Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Log file

Anoniem
None
27 antwoorden
  • Hoi!
    Sinds enige tijd staat er rechtsonder in mijn taakbalk een rood,rond icoontje met een uitroepteken erin, waarboven telkens een ballon verschijnt met de tekst "Security Warning, your computer may be infected with harmful or unwanted software".
    Ik heb spybot en adaware geprobeerd, zonder succes, dus bij deze post ik een hijack this logje in de hoop dat iemand mij kan helpen dit hardnekkige probleem op te lossen. Alvast bedankt!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:03:41, on 16-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\synsyn.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\3264.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\1664.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\synsyn.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0CDCB8A7-AA9A-ECF8-5D24-0B64CF397B03} - C:\Program Files\Gsqcvdvl\wskvsvfl.dll
    O2 - BHO: (no name) - {13239994-6A27-8245-BFA5-059C1D47F464} - C:\Program Files\Mvrmewtp\ydkvsbvo.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: (no name) - {732F90C3-2A76-E37C-CC6C-096442F3F7D4} - C:\Program Files\Qjnjksbv\crmtkzmq.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file)
    O2 - BHO: SpoofBHO Class - {F631AAE2-4C20-11DC-8929-D3F855D89593} - C:\WINDOWS\se_spoof.dll (file missing)
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [windowsVXD] C:\WINDOWS\system32\imstcallback.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [C:\WINDOWS\system32\PENIS.exe] C:\WINDOWS\system32\PENIS.exe
    O4 - HKLM\..\Run: [C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe] C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe
    O4 - HKLM\..\Run: [rslyxqzy] rundll32.exe "C:\Program Files\mnypynyf\mtmlurwz.dll",Init
    O4 - HKLM\..\Run: [qfkbmxab] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qfkbmxab.dll"
    O4 - HKLM\..\Run: [ehizedad] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ehizedad.dll"
    O4 - HKLM\..\Run: [qxexshwl] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qxexshwl.dll"
    O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvbuw.dll,startup
    O4 - HKLM\..\Run: [pklohmhg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pklohmhg.dll"
    O4 - HKLM\..\Run: [tqluvahu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\tqluvahu.dll"
    O4 - HKLM\..\Run: [pkzclinm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pkzclinm.dll"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Buru] "C:\DOCUME~1\User\APPLIC~1\STEM~1\regedit.exe" -vt yazb
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline
    l.htm
    O15 - Trusted Zone: *.line6.net
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
    O20 - Winlogon Notify: winxwt32 - C:\WINDOWS\SYSTEM32\winxwt32.dll
    O21 - SSODL: zip - {924dffc4-15ad-4fe2-aeb2-c407e1d83f8c} - C:\WINDOWS\Installer\{924dffc4-15ad-4fe2-aeb2-c407e1d83f8c}\zip.dll
    O21 - SSODL: WinDrive - {d5cdd620-cbfb-469c-8a5a-a4efba2a1b59} - C:\WINDOWS\Installer\{d5cdd620-cbfb-469c-8a5a-a4efba2a1b59}\WinDrive.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


    End of file - 12037 bytes




  • Download en unzip Killbox naar je bureaublad.

    In het veld "Full Path of File to Delete" kopieer en plak je het volgende:
    [b:0ed8c41c20]
    C:\WINDOWS\SYSTEM32\winxwt32.dll
    [/b:0ed8c41c20]
    Klik op de knop: [b:0ed8c41c20]Delete on Reboot[/b:0ed8c41c20]
    Klik op de knop: [b:0ed8c41c20]single file[/b:0ed8c41c20]

    Klik daarna op de rode cirkel met het wit kruisje erin.
    Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

    Je pc zal nu herstarten.

    plaats even een nieuw HJT logje
  • Bedankt voor je reactie :)

    Ik krijg een foutmelding zodra Killbox de pc opnieuw wil opstarten:

    "PendingFileRenameOperations Registry Data has been removed by External Process!"
  • en het nieuwe logje ?
  • O ja, hier is ie:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:39:25, on 16-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0CDCB8A7-AA9A-ECF8-5D24-0B64CF397B03} - C:\Program Files\Gsqcvdvl\wskvsvfl.dll
    O2 - BHO: (no name) - {13239994-6A27-8245-BFA5-059C1D47F464} - C:\Program Files\Mvrmewtp\ydkvsbvo.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: (no name) - {732F90C3-2A76-E37C-CC6C-096442F3F7D4} - C:\Program Files\Qjnjksbv\crmtkzmq.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file)
    O2 - BHO: SpoofBHO Class - {F631AAE2-4C20-11DC-8929-D3F855D89593} - C:\WINDOWS\se_spoof.dll (file missing)
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [windowsVXD] C:\WINDOWS\system32\imstcallback.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [C:\WINDOWS\system32\PENIS.exe] C:\WINDOWS\system32\PENIS.exe
    O4 - HKLM\..\Run: [C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe] C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe
    O4 - HKLM\..\Run: [rslyxqzy] rundll32.exe "C:\Program Files\mnypynyf\mtmlurwz.dll",Init
    O4 - HKLM\..\Run: [qfkbmxab] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qfkbmxab.dll"
    O4 - HKLM\..\Run: [ehizedad] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ehizedad.dll"
    O4 - HKLM\..\Run: [qxexshwl] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qxexshwl.dll"
    O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvbuw.dll,startup
    O4 - HKLM\..\Run: [pklohmhg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pklohmhg.dll"
    O4 - HKLM\..\Run: [tqluvahu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\tqluvahu.dll"
    O4 - HKLM\..\Run: [pkzclinm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pkzclinm.dll"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Buru] "C:\DOCUME~1\User\APPLIC~1\STEM~1\regedit.exe" -vt yazb
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline
    l.htm
    O15 - Trusted Zone: *.line6.net
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
    O20 - Winlogon Notify: winxwt32 - winxwt32.dll (file missing)
    O21 - SSODL: zip - {924dffc4-15ad-4fe2-aeb2-c407e1d83f8c} - C:\WINDOWS\Installer\{924dffc4-15ad-4fe2-aeb2-c407e1d83f8c}\zip.dll
    O21 - SSODL: WinDrive - {d5cdd620-cbfb-469c-8a5a-a4efba2a1b59} - C:\WINDOWS\Installer\{d5cdd620-cbfb-469c-8a5a-a4efba2a1b59}\WinDrive.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


    End of file - 11731 bytes




  • Hallo, nou lekker besmet.


