaleren. "niet bevoegd" Mappen kan ik niet verwijderen. Geluid was weg, Steeds de error “schijven beveiligd tegen schrijven”als je een map wilde verwijderen. ( foto,s of bestanden ). Het begon nadat ik Nero 8 had gekocht en geinstaleerd.

    Dat heb ik uiteindelijk met veel moeite kunnen verwijderen met een backup harde schijf en de image weer terug te zetten met Acronis software. Nero 8 retour winkel. ( Net 2 dagen uit!) Nu heb ik in ieder geval mijn geluid weer terug en normaal uitziende mappen!. Ik kan Dus niet meer mappen verwijderen, dan krijg ik de melding; “u bent niet bevoegd”. Ik denk dat het toch een virus is, of dat de gebruiker gewisseld is op een of andere manier. Norton is pas vernieuwd tot 2008 ( via e-mail gedownload ) download wel updates maar verwerkt ze niet!

    Cc geprobeerd. Hitmanpro geprobeerd. In de veilige mode RO–HKCUSofware\Microsoft\Internet Explorer\Main ect. En de RO-HKLM\Software\Microsoft\Internet Explorer\Main ect.ect. verwijderd. Ook niet echt geholpen! Hierna systeemherstel uitgevoerd omdat mijn e-mail niet meer werkte. Nu zijn mijn mappen opties kleiner geworden en omschrijvingen bij mappen zijn onduidelijker Ik heb nog info in de veilige mode van Hyjack this:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:25:12, on 13-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LVComsX.exe
    C:\Documents and Settings\J. de Brabander\Mijn documenten\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hetnet.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OpwareSE2] "D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Nieuwe map\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Nieuwe map\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe"
    unonce
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "D:\Nieuwe map\osCheck.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - S-1-5-18 Startup: Butler 4012 USB VoIP.lnk = ? (User 'SYSTEM')
    O4 - .DEFAULT Startup: Butler 4012 USB VoIP.lnk = ? (User 'Default user')
    O4 - Startup: Butler 4012 USB VoIP.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/
    O15 - Trusted Zone: *.msn messenger
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


    End of file - 9908 bytes


    Ik kan hier echt geen wijs uit!

    is het misschien beter om weer het bewaard image bestand er overheen te zetten? Omdat na deze ingreep de mappen er wel normaal uitzagen! Alllen zit ik dan nog steeds met "schijven beveiligd tegen schrijven"….

    Ik lees altijd graag het blad Computer totaal en ik hoop dat ik ook op deze manier geholpen kan worden.



    Kunt u mij helpen?



    Vriendelijke groet,



    Jack de Brabander
  • Kijk eens of het lukt een nieuwe account met volledige rechten aan te maken. Daarmee inloggen en zien of dat uitmaakt.
  • bedankt voor je reactie, ik zal het proberen. kan helaas nog geen verbinding krijgen op deze nieuwe account naar hetnet. De nieuwe account is ook volledig leeg in het bureablad.

    groeten,

    jack
  • Het Hijackthis logje is gemaakt in Veilige modus, kun je eens een logje maken in normale modus?
  • Bedankt voor je reactie!

    Dit is in de normale mode:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:05:21, on 14-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\QuickTime\qttask.exe
    D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
    D:\Nieuwe map\TrueImageMonitor.exe
    D:\Nieuwe map\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\TOPCOM\BULTER 4012\Butler 4012 USB VoIP.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\ASUSKBService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hetnet.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OpwareSE2] "D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Nieuwe map\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Nieuwe map\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe"
    unonce
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "D:\Nieuwe map\osCheck.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: Butler 4012 USB VoIP.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/
    O15 - Trusted Zone: *.msn messenger
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


    End of file - 10863 bytes


    groeten,

    jack
  • hallo, hier heb ik nog meer info van Hyjackthis. Ik hoop dat iemand mij kan helpen. In de nieuwe account kan ik geen internet verbinding maken en zijn er geen mappen gevuld zoals bij mijn eerste account. Wat doe ik verkeerd? Norton is niet in staat in mijn oude account om de gegevens te verwerken. "error, neem contact op met Symatec". Maar ook daar kan ik het verwijdertool niet van instaleren. Wederom "error, neem contact op met Symatec". Verwijderen lukt niet, bij geen enkele map. "niet bevoegd tot". Ik weet het niet meer…..Ik hoop dat iemand mij kan helpen!

    groeten, jack

    Hier is de info van Hyjackthis:



    Comparison of your HijackThis log file items to others
    The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.

    Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.