    Schakel [b:4bd04cdd73]Spybot's TeaTimer[/b:4bd04cdd73] even uit, omdat deze de fix in de weg kan zitten:
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident [b:4bd04cdd73]TeaTimer[/b:4bd04cdd73] en klik OK
    - Herstart de computer

    Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op [b:4bd04cdd73]ResetTeaTimer.bat[/b:4bd04cdd73] om alle entries in [b:4bd04cdd73] TeaTimer[/b:4bd04cdd73] te verwijderen.
    [i:4bd04cdd73]Als de computer schoon is, kun je [b:4bd04cdd73]TeaTimer[/b:4bd04cdd73] weer aan zetten [/i:4bd04cdd73]


    Je kan geen internet explorer settings wijzigen.
    Mogelijk dat dit door Spybot S&D is ingesteld.
    Wil je dit toch kunnen doen dan laat je onderstaande repareren door HijackThis:

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:4bd04cdd73]
    O2 - BHO: (no name) - {0CDCB8A7-AA9A-ECF8-5D24-0B64CF397B03} - C:\Program Files\Gsqcvdvl\wskvsvfl.dll
    O2 - BHO: (no name) - {13239994-6A27-8245-BFA5-059C1D47F464} - C:\Program Files\Mvrmewtp\ydkvsbvo.dll
    O2 - BHO: (no name) - {732F90C3-2A76-E37C-CC6C-096442F3F7D4} - C:\Program Files\Qjnjksbv\crmtkzmq.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file)
    O2 - BHO: SpoofBHO Class - {F631AAE2-4C20-11DC-8929-D3F855D89593} - C:\WINDOWS\se_spoof.dll (file missing)
    O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [C:\WINDOWS\system32\PENIS.exe] C:\WINDOWS\system32\PENIS.exe
    O4 - HKLM\..\Run: [rslyxqzy] rundll32.exe "C:\Program Files\mnypynyf\mtmlurwz.dll",Init
    O4 - HKLM\..\Run: [qfkbmxab] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qfkbmxab.dll"
    O4 - HKLM\..\Run: [ehizedad] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ehizedad.dll"
    O4 - HKLM\..\Run: [qxexshwl] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qxexshwl.dll"
    O4 - HKLM\..\Run: [pklohmhg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pklohmhg.dll"
    O4 - HKLM\..\Run: [pkzclinm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pkzclinm.dll"
    O4 - HKCU\..\Run: [Buru] "C:\DOCUME~1\User\APPLIC~1\STEM~1\regedit.exe" -vt yazb
    O4 - HKLM\..\Run: [tqluvahu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\tqluvahu.dll"
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline
    l.htm
    O20 - Winlogon Notify: winxwt32 - winxwt32.dll (file missing)
    O21 - SSODL: zip - {924dffc4-15ad-4fe2-aeb2-c407e1d83f8c} - C:\WINDOWS\Installer\{924dffc4-15ad-4fe2-aeb2-c407e1d83f8c}\zip.dll
    O21 - SSODL: WinDrive - {d5cdd620-cbfb-469c-8a5a-a4efba2a1b59} - C:\WINDOWS\Installer\{d5cdd620-cbfb-469c-8a5a-a4efba2a1b59}\WinDrive.dll
    [/b:4bd04cdd73]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:4bd04cdd73]Combofix[/b:4bd04cdd73] naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:4bd04cdd73]download Combofix opnieuw[/b:4bd04cdd73]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:4bd04cdd73]
    Dubbelklik op [b:4bd04cdd73]Combofix.exe[/b:4bd04cdd73]
    Volg de instructies, aanvaard de disclaimer door [b:4bd04cdd73]Yes[/b:4bd04cdd73] te klikken.
    Tijdens het runnen van de fix, [b:4bd04cdd73]NIET[/b:4bd04cdd73] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:4bd04cdd73]
    Wanneer de fix voltooid is en na herstart, zal de log [b:4bd04cdd73]combofix.txt[/b:4bd04cdd73] openen.
    [i:4bd04cdd73]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:4bd04cdd73]




    Open de verkenner ("Mijn Computer";) en kies [b:4bd04cdd73]Extra[/b:4bd04cdd73] -> [b:4bd04cdd73]Mapopties…[/b:4bd04cdd73]
    Controleer onder [b:4bd04cdd73]Weergave[/b:4bd04cdd73] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    wil je onderstaand bestand uploaden naar jotti aub .

    Jotti Virusscan http://virusscan.jotti.org/
    Bovenin staat “file to upload”.
    Ga via “bladeren” naar onderstaand bestand, laat het scannen door eerst op “openen” en daarna op “submit” te klikken. Kopieer het antwoord dat je krijgt in je volgende post.

    Als de server te druk is kun je het bestand ook hier laten scannen:
    Kaspersky filescanner http://www.kaspersky.com/scanforvirus


    Dit bestand dus. [b:4bd04cdd73]C:\WINDOWS\system32\imstcallback.exe[/b:4bd04cdd73]


    succes
  • Nogmaals bedankt :)
    Ik heb het uitgevoerd en hier volgen de 2 logfiles.
    Ik heb het bestand nog niet kunnen scannen, omdat de server van jotti te druk is, en het bestand te groot is voor kaspersky. Ik zal het blijven proberen en even posten als het is gelukt ;)


    ComboFix 08-02-17.2 - User 2008-02-16 21:22:02.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.657 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\User\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\wowfx.dll
    C:\Documents and Settings\User\Application Data\STEM~1
    C:\Documents and Settings\User\Application Data\STEM~1\??stem\
    C:\Program Files\eliteprotector
    C:\Program Files\myglobalsearch
    C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
    C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
    C:\WINDOWS\system32\drvbuwr.dll
    C:\WINDOWS\system32\drvcujr.dll
    C:\WINDOWS\system32\urlmsnlink.dat
    C:\WINDOWS\system32\winyyq32.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))
    .

    2008-02-16 18:02 . 2008-02-16 18:02 <DIR> d——– C:\Program Files\Trend Micro
    2008-02-16 17:52 . 2008-02-16 17:52 10,240 –a—— C:\Program Files\tmp246421.exe
    2008-02-16 17:52 . 2008-02-16 17:52 10,240 –a—— C:\Program Files\tmp246359.exe
    2008-02-16 17:52 . 2008-02-16 17:52 10,240 –a—— C:\Program Files\tmp246328.exe
    2008-02-16 17:52 . 2008-02-16 17:52 10,240 –a—— C:\Program Files\tmp246281.exe
    2008-02-16 16:43 . 2008-02-16 16:43 <DIR> d——– C:\Program Files\Lavasoft
    2008-02-16 16:43 . 2008-02-16 16:45 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-16 16:42 . 2008-02-16 16:42 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-16 15:32 . 2008-02-16 15:32 6,674 –a—— C:\WINDOWS\system32\tmp.reg
    2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d——– C:\WINDOWS\system32\mblnppqc
    2008-02-10 17:30 . 2008-02-16 21:19 <DIR> d——– C:\Program Files\Mvrmewtp
    2008-02-10 14:54 . 2008-02-10 14:54 <DIR> d——– C:\Program Files\Spybot - Search & Destroy2
    2008-02-06 12:36 . 2005-06-05 08:11 98,709 –a—— C:\Documents and Settings\User\Application Data\sysdefender.exe
    2008-02-05 11:20 . 2008-02-05 11:20 160,560 –a—— C:\Program Files\udefender_setup.exe
    2008-02-03 16:06 . 2008-02-03 16:06 <DIR> d——– C:\WINDOWS\system32\wctwvfnd
    2008-02-03 16:06 . 2008-02-16 21:19 <DIR> d——– C:\Program Files\Qjnjksbv
    2008-01-31 19:12 . 2008-01-31 19:12 269,334 –a—— C:\WINDOWS\system32\rqdofmpkbihgn.bmp
    2008-01-31 15:51 . 2008-01-31 15:51 269,334 –a—— C:\WINDOWS\system32\ofmlsbidgfitcj.bmp
    2008-01-31 03:02 . 2008-01-31 03:02 54,608 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-01-29 16:19 . 2008-01-29 16:19 269,334 –a—— C:\WINDOWS\system32\itorqt.bmp
    2008-01-29 16:16 . 2008-01-29 16:16 269,334 –a—— C:\WINDOWS\system32\kjqdgfmtcf.bmp
    2008-01-29 14:48 . 2008-01-29 14:48 269,334 –a—— C:\WINDOWS\system32\horahof.bmp
    2008-01-29 14:48 . 2008-01-29 16:42 145 –a—— C:\WINDOWS\system32\winver.bat
    2008-01-29 14:46 . 2008-01-29 14:46 <DIR> d——– C:\WINDOWS\system32\jubggdok
    2008-01-29 14:46 . 2008-02-16 21:19 <DIR> d——– C:\Program Files\Gsqcvdvl
    2008-01-28 15:52 . 2008-01-28 15:52 269,334 –a—— C:\WINDOWS\system32\gnmlon.bmp
    2008-01-27 20:28 . 2008-01-27 20:43 <DIR> d——– C:\Program Files\AntiVirusPro
    2008-01-27 20:28 . 2008-01-27 20:28 <DIR> d——– C:\Documents and Settings\User\Application Data\Anti-Virus-Pro.com
    2008-01-27 20:28 . 2008-01-27 20:28 269,334 –a—— C:\WINDOWS\system32\qpcfmlofat.bmp
    2008-01-18 18:30 . 2008-01-18 18:30 103,936 –a—— C:\WINDOWS\system32\drvbuw.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-16 20:09 ——— d—–w C:\Documents and Settings\User\Application Data\Xfire
    2008-02-16 17:13 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-02-16 16:35 ——— d—–w C:\Program Files\Wclhapoc
    2008-02-16 16:35 ——— d—–w C:\Program Files\Vxwhawzf
    2008-02-16 16:35 ——— d—–w C:\Program Files\mnypynyf
    2008-02-16 16:35 ——— d—–w C:\Program Files\hkbsxyjk
    2008-02-14 14:59 ——— d-s—w C:\Program Files\Xfire
    2008-02-10 14:06 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-29 17:29 ——— d—–w C:\Program Files\Frets on Fire
    2008-01-27 19:39 ——— d—–w C:\Program Files\Line6
    2008-01-20 16:30 ——— d—–w C:\Program Files\EasySpywareCleaner
    2008-01-06 18:26 ——— d—–w C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com
    2007-12-22 11:17 ——— d—–w C:\Documents and Settings\User\Application Data\SPAMfighter
    2007-12-19 19:00 ——— d—–w C:\Program Files\MSN Messenger
    2007-12-19 19:00 ——— d—–w C:\Program Files\Messenger Plus! Live
    2007-12-18 09:51 179,584 —-a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-11 21:38 23,506 —-a-w C:\Documents and Settings\User\Application Data\info.dat
    2007-12-03 21:45 81,248 —-a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-11 17:37 359,112 —-a-w C:\Program Files\LimeWireWin.exe
    2007-04-04 20:29 8,180,408 —-a-w C:\Program Files\BearShare nieuwe versie.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
    "nwiz"="nwiz.exe" []
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-10 17:29 77824 C:\WINDOWS\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 10:20 2557952 C:\WINDOWS\ALCWZRD.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-02-23 10:03 58992]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 10:10 110740]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-09 20:55 100056]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-18 00:29 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-25 15:35 155648]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 14:29 86016]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 09:27 200704]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 00:07 593920]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 23:00 385024]
    "C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe"="C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe" [ ]
    "MSDrive"="C:\WINDOWS\system32\drvbuw.dll" [2008-01-18 18:30 103936]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

    C:\Documents and Settings\User\Menu Start\Programma's\Opstarten\
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-01-31 03:02:36 2880336]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-27 18:59:21 113664]
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "zip"= {924dffc4-15ad-4fe2-aeb2-c407e1d83f8c} - C:\WINDOWS\Installer\{924dffc4-15ad-4fe2-aeb2-c407e1d83f8c}\zip.dll [2008-02-03 11:54 38950]
    "WinDrive"= {d5cdd620-cbfb-469c-8a5a-a4efba2a1b59} - C:\WINDOWS\Installer\{d5cdd620-cbfb-469c-8a5a-a4efba2a1b59}\WinDrive.dll [2008-02-05 11:07 14374]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll, , ,

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
    C:\Program Files\BearShare\BearShare.exe

    R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2006-05-25 18:07]
    R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2006-05-25 18:07]
    R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 20:19]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 19:08]
    R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2002-07-16 04:39]
    R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2006-09-20 19:58]
    S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-01-30 02:17]
    S3 se58bus;Sony Ericsson Device 088 driver (WDM);C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 18:58]
    S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 18:59]
    S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 18:59]
    S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 19:00]
    S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS);C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18:57]
    S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 19:00]
    S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM);C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 18:57]
    S3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-07-14 12:53]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2005-06-02 15:30:46 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2005-06-09 20:20:10 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2008-02-16 17:13:34 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-17 21:27:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "C:\\DOCUME~1\\User\\LOCALS~1\\Temp\\FIFA08.exe"="C:\\DOCUME~1\\User\\LOCALS~1\\Temp\\FIFA08.exe"
    .
    ———————— Other Running Processes ————————
    .
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-02-17 21:30:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-17 20:30:19
    .
    2008-02-14 15:03:19 — E O F —