    Index % of PCs with item Code Data
    1 0.0% O14 START_PAGE_URL=http://www.hetnet.nl/
    2 0.0% O15 *.msn messenger
    3 1.8% O16 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    4 0.3% O16 {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    5 0.2% O16 {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    6 0.2% O16 {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    7 0.1% O16 {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    8 1.4% O18 skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    9 3.7% O2 (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    10 2.5% O2 Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    11 0.7% O2 Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    12 0.0% O2 Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    13 0.0% O2 SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    14 0.0% O2 NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    15 0.0% O2 Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    16 0.0% O20 MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
    17 5.4% O23 NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    18 5.1% O23 Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    19 4.2% O23 Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    20 4.1% O23 InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    21 2.7% O23 ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    22 0.9% O23 iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    23 0.5% O23 ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    24 0.3% O23 Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    25 0.3% O23 Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    26 0.1% O23 SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    27 0.1% O23 B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    28 0.0% O23 ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
    29 0.0% O23 Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    30 0.0% O23 NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    31 0.0% O23 DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
    32 0.0% O23 Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    33 0.0% O23 PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Nieuwe map\Spyware Doctor\svcntaux.exe
    34 0.0% O23 PC Tools Security Service (sdCoreService) - PC Tools - D:\Nieuwe map\Spyware Doctor\swdsvc.exe
    35 0.0% O23 PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Nieuwe map\Spyware Doctor\sdhelp.exe
    36 0.7% O3 &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    37 0.0% O3 Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    38 0.0% O3 Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Toolband.dll
    39 14.3% O4 [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    40 6.4% O4 [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    41 5.6% O4 [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    42 4.0% O4 [nwiz] nwiz.exe /install
    43 2.9% O4 [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    44 2.6% O4 [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    45 1.0% O4 [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    46 0.7% O4 [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    47 0.6% O4 [Logitech Utility] Logi_MwX.Exe
    48 0.3% O4 [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    49 0.2% O4 [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    50 0.2% O4 [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    51 0.1% O4 [Spyware Doctor] (User 'SYSTEM')
    52 0.1% O4 [Spyware Doctor] (User 'Default user')
    53 0.0% O4 [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
    54 0.0% O4 [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    55 0.0% O4 [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    56 0.0% O4 [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe"
    unonce
    57 0.0% O4 Butler 4012 USB VoIP.lnk = ?
    58 0.0% O4 [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    59 0.0% O4 [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    60 0.0% O4 [OpwareSE2] "D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe"
    61 0.0% O4 [TrueImageMonitor.exe] D:\Nieuwe map\TrueImageMonitor.exe
    62 0.0% O4 [AcronisTimounterMonitor] D:\Nieuwe map\TimounterMonitor.exe
    63 0.0% O4 [osCheck] "D:\Nieuwe map\osCheck.exe"
    64 0.1% O8 E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    65 0.0% O8 Easy-WebPrint Add To Print List - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_AddToList.html
    66 0.0% O8 Easy-WebPrint High Speed Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    67 0.0% O8 Easy-WebPrint Preview - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Preview.html
    68 0.0% O8 Easy-WebPrint Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Print.html
    69 11.5% O9 Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    70 11.3% O9 Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    71 0.2% O9 Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    72 0.0% O9 Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    73 0.0% O9 Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    74 0.0% O9 RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk
    75 0.0% O9 (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    76 0.0% O9 Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    77 0.0% O9 Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\NIEUWE~1\Spyware Doctor\tools\iesdpb.dll
    78 22.3% P01 C:\WINDOWS\Explorer.EXE
    79 21.8% P01 C:\WINDOWS\system32\svchost.exe
    80 21.8% P01 C:\WINDOWS\system32\lsass.exe
    81 21.8% P01 C:\WINDOWS\system32\winlogon.exe
    82 21.8% P01 C:\WINDOWS\system32\services.exe
    83 21.7% P01 C:\WINDOWS\System32\smss.exe
    84 20.9% P01 C:\WINDOWS\system32\spoolsv.exe
    85 15.1% P01 C:\WINDOWS\system32\ctfmon.exe
    86 5.3% P01 C:\WINDOWS\system32\Ati2evxx.exe
    87 4.7% P01 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    88 4.0% P01 C:\Program Files\QuickTime\qttask.exe
    89 2.5% P01 C:\WINDOWS\system32\csrss.exe
    90 1.8% P01 C:\WINDOWS\system32\wbem\wmiprvse.exe
    91 1.2% P01 C:\WINDOWS\system32\msiexec.exe
    92 0.9% P01 C:\Program Files\Skype\Phone\Skype.exe
    93 0.9% P01 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    94 0.8% P01 C:\WINDOWS\system32\LVCOMSX.EXE
    95 0.6% P01 C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    96 0.5% P01 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    97 0.3% P01 C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    98 0.3% P01 C:\Program Files\Canon\CAL\CALMAIN.exe
    99 0.3% P01 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    100 0.3% P01 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    101 0.2% P01 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    102 0.2% P01 C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
    103 0.2% P01 C:\WINDOWS\system32\UAService7.exe
    104 0.1% P01 C:\WINDOWS\system32\bgsvcgen.exe
    105 0.0% P01 C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
    106 0.0% P01 c:\WINDOWS\ASUSKBService.exe
    107 0.0% P01 C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    108 0.0% P01 C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
    109 0.0% P01 C:\Program Files\TOPCOM\BULTER 4012\Butler 4012 USB VoIP.exe
    110 0.0% P01 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    111 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    112 0.0% P01 D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe
    113 0.0% P01 D:\Nieuwe map\TrueImageMonitor.exe
    114 0.0% P01 D:\Nieuwe map\TimounterMonitor.exe
    115 0.0% P01 C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe
    116 0.5% R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    117 0.7% R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    118 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/
    119 0.0% R1 HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hetnet.nl/
    120 1.1% R3 Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    Explanation of the codes

    R - Registry, StartPage/SearchPage changes


    R0 - Changed registry value
    R1 - Created registry value
    R2 - Created registry key
    R3 - Created extra registry value where only one should be

    F - IniFiles, autoloading entries


    F0 - Changed inifile value
    F1 - Created inifile value
    F2 - Changed inifile value, mapped to Registry
    F3 - Created inifile value, mapped to Registry

    N - Netscape/Mozilla StartPage/SearchPage changes


    N1 - Change in prefs.js of Netscape 4.x
    N2 - Change in prefs.js of Netscape 6
    N3 - Change in prefs.js of Netscape 7
    N4 - Change in prefs.js of Mozilla

    O - Other, several sections which represent:


    O1 - Hijack of auto.search.msn.com with Hosts file
    O2 - Enumeration of existing MSIE BHO's
    O3 - Enumeration of existing MSIE toolbars
    O4 - Enumeration of suspicious autoloading Registry entries
    O5 - Blocking of loading Internet Options in Control Panel
    O6 - Disabling of 'Internet Options' Main tab with Policies
    O7 - Disabling of Regedit with Policies
    O8 - Extra MSIE context menu items
    O9 - Extra 'Tools' menuitems and buttons
    O10 - Breaking of Internet access by New.Net or WebHancer
    O11 - Extra options in MSIE 'Advanced' settings tab
    O12 - MSIE plugins for file extensions or MIME types
    O13 - Hijack of default URL prefixes
    O14 - Changing of IERESET.INF
    O15 - Trusted Zone Autoadd
    O16 - Download Program Files item
    O17 - Domain hijack
    O18 - Enumeration of existing protocols and filters
    O19 - User stylesheet hijack
    O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
    O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
    O22 - SharedTaskScheduler autorun Registry key
    O23 - Enumeration of NT Services
    O24 - Enumeration of ActiveX Desktop Components
  • Ga naar start –> uitvoeren en typ daar: [b:e3613514dd]sfc /scannow[/b:e3613514dd]
    Meer info over scannow: http://www.updatexp.com/scannow-sfc.html