    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:40:00, on 17-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\lookhost.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\synsv.exe
    C:\Program Files\tmp285500.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\32host.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe] C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe
    O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvbuw.dll,startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.line6.net
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: zip - {924dffc4-15ad-4fe2-aeb2-c407e1d83f8c} - C:\WINDOWS\Installer\{924dffc4-15ad-4fe2-aeb2-c407e1d83f8c}\zip.dll
    O21 - SSODL: WinDrive - {d5cdd620-cbfb-469c-8a5a-a4efba2a1b59} - C:\WINDOWS\Installer\{d5cdd620-cbfb-469c-8a5a-a4efba2a1b59}\WinDrive.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


    End of file - 9293 bytes






  • Bij deze de resultaten van de jotti scan:

    File: imstcallback.exe~
    Status: INFECTED/MALWARE
    MD5: ca42ca91719620230206cd91f6c88cc2
    Packers detected: -
    Bit9 reports: High threat detected (more info)


    A-Squared
    Found nothing
    AntiVir
    Found TR/Spy.Banker.clr.7
    ArcaVir
    Found nothing
    Avast
    Found Win32:Banker-BOT
    AVG Antivirus
    Found Generic4.IJB
    BitDefender
    Found Trojan.Spy.Banker.CLR
    ClamAV
    Found Trojan.Spy.Banker-5050
    CPsecure
    Found Troj.Spy.W32.Banker.vy
    Dr.Web
    Found Trojan.PWS.Banker.10008
    F-Prot Antivirus
    Found W32/Trojan.ALRN
    F-Secure Anti-Virus
    Found Trojan-Spy.Win32.Banker.clr
    Fortinet
    Found Spy/Banker
    Ikarus
    Found Generic.Banker.Delf
    Kaspersky Anti-Virus
    Found Trojan-Spy.Win32.Banker.clr
    NOD32
    Found probably a variant of Win32/Genetik (probable variant)
    Norman Virus Control
    Found W32/Malware.QIL
    Panda Antivirus
    Found Trj/Banker.HEH
    Rising Antivirus
    Found Trojan.Spy.Banker.GEN
    Sophos Antivirus
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found nothing
  • Hallo, wil je voor we verder gaan eerst deze tool draaien laten aub.


    Download:
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
    Je kunt het programma laten uitpakken naar je bureaublad.
    Open nu de map RVAXO op je bureaublad en dubbelklik [b:86604d3a49]RVAXO.cmd[/b:86604d3a49]
    Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    [b:86604d3a49]Mogelijk[/b:86604d3a49] start er ook een uninstaller van een rogue scanner op, [b:86604d3a49]sluit deze niet af[/b:86604d3a49] maar volg eventuele aanwijzingen en laat deze zijn werk doen.

    Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent.
    Deze is eventueel ook hier te vinden: C:\[b:86604d3a49]RVAXO-results.log[/b:86604d3a49]
    Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Herstart je PC niet?

    Laat [b:86604d3a49]RVAXO[/b:86604d3a49] nog een keer lopen en post dan het nieuwe logje: [b:86604d3a49]C:\rvaxo-results.log [/b:86604d3a49]
  • Hier de twee logjes.
    Het valt me trouwens op dat de pc een stuk langzamer is met opstarten dan vóór we aan deze procedure begonnen. Ik zie een hele tijd de bureabladachtergrond, maar het duurt heel lang voordat ik de taakbalk, pictogrammen, etc zie verschijnen. Is dat iets waar ik me ook zorgen over moet maken?



    —RVAXO.exe Updated: [b:49025da48a]2008-02-17[/b:49025da48a]—first run—
    [b:49025da48a]Files found:[/b:49025da48a]
    C:\WINDOWS\system32\drvcuj.dll
    C:\WINDOWS\system32\drvbuw.dll
    C:\Program Files\udefender_setup.exe
    C:\Program Files\tmp201203.exe
    C:\Program Files\tmp201218.exe
    C:\Program Files\tmp214484.exe
    C:\Program Files\tmp246281.exe
    C:\Program Files\tmp246328.exe
    C:\Program Files\tmp246359.exe
    C:\Program Files\tmp246421.exe
    C:\Program Files\tmp285312.exe
    C:\Program Files\tmp285328.exe
    C:\Program Files\tmp308375.exe
    C:\Program Files\tmp362390.exe
    C:\Program Files\tmp383765.exe
    C:\Program Files\tmp439125.exe
    C:\WINDOWS\system32\winver.bat
    C:\Install
    C:\WINDOWS\system32\actskn45.ocx

    [b:49025da48a]Uninstallers:[/b:49025da48a]


    [b:49025da48a]Folders Found:[/b:49025da48a]

    C:\Program Files\AntiVirusPro
    C:\Program Files\Ultimate Defender
    C:\Program Files\E404DHelper
    C:\WINDOWS\system32\fibagbia
    C:\Documents and Settings\User\Application Data\Anti-Virus-Pro.com
    C:\Documents and Settings\User\Application Data\EasySpywareCleaner.com

    Hosts-file was reset, If you use a custom hosts file please replace it…

    ————–RVAXO.exe last run—————

    [b:49025da48a]Files found:[/b:49025da48a]

    [b:49025da48a]Folders Found:[/b:49025da48a]

    ————–RVAXO.exe finished—————-






    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:25:04, on 18-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe] C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.line6.net
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: WinDrive - {d5cdd620-cbfb-469c-8a5a-a4efba2a1b59} - C:\WINDOWS\Installer\{d5cdd620-cbfb-469c-8a5a-a4efba2a1b59}\WinDrive.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


    End of file - 9510 bytes




  • Dat ruimt op, we gaan verder.


    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: en de link die erboven staat.
    [list:c35217c93c][b:c35217c93c]
  • Het bestand is succesvol geupload.
    Hier wederom de logjes:



    ComboFix 08-02-17.2 - User 2008-02-18 16:54:39.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.460 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\User\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\User\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Gsqcvdvl
    C:\Program Files\hkbsxyjk
    C:\Program Files\mnypynyf
    C:\Program Files\Vxwhawzf
    C:\Program Files\Wclhapoc
    C:\WINDOWS\system32\gnmlon.bmp
    C:\WINDOWS\system32\horahof.bmp
    C:\WINDOWS\system32\itorqt.bmp
    C:\WINDOWS\system32\kjqdgfmtcf.bmp
    C:\WINDOWS\system32\ofmlsbidgfitcj.bmp
    C:\WINDOWS\system32\qpcfmlofat.bmp
    C:\WINDOWS\system32\rqdofmpkbihgn.bmp

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))
    .

    2008-02-18 16:14 . 2008-02-18 16:15 <DIR> d——– C:\Documents and Settings\User\Application Data\AVG7
    2008-02-18 16:14 . 2008-02-18 16:14 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-02-18 16:14 . 2008-02-18 16:14 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-18 16:14 . 2008-02-18 16:15 <DIR> d——– C:\Documents and Settings\All Users\Application Data\avg7
    2008-02-18 16:13 . 2008-02-18 16:13 10,240 –a—— C:\Program Files\tmp5701453.exe
    2008-02-18 16:13 . 2008-02-18 16:13 10,240 –a—— C:\Program Files\tmp5701359.exe
    2008-02-18 16:12 . 2008-02-18 16:12 10,240 –a—— C:\Program Files\tmp5650656.exe
    2008-02-18 15:56 . 1998-06-24 13:00 244,024 –a—— C:\WINDOWS\system32\MSFLXGRD.OCX
    2008-02-18 15:56 . 2004-03-09 13:00 132,880 –a—— C:\WINDOWS\system32\MSINET.OCX
    2008-02-18 14:52 . 2008-02-18 14:52 <DIR> d——– C:\Program Files\Ashampoo
    2008-02-18 14:32 . 2008-02-18 14:32 12,288 –a—— C:\Program Files\tmp4179765.exe
    2008-02-18 14:32 . 2008-02-18 14:32 12,288 –a—— C:\Program Files\tmp4153468.exe
    2008-02-18 14:32 . 2008-02-18 14:32 12,288 –a—— C:\Program Files\tmp4127312.exe
    2008-02-18 14:32 . 2008-02-18 14:32 10,240 –a—— C:\Program Files\tmp4171062.exe
    2008-02-18 14:32 . 2008-02-18 14:32 10,240 –a—— C:\Program Files\tmp4144718.exe
    2008-02-18 14:31 . 2008-02-18 14:31 12,288 –a—— C:\Program Files\tmp4099734.exe
    2008-02-18 14:31 . 2008-02-18 14:31 10,240 –a—— C:\Program Files\tmp4118531.exe
    2008-02-18 14:31 . 2008-02-18 14:31 10,240 –a—— C:\Program Files\tmp4090937.exe
    2008-02-18 14:27 . 2008-02-18 14:27 12,288 –a—— C:\Program Files\tmp3881656.exe
    2008-02-18 14:27 . 2008-02-18 14:27 12,288 –a—— C:\Program Files\tmp3825796.exe
    2008-02-18 14:27 . 2008-02-18 14:27 12,288 –a—— C:\Program Files\tmp3825734.exe
    2008-02-18 14:27 . 2008-02-18 14:27 12,288 –a—— C:\Program Files\tmp3825656.exe
    2008-02-18 14:27 . 2008-02-18 14:27 10,240 –a—— C:\Program Files\tmp3876718.exe
    2008-02-18 14:26 . 2008-02-18 14:26 10,240 –a—— C:\Program Files\tmp3812000.exe
    2008-02-18 14:26 . 2008-02-18 14:26 10,240 –a—— C:\Program Files\tmp3811984.exe
    2008-02-18 14:26 . 2008-02-18 14:26 10,240 –a—— C:\Program Files\tmp3811906.exe
    2008-02-18 14:26 . 2008-02-18 14:26 10,240 –a—— C:\Program Files\tmp3811859.exe
    2008-02-18 14:26 . 2008-02-18 14:26 10,240 –a—— C:\Program Files\tmp3811140.exe
    2008-02-18 14:26 . 2008-02-18 14:26 10,240 –a—— C:\Program Files\tmp3811093.exe
    2008-02-18 12:18 . 2008-02-18 13:18 <DIR> d——– C:\RVAXO
    2008-02-18 12:16 . 2008-02-17 12:52 700,333 –a—— C:\WINDOWS\system32\RVAXO.bat
    2008-02-18 12:16 . 2001-10-01 14:51 69,632 –a—— C:\WINDOWS\system32\remove.exe
    2008-02-16 18:02 . 2008-02-16 18:02 <DIR> d——– C:\Program Files\Trend Micro
    2008-02-16 16:43 . 2008-02-16 16:43 <DIR> d——– C:\Program Files\Lavasoft
    2008-02-16 16:43 . 2008-02-16 16:45 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-16 16:42 . 2008-02-16 16:42 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-16 15:32 . 2008-02-16 15:32 6,674 –a—— C:\WINDOWS\system32\tmp.reg
    2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d——– C:\WINDOWS\system32\mblnppqc
    2008-02-10 17:30 . 2008-02-16 21:19 <DIR> d——– C:\Program Files\Mvrmewtp
    2008-02-10 14:54 . 2008-02-10 14:54 <DIR> d——– C:\Program Files\Spybot - Search & Destroy2
    2008-02-03 16:06 . 2008-02-03 16:06 <DIR> d——– C:\WINDOWS\system32\wctwvfnd
    2008-02-03 16:06 . 2008-02-16 21:19 <DIR> d——– C:\Program Files\Qjnjksbv
    2008-01-31 03:02 . 2008-01-31 03:02 54,608 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-01-29 14:46 . 2008-01-29 14:46 <DIR> d——– C:\WINDOWS\system32\jubggdok

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-18 13:41 ——— d—–w C:\Documents and Settings\User\Application Data\Xfire
    2008-02-18 13:34 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-18 12:16 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-02-16 17:13 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-02-14 14:59 ——— d-s—w C:\Program Files\Xfire
    2008-01-29 17:29 ——— d—–w C:\Program Files\Frets on Fire
    2008-01-27 19:39 ——— d—–w C:\Program Files\Line6
    2008-01-20 16:30 ——— d—–w C:\Program Files\EasySpywareCleaner
    2008-01-11 05:52 44,544 —-a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-12-22 11:17 ——— d—–w C:\Documents and Settings\User\Application Data\SPAMfighter
    2007-12-19 22:57 347,136 —-a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-19 19:00 ——— d—–w C:\Program Files\MSN Messenger
    2007-12-19 19:00 ——— d—–w C:\Program Files\Messenger Plus! Live
    2007-12-18 09:51 179,584 —-a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-18 09:51 179,584 ——w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-12-14 10:32 12,632 —-a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-11 21:38 23,506 —-a-w C:\Documents and Settings\User\Application Data\info.dat
    2007-12-08 05:18 3,592,192 ——w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-12-06 11:04 70,656 ——w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-12-06 11:04 625,664 ——w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-12-06 11:00 13,824 ——w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-06 04:59 161,792 ——w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-12-04 18:42 550,912 —-a-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 18:42 550,912 ——w C:\WINDOWS\system32\dllcache\oleaut32.dll
    2007-12-03 21:45 81,248 —-a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-11 17:37 359,112 —-a-w C:\Program Files\LimeWireWin.exe
    2007-04-04 20:29 8,180,408 —-a-w C:\Program Files\BearShare nieuwe versie.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
    "nwiz"="nwiz.exe" []
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-10 17:29 77824 C:\WINDOWS\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 10:20 2557952 C:\WINDOWS\ALCWZRD.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-02-23 10:03 58992]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 10:10 110740]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-09 20:55 100056]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-18 00:29 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-25 15:35 155648]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 14:29 86016]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 09:27 200704]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 00:07 593920]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 23:00 385024]
    "C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe"="C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe" [ ]
    "AntiSpyWare2Guard"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2007-08-14 08:29 2334040]
    "BHR"="C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe" [ ]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-18 16:14 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-18 16:14 219136]