    Daarna:

    Download Combofix naar je [b:e3613514dd]bureaublad[/b:e3613514dd]

    Dubbelklik op [u:e3613514dd]combofix.exe[/u:e3613514dd]
    Kies voor "Continue" door [b:e3613514dd]1[/b:e3613514dd] te typen gevolgd door [b:e3613514dd]ENTER[/b:e3613514dd].
    Tijdens het runnen van de fix, [b:e3613514dd]NIET[/b:e3613514dd] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:e3613514dd]combofix.txt[/b:e3613514dd] openen. Bewaar dit logje.

    [i:e3613514dd]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:e3613514dd]

    Plaats in je volgende antwoord het logje van combofix ([i:e3613514dd]combofix.txt[/i:e3613514dd])
  • Hallo,

    Bedankt voor uw reactie!

    Ik heb Scannow onderzoek laten doen op mijn computer met als resultaat: "679 found + 679 Restricted" dat volgens mij betekend dat het software programma niets kon uitrichten? Met Combofix ging het beter, ondanks dat Windows het programma af wilde sluiten met een "in Sed.cfexe is een fout opgetreden en moet worden afgesloten", maakte Combofix het logje af!

    Hier het Combofix.txt logje:

    ComboFix 07-10-12.4 - J. de Brabander 2007-10-15 22:31:02.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1976 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))
    .

    2007-10-15 22:30 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-14 21:10 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\AdwareAlert
    2007-10-14 20:04 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
    2007-10-14 20:04 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
    2007-10-14 19:34 <DIR> d——– C:\temp\Tmp___553
    2007-10-14 19:34 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\PC Tools
    2007-10-14 19:34 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-14 19:34 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-10-14 19:34 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-14 19:34 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-14 19:34 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-14 19:34 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-10-13 17:43 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Application Data\ATI
    2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Sjablonen
    2007-10-13 17:31 <DIR> dr-h—– C:\Documents and Settings\Jack de Brabander\Onlangs geopend
    2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Mijn documenten
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Menu Start
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Favorieten
    2007-10-13 17:31 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Bureaublad
    2007-10-13 11:54 <DIR> d——– C:\Hitman Pro
    2007-10-13 11:13 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-13 10:09 584,192 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-12 20:26 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-10-12 20:20 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\LimeWire
    2007-10-06 15:44 <DIR> d——– C:\Program Files\Windows Sidebar
    2007-10-06 15:42 123,952 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-10-06 15:42 60,800 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2007-10-06 14:59 <DIR> d——– C:\Documents and Settings\All Users\Symantec Temporary Files
    2007-10-02 16:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Tages
    2007-09-29 12:20 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
    2007-09-29 12:20 2,414,360 –a—— C:\WINDOWS\system32\d3dx9_31.dll
    2007-09-20 19:47 42,752 ——— C:\WINDOWS\system32\drivers\ser2pl.sys
    2007-09-18 14:43 317,616 –a—— C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 14:43 278,576 –a—— C:\WINDOWS\system32\drivers\srtsp.sys
    2007-09-18 14:43 43,696 –a—— C:\WINDOWS\system32\drivers\srtspx.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-15 20:07 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Skype
    2007-10-14 18:34 ——— d—–w C:\Program Files\Yahoo!
    2007-10-14 18:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-14 18:05 ——— d—–w C:\Program Files\SpywareBlaster
    2007-10-13 10:50 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-13 10:48 ——— d—–w C:\Program Files\Symantec
    2007-10-13 10:24 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2007-10-06 15:04 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-06 15:04 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-06 13:45 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Symantec
    2007-10-02 20:25 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Canon
    2007-10-02 14:04 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX
    2007-09-29 11:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-23 18:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2007-09-19 09:22 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-09-18 19:37 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 12:44 10,658 —-a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 12:44 1,430 —-a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 12:44 1,421 —-a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 12:44 1,415 —-a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-11 17:14 ——— d—–w C:\Program Files\Microsoft Encarta
    2007-09-10 17:07 ——— d—–w C:\Program Files\CBS
    2007-09-09 09:10 ——— d—–w C:\Documents and Settings\Administrator\Application Data\ATI
    2007-09-02 20:52 ——— d—–w C:\Program Files\Ahead
    2007-09-02 20:50 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Ahead
    2007-09-02 20:49 ——— d—–w C:\Documents and Settings\All Users\Application Data\Ahead
    2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-SAL
    2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-GfxDatas
    2007-08-29 12:18 577,928 —-a-w C:\WINDOWS\system32\SymNeti.dll
    2007-08-28 16:01 ——— d—–w C:\Program Files\Common Files\YDP
    2007-08-24 12:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-08-24 12:23 ——— d—–w C:\Program Files\DivX
    2007-08-23 15:57 207,240 —-a-w C:\WINDOWS\system32\SymRedir.dll
    2007-08-23 12:46 ——— d—–w C:\Program Files\Skype
    2007-08-23 12:46 ——— d—–w C:\Program Files\Common Files\Skype
    2007-08-23 12:46 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
    2007-08-23 11:53 ——— d—–w C:\Program Files\Java
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-06-25 15:31 81,920 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe
    2007-06-25 15:31 47,360 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys
    2006-09-18 08:09 284 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    2007-08-24 21:51 316784 –a—— C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    2007-10-06 15:44 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