    C:\Documents and Settings\User\Menu Start\Programma's\Opstarten\
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-01-31 03:02:36 2880336]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-27 18:59:21 113664]
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , ,

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
    C:\Program Files\BearShare\BearShare.exe

    R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2007-08-14 08:28]
    R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2006-05-25 18:07]
    R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2006-05-25 18:07]
    R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 20:19]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 19:08]
    R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2002-07-16 04:39]
    R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2006-09-20 19:58]
    S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-01-30 02:17]
    S3 se58bus;Sony Ericsson Device 088 driver (WDM);C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 18:58]
    S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 18:59]
    S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 18:59]
    S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 19:00]
    S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS);C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18:57]
    S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 19:00]
    S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM);C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 18:57]
    S3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-07-14 12:53]

    *Newly Created Service* - AASW2_SERVICE
    *Newly Created Service* - AVG7ALRT
    *Newly Created Service* - AVG7CORE
    *Newly Created Service* - AVG7RSW
    *Newly Created Service* - AVG7RSXP
    *Newly Created Service* - AVG7UPDSVC
    *Newly Created Service* - AVGCLEAN
    *Newly Created Service* - AVGEMS
    *Newly Created Service* - AVGTDI
    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map
    "2005-06-02 15:30:46 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2005-06-09 20:20:10 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2008-02-18 13:13:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 16:57:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "C:\\DOCUME~1\\User\\LOCALS~1\\Temp\\FIFA08.exe"="C:\\DOCUME~1\\User\\LOCALS~1\\Temp\\FIFA08.exe"
    .
    Voltooingstijd: 2008-02-18 16:57:44
    ComboFix-quarantined-files.txt 2008-02-18 15:57:42
    ComboFix2.txt 2008-02-17 20:30:23
    .
    2008-02-14 15:03:19 — E O F —







    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:01:39, on 18-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\User\LOCALS~1\Temp\syspower.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\64mon.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\hostagent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe] C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe
    O4 - HKLM\..\Run: [AntiSpyWare2Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
    O4 - HKLM\..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.line6.net
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


    End of file - 10456 bytes




  • Volgens mij heb je nu 2 actieve antivirusscanners open staan. Kies er 1 uit en doe de ander uitzetten of verwijderen ( let op, norton moet verwijderd met een verwijdertooltje )

    Wil je dit nog even doen aub.

    Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:d43c75ae68][b:d43c75ae68]
  • Bedankt! 8)

    Hier alvast het logje.
    Na het eten zal ik even kijken hoe het verder gaat ;)

    ComboFix 08-02-17.2 - User 2008-02-18 17:59:35.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.599 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\User\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\User\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    C:\WINDOWS\system32\mblnppqc
    C:\WINDOWS\system32\wctwvfnd
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\EasySpywareCleaner
    C:\Program Files\Mvrmewtp
    C:\Program Files\tmp3811093.exe\
    C:\Program Files\tmp3811140.exe\
    C:\Program Files\tmp3811859.exe\
    C:\Program Files\tmp3811906.exe\
    C:\Program Files\tmp3811984.exe\
    C:\Program Files\tmp3812000.exe\
    C:\Program Files\tmp3825656.exe\
    C:\Program Files\tmp3825734.exe\
    C:\Program Files\tmp3825796.exe\
    C:\Program Files\tmp3876718.exe\
    C:\Program Files\tmp3881656.exe\
    C:\Program Files\tmp4090937.exe\
    C:\Program Files\tmp4099734.exe\
    C:\Program Files\tmp4118531.exe\
    C:\Program Files\tmp4127312.exe\
    C:\Program Files\tmp4144718.exe\
    C:\Program Files\tmp4153468.exe\
    C:\Program Files\tmp4171062.exe\
    C:\Program Files\tmp4179765.exe\
    C:\Program Files\tmp5650656.exe\
    C:\Program Files\tmp5701359.exe\
    C:\Program Files\tmp5701453.exe\
    C:\WINDOWS\system32\jubggdok
    C:\WINDOWS\system32\jubggdok\bg1.gif
    C:\WINDOWS\system32\jubggdok\bgtop.gif
    C:\WINDOWS\system32\jubggdok\bottom1.gif
    C:\WINDOWS\system32\jubggdok\essentials.gif
    C:\WINDOWS\system32\jubggdok\icon1.ico
    C:\WINDOWS\system32\jubggdok\install1.gif
    C:\WINDOWS\system32\jubggdok\left1.gif
    C:\WINDOWS\system32\jubggdok\li.gif
    C:\WINDOWS\system32\jubggdok\logo.gif
    C:\WINDOWS\system32\jubggdok\main.htm
    C:\WINDOWS\system32\jubggdok\mainframe.htm
    C:\WINDOWS\system32\jubggdok\reinstall1.gif
    C:\WINDOWS\system32\jubggdok\right1.gif
    C:\WINDOWS\system32\jubggdok\s1.htm
    C:\WINDOWS\system32\jubggdok\s2.htm
    C:\WINDOWS\system32\jubggdok\s3.htm
    C:\WINDOWS\system32\jubggdok\SMTop1.gif
    C:\WINDOWS\system32\jubggdok\SMTop2.gif
    C:\WINDOWS\system32\jubggdok\SMTop3.gif
    C:\WINDOWS\system32\jubggdok\SMTop4.gif
    C:\WINDOWS\system32\jubggdok\soft1_off.gif
    C:\WINDOWS\system32\jubggdok\soft1_off_ext.gif
    C:\WINDOWS\system32\jubggdok\soft1_on.gif
    C:\WINDOWS\system32\jubggdok\soft1_on_ext.gif
    C:\WINDOWS\system32\jubggdok\soft2_off.gif
    C:\WINDOWS\system32\jubggdok\soft2_off_ext.gif
    C:\WINDOWS\system32\jubggdok\soft2_on.gif
    C:\WINDOWS\system32\jubggdok\soft2_on_ext.gif
    C:\WINDOWS\system32\jubggdok\soft3_off.gif
    C:\WINDOWS\system32\jubggdok\soft3_off_ext.gif
    C:\WINDOWS\system32\jubggdok\soft3_on.gif
    C:\WINDOWS\system32\jubggdok\soft3_on_ext.gif
    C:\WINDOWS\system32\jubggdok\softbottom_off.gif
    C:\WINDOWS\system32\jubggdok\softbottom_on.gif
    C:\WINDOWS\system32\jubggdok\softleft_off.gif
    C:\WINDOWS\system32\jubggdok\softleft_on.gif
    C:\WINDOWS\system32\jubggdok\top1.gif
    C:\WINDOWS\system32\jubggdok\top2.gif
    C:\WINDOWS\system32\jubggdok\turnoff1.gif
    C:\WINDOWS\system32\jubggdok\turnon1.gif

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))
    .

    2008-02-18 16:14 . 2008-02-18 16:15 <DIR> d——– C:\Documents and Settings\User\Application Data\AVG7
    2008-02-18 16:14 . 2008-02-18 16:14 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-02-18 16:14 . 2008-02-18 16:14 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-18 16:14 . 2008-02-18 16:15 <DIR> d——– C:\Documents and Settings\All Users\Application Data\avg7
    2008-02-18 16:13 . 2008-02-18 16:13 10,240 –a—— C:\Program Files\tmp5701453.exe
    2008-02-18 16:13 . 2008-02-18 16:13 10,240 –a—— C:\Program Files\tmp5701359.exe
    2008-02-18 16:12 . 2008-02-18 16:12 10,240 –a—— C:\Program Files\tmp5650656.exe
    2008-02-18 15:56 . 1998-06-24 13:00 244,024 –a—— C:\WINDOWS\system32\MSFLXGRD.OCX
    2008-02-18 15:56 . 2004-03-09 13:00 132,880 –a—— C:\WINDOWS\system32\MSINET.OCX
    2008-02-18 14:52 . 2008-02-18 14:52 <DIR> d——– C:\Program Files\Ashampoo
    2008-02-18 14:32 . 2008-02-18 14:32 12,288 –a—— C:\Program Files\tmp4179765.exe
    2008-02-18 14:32 . 2008-02-18 14:32 12,288 –a—— C:\Program Files\tmp4153468.exe
    2008-02-18 14:32 . 2008-02-18 14:32 12,288 –a—— C:\Program Files\tmp4127312.exe
    2008-02-18 14:32 . 2008-02-18 14:32 10,240 –a—— C:\Program Files\tmp4171062.exe
    2008-02-18 14:32 . 2008-02-18 14:32 10,240 –a—— C:\Program Files\tmp4144718.exe
    2008-02-18 14:31 . 2008-02-18 14:31 12,288 –a—— C:\Program Files\tmp4099734.exe
    2008-02-18 14:31 . 2008-02-18 14:31 10,240 –a—— C:\Program Files\tmp4118531.exe
    2008-02-18 14:31 . 2008-02-18 14:31 10,240 –a—— C:\Program Files\tmp4090937.exe
    2008-02-18 14:27 . 2008-02-18 14:27 12,288 –a—— C:\Program Files\tmp3881656.exe
    2008-02-18 14:27 . 2008-02-18 14:27 12,288 –a—— C:\Program Files\tmp3825796.exe
    2008-02-18 14:27 . 2008-02-18 14:27 12,288 –a—— C:\Program Files\tmp3825734.exe
    2008-02-18 14:27 . 2008-02-18 14:27 12,288 –a—— C:\Program Files\tmp3825656.exe
    2008-02-18 14:27 . 2008-02-18 14:27 10,240 –a—— C:\Program Files\tmp3876718.exe
    2008-02-18 14:26 . 2008-02-18 14:26 10,240 –a—— C:\Program Files\tmp3812000.exe
    2008-02-18 14:26 . 2008-02-18 14:26 10,240 –a—— C:\Program Files\tmp3811984.exe
    2008-02-18 14:26 . 2008-02-18 14:26 10,240 –a—— C:\Program Files\tmp3811906.exe
    2008-02-18 14:26 . 2008-02-18 14:26 10,240 –a—— C:\Program Files\tmp3811859.exe
    2008-02-18 14:26 . 2008-02-18 14:26 10,240 –a—— C:\Program Files\tmp3811140.exe
    2008-02-18 14:26 . 2008-02-18 14:26 10,240 –a—— C:\Program Files\tmp3811093.exe
    2008-02-18 12:18 . 2008-02-18 13:18 <DIR> d——– C:\RVAXO
    2008-02-18 12:16 . 2008-02-17 12:52 700,333 –a—— C:\WINDOWS\system32\RVAXO.bat
    2008-02-18 12:16 . 2001-10-01 14:51 69,632 –a—— C:\WINDOWS\system32\remove.exe
    2008-02-16 18:02 . 2008-02-16 18:02 <DIR> d——– C:\Program Files\Trend Micro
    2008-02-16 16:43 . 2008-02-16 16:43 <DIR> d——– C:\Program Files\Lavasoft
    2008-02-16 16:43 . 2008-02-16 16:45 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-16 16:42 . 2008-02-16 16:42 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-16 15:32 . 2008-02-16 15:32 6,674 –a—— C:\WINDOWS\system32\tmp.reg
    2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d——– C:\WINDOWS\system32\mblnppqc
    2008-02-10 14:54 . 2008-02-10 14:54 <DIR> d——– C:\Program Files\Spybot - Search & Destroy2
    2008-02-03 16:06 . 2008-02-03 16:06 <DIR> d——– C:\WINDOWS\system32\wctwvfnd
    2008-02-03 16:06 . 2008-02-16 21:19 <DIR> d——– C:\Program Files\Qjnjksbv
    2008-01-31 03:02 . 2008-01-31 03:02 54,608 –a—— C:\WINDOWS\system32\xfcodec.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-18 16:56 ——— d—–w C:\Documents and Settings\User\Application Data\Xfire
    2008-02-18 13:34 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-18 12:16 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-02-16 17:13 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-02-14 14:59 ——— d-s—w C:\Program Files\Xfire
    2008-01-29 17:29 ——— d—–w C:\Program Files\Frets on Fire
    2008-01-27 19:39 ——— d—–w C:\Program Files\Line6
    2008-01-11 05:52 44,544 —-a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-12-22 11:17 ——— d—–w C:\Documents and Settings\User\Application Data\SPAMfighter
    2007-12-19 22:57 347,136 —-a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-19 19:00 ——— d—–w C:\Program Files\MSN Messenger
    2007-12-19 19:00 ——— d—–w C:\Program Files\Messenger Plus! Live
    2007-12-18 09:51 179,584 —-a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-18 09:51 179,584 ——w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-12-14 10:32 12,632 —-a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-11 21:38 23,506 —-a-w C:\Documents and Settings\User\Application Data\info.dat
    2007-12-08 05:18 3,592,192 ——w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-12-06 11:04 70,656 ——w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-12-06 11:04 625,664 ——w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-12-06 11:00 13,824 ——w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-06 04:59 161,792 ——w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-12-04 18:42 550,912 —-a-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 18:42 550,912 ——w C:\WINDOWS\system32\dllcache\oleaut32.dll
    2007-12-03 21:45 81,248 —-a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-11 17:37 359,112 —-a-w C:\Program Files\LimeWireWin.exe
    2007-04-04 20:29 8,180,408 —-a-w C:\Program Files\BearShare nieuwe versie.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
    "nwiz"="nwiz.exe" []
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-10 17:29 77824 C:\WINDOWS\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 10:20 2557952 C:\WINDOWS\ALCWZRD.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-02-23 10:03 58992]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 10:10 110740]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-09 20:55 100056]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-18 00:29 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-25 15:35 155648]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 14:29 86016]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 09:27 200704]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 00:07 593920]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 23:00 385024]
    "C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe"="C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe" [ ]
    "AntiSpyWare2Guard"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2007-08-14 08:29 2334040]
    "BHR"="C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe" [ ]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-18 16:14 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-18 16:14 219136]