    [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

    [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
    "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49]
    "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
    "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08]
    "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23]
    "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56]
    "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12]
    "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07]
    "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53]
    "RegistryMechanic"="" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Start WingMan Profiler"="" []
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"=0 (0x0)
    "NoTrayItemsDisplay"=0 (0x0)
    "NoRecentDocsHistory"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\MacDrive-iTunes compatibility]
    C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
    backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
    backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
    backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "D:\Nieuwe map\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
    D:\Nieuwe map\olympus master software\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    C:\Program Files\Logitech\iTouch\iTouch.exe

    R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys
    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
    R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys
    R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
    R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
    S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
    S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys
    S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
    S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
    S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-14 19:10:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
    - C:\Program Files\AdwareAlert\AdwareAlert.exe
    "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job"
    - D:\Nieuwe map\Norton AntiVirus\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-15 22:34:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-15 22:35:24
    .
    — E O F —

    Downloads van Symatic worden ook niet verwerkt. Met een speciale tool van Symatic het bestand te verwijderen, met de bedoeling om het software programma van Symatic opnieuw te instaleren is ook niet mogelijk. Ik krijg steeds "error". Of is het beter om een ding te gelijk te bekijken?

    Groeten, Jack
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:0c0a3812c0]
    Registry::
    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [/b:0c0a3812c0]
    Sla dit op op je Bureaublad als [b:0c0a3812c0]CFScript.txt[/b:0c0a3812c0]

    Sleep [b:0c0a3812c0]CFScript.txt[/b:0c0a3812c0] in [b:0c0a3812c0]ComboFix.exe[/b:0c0a3812c0] zoals getoond in onderstaand voorbeeld :

    [img:0c0a3812c0]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:0c0a3812c0]

    Dit zal [b:0c0a3812c0]ComboFix[/b:0c0a3812c0] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:0c0a3812c0]Combofix.txt[/b:0c0a3812c0] in je volgende antwoord

    Download Dial-a-fix via
    http://wiki.djlizard.net/Dial-a-fix#Standard_version

    Start Dial-A-Fix en in het hoofd-venster vink je alles aan en klik onderaan op 'Go'
    Laat het tooltje zijn werk doen en herstart je pc, kijk of het dan gebeterd is.
  • Hallo,

    bedankt voor je reactie!

    Ik hoop dat dit het goede bestand is?

    De andere suggestie zal ik hierna uitvoeren.

    groeten,

    jack

    ComboFix 07-10-12.4 - J. de Brabander 2007-10-16 0:26:32.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1886 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe
    Command switches used :: C:\Documents and Settings\J. de Brabander\Bureaublad\CFScript.txt.lnk
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))
    .

    2007-10-15 22:30 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-14 21:10 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\AdwareAlert
    2007-10-14 20:04 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
    2007-10-14 20:04 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
    2007-10-14 19:34 <DIR> d——– C:\temp\Tmp___553
    2007-10-14 19:34 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\PC Tools
    2007-10-14 19:34 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-14 19:34 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-10-14 19:34 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-14 19:34 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-14 19:34 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-14 19:34 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-10-13 17:43 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Application Data\ATI
    2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Sjablonen
    2007-10-13 17:31 <DIR> dr-h—– C:\Documents and Settings\Jack de Brabander\Onlangs geopend
    2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Mijn documenten
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Menu Start
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Favorieten
    2007-10-13 17:31 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Bureaublad
    2007-10-13 11:54 <DIR> d——– C:\Hitman Pro
    2007-10-13 11:13 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-13 10:09 584,192 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-12 20:26 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-10-12 20:20 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\LimeWire
    2007-10-06 15:44 <DIR> d——– C:\Program Files\Windows Sidebar
    2007-10-06 15:42 123,952 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-10-06 15:42 60,800 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2007-10-06 14:59 <DIR> d——– C:\Documents and Settings\All Users\Symantec Temporary Files
    2007-10-02 16:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Tages
    2007-09-29 12:20 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
    2007-09-29 12:20 2,414,360 –a—— C:\WINDOWS\system32\d3dx9_31.dll
    2007-09-20 19:47 42,752 ——— C:\WINDOWS\system32\drivers\ser2pl.sys
    2007-09-18 14:43 317,616 –a—— C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 14:43 278,576 –a—— C:\WINDOWS\system32\drivers\srtsp.sys
    2007-09-18 14:43 43,696 –a—— C:\WINDOWS\system32\drivers\srtspx.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-15 21:52 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Skype
    2007-10-15 21:35 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX
    2007-10-14 18:34 ——— d—–w C:\Program Files\Yahoo!
    2007-10-14 18:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-14 18:05 ——— d—–w C:\Program Files\SpywareBlaster
    2007-10-13 10:50 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-13 10:48 ——— d—–w C:\Program Files\Symantec
    2007-10-13 10:24 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2007-10-06 15:04 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-06 15:04 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-06 13:45 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Symantec
    2007-10-02 20:25 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Canon
    2007-09-29 11:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-23 18:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2007-09-19 09:22 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-09-18 19:37 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 12:44 10,658 —-a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 12:44 1,430 —-a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 12:44 1,421 —-a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 12:44 1,415 —-a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-11 17:14 ——— d—–w C:\Program Files\Microsoft Encarta
    2007-09-10 17:07 ——— d—–w C:\Program Files\CBS
    2007-09-09 09:10 ——— d—–w C:\Documents and Settings\Administrator\Application Data\ATI
    2007-09-02 20:52 ——— d—–w C:\Program Files\Ahead
    2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-SAL
    2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-GfxDatas
    2007-08-29 12:18 577,928 —-a-w C:\WINDOWS\system32\SymNeti.dll
    2007-08-28 16:01 ——— d—–w C:\Program Files\Common Files\YDP
    2007-08-24 12:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-08-24 12:23 ——— d—–w C:\Program Files\DivX
    2007-08-23 15:57 207,240 —-a-w C:\WINDOWS\system32\SymRedir.dll
    2007-08-23 12:46 ——— d—–w C:\Program Files\Skype
    2007-08-23 12:46 ——— d—–w C:\Program Files\Common Files\Skype
    2007-08-23 12:46 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
    2007-08-23 11:53 ——— d—–w C:\Program Files\Java
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-06-25 15:31 81,920 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe
    2007-06-25 15:31 47,360 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys
    2006-09-18 08:09 284 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    2007-08-24 21:51 316784 –a—— C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    2007-10-06 15:44 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

    [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

    [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
    "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49]
    "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
    "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08]
    "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23]
    "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56]
    "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12]
    "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07]
    "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53]
    "RegistryMechanic"="" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Start WingMan Profiler"="" []
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"=0 (0x0)
    "NoTrayItemsDisplay"=0 (0x0)
    "NoRecentDocsHistory"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\MacDrive-iTunes compatibility]
    C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
    backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
    backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
    backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "D:\Nieuwe map\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
    D:\Nieuwe map\olympus master software\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    C:\Program Files\Logitech\iTouch\iTouch.exe

    R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys
    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
    R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys
    R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
    S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
    S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys
    S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
    S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
    S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
    S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-14 19:10:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
    - C:\Program Files\AdwareAlert\AdwareAlert.exe
    "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job"
    - D:\Nieuwe map\Norton AntiVirus\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-16 00:27:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-16 0:28:30
    C:\ComboFix2.txt … 2007-10-15 22:35
    .
    — E O F —
  • Hoi Jack,

    Het is niet helemaal goed gegaan, je hebt nu het tekstbestandje opgeslagen als een snelkoppeling: CFScript.txt.lnk

    Lees bovenstaande instructies nog eens door en probeer het nog eens;)
    Probeer Dial-a-fix ook nog eens.
  • Hallo,

    Het leek mij ook niet zo moeilijk! Maar ik weet niet of dit dan wel goed is? of de volgende? Dus 2 keer hier neergezet. De computer gaf weer de melding "fout in Sed.cfexe opgetreden en moet worden afgesloten".
    Ik hoor wel of het nu wel goed was?Als ik CFScript.txt intik bij opslaan als voor bureablad staat er op het bureaublad CFScript en niet met txt erbij. De Dial a Fix. leverde geen resultaat op. Nog steeds dezelfde problemen. Zal het nog een keer proberen!

    groeten,

    jack

    ComboFix 07-10-12.4 - J. de Brabander 2007-10-16 17:58:45.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.2023 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe
    Command switches used :: C:\Documents and Settings\J. de Brabander\Bureaublad\CFScript.txt.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))
    .

    2007-10-16 00:46 <DIR> d——– C:\WINDOWS\system32\CatRoot2
    2007-10-15 22:30 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-14 21:10 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\AdwareAlert
    2007-10-14 20:04 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
    2007-10-14 20:04 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
    2007-10-14 19:34 <DIR> d——– C:\temp\Tmp___553
    2007-10-14 19:34 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\PC Tools
    2007-10-14 19:34 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-14 19:34 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-10-14 19:34 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-14 19:34 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-14 19:34 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-14 19:34 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-10-13 17:43 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Application Data\ATI
    2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Sjablonen
    2007-10-13 17:31 <DIR> dr-h—– C:\Documents and Settings\Jack de Brabander\Onlangs geopend
    2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Mijn documenten
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Menu Start
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Favorieten
    2007-10-13 17:31 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Bureaublad
    2007-10-13 11:54 <DIR> d——– C:\Hitman Pro
    2007-10-13 11:13 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-13 10:09 584,192 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-12 20:26 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-10-12 20:20 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\LimeWire
    2007-10-06 15:44 <DIR> d——– C:\Program Files\Windows Sidebar
    2007-10-06 15:42 123,952 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-10-06 15:42 60,800 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2007-10-06 14:59 <DIR> d——– C:\Documents and Settings\All Users\Symantec Temporary Files
    2007-10-02 16:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Tages
    2007-09-29 12:20 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
    2007-09-29 12:20 2,414,360 –a—— C:\WINDOWS\system32\d3dx9_31.dll
    2007-09-20 19:47 42,752 ——— C:\WINDOWS\system32\drivers\ser2pl.sys
    2007-09-18 14:43 317,616 –a—— C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 14:43 278,576 –a—— C:\WINDOWS\system32\drivers\srtsp.sys
    2007-09-18 14:43 43,696 –a—— C:\WINDOWS\system32\drivers\srtspx.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-16 15:48 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Skype
    2007-10-15 21:35 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX
    2007-10-14 18:34 ——— d—–w C:\Program Files\Yahoo!
    2007-10-14 18:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-14 18:05 ——— d—–w C:\Program Files\SpywareBlaster
    2007-10-13 10:50 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-13 10:48 ——— d—–w C:\Program Files\Symantec
    2007-10-13 10:24 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2007-10-06 15:04 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-06 15:04 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-06 13:45 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Symantec
    2007-10-02 20:25 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Canon
    2007-09-29 11:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-23 18:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2007-09-19 09:22 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-09-18 19:37 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 12:44 10,658 —-a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 12:44 1,430 —-a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 12:44 1,421 —-a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 12:44 1,415 —-a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-11 17:14 ——— d—–w C:\Program Files\Microsoft Encarta
    2007-09-10 17:07 ——— d—–w C:\Program Files\CBS
    2007-09-09 09:10 ——— d—–w C:\Documents and Settings\Administrator\Application Data\ATI
    2007-09-02 20:52 ——— d—–w C:\Program Files\Ahead
    2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-SAL
    2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-GfxDatas
    2007-08-29 12:18 577,928 —-a-w C:\WINDOWS\system32\SymNeti.dll
    2007-08-28 16:01 ——— d—–w C:\Program Files\Common Files\YDP
    2007-08-24 12:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-08-24 12:23 ——— d—–w C:\Program Files\DivX
    2007-08-23 15:57 207,240 —-a-w C:\WINDOWS\system32\SymRedir.dll
    2007-08-23 12:46 ——— d—–w C:\Program Files\Skype
    2007-08-23 12:46 ——— d—–w C:\Program Files\Common Files\Skype
    2007-08-23 12:46 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
    2007-08-23 11:53 ——— d—–w C:\Program Files\Java
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-06-25 15:31 81,920 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe
    2007-06-25 15:31 47,360 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys
    2006-09-18 08:09 284 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-15_22.34.58,73 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-10-15 22:15:23 1,926,248 —-a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat
    + 2007-10-15 22:15:23 1,926,248 —-a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat.bak
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    2007-08-24 21:51 316784 –a—— C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    2007-10-06 15:44 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
    "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49]
    "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
    "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08]
    "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23]
    "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56]
    "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12]
    "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07]
    "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53]
    "RegistryMechanic"="" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Start WingMan Profiler"="" []
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"=0 (0x0)
    "NoTrayItemsDisplay"=0 (0x0)
    "NoRecentDocsHistory"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\MacDrive-iTunes compatibility]
    C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
    backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
    backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
    backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "D:\Nieuwe map\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
    D:\Nieuwe map\olympus master software\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    C:\Program Files\Logitech\iTouch\iTouch.exe

    R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys
    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
    R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys
    R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
    S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
    S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys
    S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
    S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
    S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
    S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-14 19:10:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
    - C:\Program Files\AdwareAlert\AdwareAlert.exe
    "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job"
    - D:\Nieuwe map\Norton AntiVirus\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-16 18:00:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-16 18:01:04
    C:\ComboFix2.txt … 2007-10-16 00:28
    C:\ComboFix3.txt … 2007-10-15 22:35
    .
    — E O F —
    Of deze uitvoering?:

    ComboFix 07-10-12.4 - J. de Brabander 2007-10-16 18:07:46.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1923 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe
    Command switches used :: C:\Documents and Settings\J. de Brabander\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))
    .

    2007-10-16 00:46 <DIR> d——– C:\WINDOWS\system32\CatRoot2
    2007-10-15 22:30 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-14 21:10 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\AdwareAlert
    2007-10-14 20:04 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
    2007-10-14 20:04 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
    2007-10-14 19:34 <DIR> d——– C:\temp\Tmp___553
    2007-10-14 19:34 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\PC Tools
    2007-10-14 19:34 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-14 19:34 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-10-14 19:34 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-14 19:34 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-14 19:34 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-14 19:34 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-10-13 17:43 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Application Data\ATI
    2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Sjablonen
    2007-10-13 17:31 <DIR> dr-h—– C:\Documents and Settings\Jack de Brabander\Onlangs geopend
    2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Mijn documenten
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Menu Start
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Favorieten
    2007-10-13 17:31 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Bureaublad
    2007-10-13 11:54 <DIR> d——– C:\Hitman Pro
    2007-10-13 11:13 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-13 10:09 584,192 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-12 20:26 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-10-12 20:20 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\LimeWire
    2007-10-06 15:44 <DIR> d——– C:\Program Files\Windows Sidebar
    2007-10-06 15:42 123,952 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-10-06 15:42 60,800 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2007-10-06 14:59 <DIR> d——– C:\Documents and Settings\All Users\Symantec Temporary Files
    2007-10-02 16:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Tages
    2007-09-29 12:20 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
    2007-09-29 12:20 2,414,360 –a—— C:\WINDOWS\system32\d3dx9_31.dll
    2007-09-20 19:47 42,752 ——— C:\WINDOWS\system32\drivers\ser2pl.sys
    2007-09-18 14:43 317,616 –a—— C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 14:43 278,576 –a—— C:\WINDOWS\system32\drivers\srtsp.sys
    2007-09-18 14:43 43,696 –a—— C:\WINDOWS\system32\drivers\srtspx.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-16 15:48 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Skype
    2007-10-15 21:35 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX
    2007-10-14 18:34 ——— d—–w C:\Program Files\Yahoo!
    2007-10-14 18:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-14 18:05 ——— d—–w C:\Program Files\SpywareBlaster
    2007-10-13 10:50 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-13 10:48 ——— d—–w C:\Program Files\Symantec
    2007-10-13 10:24 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2007-10-06 15:04 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-06 15:04 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-06 13:45 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Symantec
    2007-10-02 20:25 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Canon
    2007-09-29 11:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-23 18:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2007-09-19 09:22 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-09-18 19:37 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 12:44 10,658 —-a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 12:44 1,430 —-a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 12:44 1,421 —-a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 12:44 1,415 —-a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-11 17:14 ——— d—–w C:\Program Files\Microsoft Encarta
    2007-09-10 17:07 ——— d—–w C:\Program Files\CBS
    2007-09-09 09:10 ——— d—–w C:\Documents and Settings\Administrator\Application Data\ATI
    2007-09-02 20:52 ——— d—–w C:\Program Files\Ahead
    2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-SAL
    2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-GfxDatas
    2007-08-29 12:18 577,928 —-a-w C:\WINDOWS\system32\SymNeti.dll
    2007-08-28 16:01 ——— d—–w C:\Program Files\Common Files\YDP
    2007-08-24 12:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-08-24 12:23 ——— d—–w C:\Program Files\DivX
    2007-08-23 15:57 207,240 —-a-w C:\WINDOWS\system32\SymRedir.dll
    2007-08-23 12:46 ——— d—–w C:\Program Files\Skype
    2007-08-23 12:46 ——— d—–w C:\Program Files\Common Files\Skype
    2007-08-23 12:46 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
    2007-08-23 11:53 ——— d—–w C:\Program Files\Java
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-06-25 15:31 81,920 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe
    2007-06-25 15:31 47,360 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys
    2006-09-18 08:09 284 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-15_22.34.58,73 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-10-15 22:15:23 1,926,248 —-a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat
    + 2007-10-15 22:15:23 1,926,248 —-a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat.bak
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    2007-08-24 21:51 316784 –a—— C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    2007-10-06 15:44 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
    "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49]
    "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
    "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08]
    "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23]
    "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56]
    "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12]
    "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07]
    "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53]
    "RegistryMechanic"="" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Start WingMan Profiler"="" []
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"=0 (0x0)
    "NoTrayItemsDisplay"=0 (0x0)
    "NoRecentDocsHistory"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\MacDrive-iTunes compatibility]
    C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
    backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
    backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
    backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "D:\Nieuwe map\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
    D:\Nieuwe map\olympus master software\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    C:\Program Files\Logitech\iTouch\iTouch.exe

    R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys
    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
    R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys
    R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
    S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
    S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys
    S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
    S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
    S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
    S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-14 19:10:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
    - C:\Program Files\AdwareAlert\AdwareAlert.exe
    "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job"
    - D:\Nieuwe map\Norton AntiVirus\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-16 18:08:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-16 18:09:35
    .
    — E O F —
  • Het is nog steeds niet helemaal goed gegaan op de een of andere manier, we lossen
    het even anders op. Lees de instructies goed door!

    Ik zie dat je het programma AdwareAlert hebt geinstalleerd,
    ik raad je aan deze te deinstalleren vanwege een dubieuze reputatie,
    lees ook dit: http://castlecops.com/s9265-AdwareAlert_Exe.html

    Kopieer onderstaande code in de codebox in een leeg kladblok venster:
    [i:f2118919ab](vergeet REGEDIT4 niet mee te kopieeren!) [/i:f2118919ab]

    [code:1:f2118919ab]
    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
    [/code:1:f2118919ab]

    la deze op als [b:f2118919ab]fixreg.reg[/b:f2118919ab] en geef als type "[b:f2118919ab]Alle bestanden[/b:f2118919ab]"
    Wanneer je hem hebt opgeslagen ziet het icoontje als volgt eruit:
    [img:f2118919ab]http://users.telenet.be/bluepatchy/miekiemoes/images
    eg.gif[/img:f2118919ab]

    Dubbelklik vervolgens op [b:f2118919ab]fixreg.reg[/b:f2118919ab].
    Bij de vraag of je de wijzigingen aan het register wil toevoegen zeg [b:f2118919ab]Ja/Ok[/b:f2118919ab]

    Herstart je PC.

    Maak een nieuw Combofixlog en Hijackthis logje en post deze in je volgende bericht.

    Pim
  • Hallo Pim,

    Ik weet niet precies wat je bedoeld met "vergeet REGIDIT4 niet er in te zetten". Waar staat deze REGEDIT4 dan? Ziet het er zo uit? Ik heb hem in het kladblok gezet op deze manier:

    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
    REGEDIT4

    En opgeslagen als Fixreg.reg en type: alle bestanden.
    Ik kreeg inderdaad dat icoontje. Toen ja en oke. Hierna gaf hij een melding: "C\Document and Settings\J.de Brabander\Bureablad\Fixreg.niet te importeren\Het opgegeven bestand is geen register script. U kunt alleen binaire register bestanden importeren vanuit de register-editor".

    hier het Combifix logje en de Hyjackthis log..
    Ik ben bang dat ik in Kladblok nog niet de juiste handeling heb gezet.
    Want met het Fixreg.reg bestand op mijn bureablad gebeurd niets.

    Dank je wel voor de moeite Pim.

    Groeten,

    jack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:14, on 2007-10-16
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\ASUSKBService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\QuickTime\qttask.exe
    D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    D:\Nieuwe map\TrueImageMonitor.exe
    D:\Nieuwe map\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOPCOM\BULTER 4012\Butler 4012 USB VoIP.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hetnet.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OpwareSE2] "D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Nieuwe map\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Nieuwe map\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
    O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe"
    unonce
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "D:\Nieuwe map\osCheck.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
    O4 - Startup: Butler 4012 USB VoIP.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\NIEUWE~1\Spyware Doctor\tools\iesdpb.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/
    O15 - Trusted Zone: *.msn messenger
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Nieuwe map\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Nieuwe map\Spyware Doctor\swdsvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Nieuwe map\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


    End of file - 10940 bytes
    ComboFix 07-10-12.4 - J. de Brabander 2007-10-16 21:50:16.6 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.2016 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe
    Command switches used :: C:\Documents and Settings\J. de Brabander\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))
    .

    2007-10-16 18:19 <DIR> d——– C:\WINDOWS\system32\CatRoot2
    2007-10-15 22:30 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-14 20:04 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
    2007-10-14 20:04 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
    2007-10-14 19:34 <DIR> d——– C:\temp\Tmp___553
    2007-10-14 19:34 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\PC Tools
    2007-10-14 19:34 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-14 19:34 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-10-14 19:34 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-14 19:34 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-14 19:34 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-14 19:34 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-10-13 17:43 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Application Data\ATI
    2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Sjablonen
    2007-10-13 17:31 <DIR> dr-h—– C:\Documents and Settings\Jack de Brabander\Onlangs geopend
    2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Mijn documenten
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Menu Start
    2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Favorieten
    2007-10-13 17:31 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Bureaublad
    2007-10-13 11:54 <DIR> d——– C:\Hitman Pro
    2007-10-13 11:13 <DIR> d——– C:\Program Files\Trend Micro
    2007-10-13 10:09 584,192 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-12 20:26 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-10-12 20:20 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\LimeWire
    2007-10-06 15:44 <DIR> d——– C:\Program Files\Windows Sidebar
    2007-10-06 15:42 123,952 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-10-06 15:42 60,800 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2007-10-06 14:59 <DIR> d——– C:\Documents and Settings\All Users\Symantec Temporary Files
    2007-10-02 16:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Tages
    2007-09-29 12:20 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
    2007-09-29 12:20 2,414,360 –a—— C:\WINDOWS\system32\d3dx9_31.dll
    2007-09-20 19:47 42,752 ——— C:\WINDOWS\system32\drivers\ser2pl.sys
    2007-09-18 14:43 317,616 –a—— C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 14:43 278,576 –a—— C:\WINDOWS\system32\drivers\srtsp.sys
    2007-09-18 14:43 43,696 –a—— C:\WINDOWS\system32\drivers\srtspx.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-16 19:20 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Lavasoft
    2007-10-16 19:15 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Skype
    2007-10-15 21:35 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX
    2007-10-14 18:34 ——— d—–w C:\Program Files\Yahoo!
    2007-10-14 18:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-14 18:05 ——— d—–w C:\Program Files\SpywareBlaster
    2007-10-13 10:50 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-13 10:48 ——— d—–w C:\Program Files\Symantec
    2007-10-13 10:24 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2007-10-06 15:04 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-06 15:04 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-06 13:45 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Symantec
    2007-10-02 20:25 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Canon
    2007-09-29 11:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-23 18:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2007-09-19 09:22 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-09-18 19:37 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 12:44 10,658 —-a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 12:44 1,430 —-a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 12:44 1,421 —-a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 12:44 1,415 —-a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-11 17:14 ——— d—–w C:\Program Files\Microsoft Encarta
    2007-09-10 17:07 ——— d—–w C:\Program Files\CBS
    2007-09-09 09:10 ——— d—–w C:\Documents and Settings\Administrator\Application Data\ATI
    2007-09-02 20:52 ——— d—–w C:\Program Files\Ahead
    2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-SAL
    2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-GfxDatas
    2007-08-29 12:18 577,928 —-a-w C:\WINDOWS\system32\SymNeti.dll
    2007-08-28 16:01 ——— d—–w C:\Program Files\Common Files\YDP
    2007-08-24 12:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-08-24 12:23 ——— d—–w C:\Program Files\DivX
    2007-08-23 15:57 207,240 —-a-w C:\WINDOWS\system32\SymRedir.dll
    2007-08-23 12:46 ——— d—–w C:\Program Files\Skype
    2007-08-23 12:46 ——— d—–w C:\Program Files\Common Files\Skype
    2007-08-23 12:46 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
    2007-08-23 11:53 ——— d—–w C:\Program Files\Java
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-06-25 15:31 81,920 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe
    2007-06-25 15:31 47,360 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys
    2006-09-18 08:09 284 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    2007-08-24 21:51 316784 –a—— C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    2007-10-06 15:44 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
    "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49]
    "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
    "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08]
    "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23]
    "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56]
    "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12]
    "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07]
    "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53]
    "RegistryMechanic"="" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Start WingMan Profiler"="" []
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"=0 (0x0)
    "NoTrayItemsDisplay"=0 (0x0)
    "NoRecentDocsHistory"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\MacDrive-iTunes compatibility]
    C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
    backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
    backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
    backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "D:\Nieuwe map\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
    D:\Nieuwe map\olympus master software\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    C:\Program Files\Logitech\iTouch\iTouch.exe

    R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys
    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
    R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys
    R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
    S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
    S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys
    S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
    S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
    S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
    S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job"
    - D:\Nieuwe map\Norton AntiVirus\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-16 21:51:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-16 21:52:40
    C:\ComboFix2.txt … 2007-10-16 18:09
    .
    — E O F —
  • Inderdaad foutje van mijn kant, maar hij is weg! (al door Combofix, hij had toch gewerkt, zit te pitten hier:oops:)

    Kun je even de exacte foutmelding plaatsen die je krijgt en/of een duidelijke opsomming geven welke problemen je nog hebt?
  • Hallo,

    Kan je mij ook vertellen wat nu "weg" is?

    Zal het systeem checken en laat het je weten.

    Groeten,

    jack
  • Die register entry's die wegzijn waren een aantal restjes van toolbars die over zijn gebleven.
  • Hallo Pim,

    Bedankt voor je hulp! Ik kan nu alle mappen weer in en kan ze verwijderen of verplaatsen! Zelfs Limewire kan ik weer gebruiken zonder "error ". Ik denk dat Windows Genuine was meegereist op Nero 8.
    Wat nu nog niet werkt is mijn Symantec beveiligings software. Hij download wel maar verwerkt niet. Nu kan ik zelfs geen verbinding meer maken via mijn icoon update van Symantec, er gebeurt dan niets. Het verwijderings tool van Symantec geinstaleerd, deze geeft ook een "error"tijdens het verwijderen, en moet ik contact opnemen met de Symantec helpdesk. Verwijderen via mijn software gaat ook niet! Mapjes een voor een verwijderen? ( weet niet welke ze allemaal zijn ).

    Hoop dat je daar ook iets op weet?

    groeten,

    jack :D
  • Staat er ook een exacte error bij die melding die je krijgt bij de verwijdertool van Symantec? De mapjes één voor één verwijderen lijkt me geen goed idee, want dan blijven er nog steeds resten in het register over en dat levert problemen op bij het opnieuw installeren van de software.

    Probeer eens de CD van Norton erin te stoppen en deze over de bestaande versie heen te installeren, als het goed is krijg je dan vanzelf de melding waarbij je kan kiezen tussen verwijderen en repareren, kies hier eens voor repareren.

    Je zou ook het volgende nog kunnen proberen:
    > Kijk in het mapje van Norton of je daar een uninstaller kan vinden.
    > Draai de verwijdertool eens in veilige modus:
    http://users.telenet.be/marcvn/spyware/1378056.htm

    Post in je volgende antwoord ook een vers Hijackthis logje.
  • Hallo Pim,

    Had ik nou maar een CD gekocht ipv de software downloader van Symantec! Weer wat geleerd! Ik kan wel de oude CD gebruiken van Symantec, die heb ik nog wel! Ik zal nog even zoeken naar een mapje met een uninstaller en proberen in de veilige modus.

    groeten,

    jack

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.