    C:\Documents and Settings\User\Menu Start\Programma's\Opstarten\
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-01-31 03:02:36 2880336]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-27 18:59:21 113664]
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , ,

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
    C:\Program Files\BearShare\BearShare.exe

    R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2007-08-14 08:28]
    R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2006-05-25 18:07]
    R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2006-05-25 18:07]
    R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 20:19]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 19:08]
    R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2002-07-16 04:39]
    R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2006-09-20 19:58]
    S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-01-30 02:17]
    S3 se58bus;Sony Ericsson Device 088 driver (WDM);C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 18:58]
    S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 18:59]
    S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 18:59]
    S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 19:00]
    S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS);C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18:57]
    S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 19:00]
    S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM);C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 18:57]
    S3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-07-14 12:53]

    *Newly Created Service* - MCHINJDRV
    .
    Inhoud van de 'Gedeelde Taken' map
    "2005-06-02 15:30:46 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2005-06-09 20:20:10 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2008-02-18 13:13:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 18:02:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "C:\\DOCUME~1\\User\\LOCALS~1\\Temp\\FIFA08.exe"="C:\\DOCUME~1\\User\\LOCALS~1\\Temp\\FIFA08.exe"
    .
    Voltooingstijd: 2008-02-18 18:03:09
    ComboFix-quarantined-files.txt 2008-02-18 17:03:07
    ComboFix2.txt 2008-02-18 15:57:44
    ComboFix3.txt 2008-02-17 20:30:23
    .
    2008-02-14 15:03:19 — E O F —
  • Oke, eens zien:
    - Het icoontje rechtsonder in de taakbalk is (voorlopig) verdwenen. \o/
    - Ik heb ook nog geen pop-up vensters gezien, die ik de afgelopen dagen wel zo af en toe ben tegengekomen. Maar deze kwamen heel onregelmatig, dus in principe zouden ze nog kunnen komen. Al vertrouw ik erop dat het niet meer gebeurt. ;)
    - Enige punt is wel dat de computer een stuk trager opstart, zie een paar posts terug. Misschien weet je waar dat aan kan liggen?

    In ieder geval, nogmaals hartstikke bedankt voor al je moeite :)
  • Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:60b4f236f9][b:60b4f236f9]
  • Done 8)
    Edit: dit heeft niet geholpen tegen het langzame opstarten (weet niet of dat wel de bedoeling was?)

    ComboFix 08-02-17.2 - User 2008-02-18 19:14:27.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.677 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\User\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\User\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    C:\DOCUME~1\User\LOCALS~1\Temp\FIFA08.exe
    C:\Program Files\tmp
    C:\Program Files\tmp3811093.exe
    C:\Program Files\tmp3811140.exe
    C:\Program Files\tmp3811859.exe
    C:\Program Files\tmp3811906.exe
    C:\Program Files\tmp3811984.exe
    C:\Program Files\tmp3812000.exe
    C:\Program Files\tmp3825656.exe
    C:\Program Files\tmp3825734.exe
    C:\Program Files\tmp3825796.exe
    C:\Program Files\tmp3876718.exe
    C:\Program Files\tmp3881656.exe
    C:\Program Files\tmp4090937.exe
    C:\Program Files\tmp4099734.exe
    C:\Program Files\tmp4118531.exe
    C:\Program Files\tmp4127312.exe
    C:\Program Files\tmp4144718.exe
    C:\Program Files\tmp4153468.exe
    C:\Program Files\tmp4171062.exe
    C:\Program Files\tmp4179765.exe
    C:\Program Files\tmp5650656.exe
    C:\Program Files\tmp5701359.exe
    C:\Program Files\tmp5701453.exe
    C:\WINDOWS\system32\tmp.reg
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Qjnjksbv
    C:\Program Files\tmp3811093.exe
    C:\Program Files\tmp3811140.exe
    C:\Program Files\tmp3811859.exe
    C:\Program Files\tmp3811906.exe
    C:\Program Files\tmp3811984.exe
    C:\Program Files\tmp3812000.exe
    C:\Program Files\tmp3825656.exe
    C:\Program Files\tmp3825734.exe
    C:\Program Files\tmp3825796.exe
    C:\Program Files\tmp3876718.exe
    C:\Program Files\tmp3881656.exe
    C:\Program Files\tmp4090937.exe
    C:\Program Files\tmp4099734.exe
    C:\Program Files\tmp4118531.exe
    C:\Program Files\tmp4127312.exe
    C:\Program Files\tmp4144718.exe
    C:\Program Files\tmp4153468.exe
    C:\Program Files\tmp4171062.exe
    C:\Program Files\tmp4179765.exe
    C:\Program Files\tmp5650656.exe
    C:\Program Files\tmp5701359.exe
    C:\Program Files\tmp5701453.exe
    C:\WINDOWS\system32\mblnppqc
    C:\WINDOWS\system32\mblnppqc\bg1.gif
    C:\WINDOWS\system32\mblnppqc\bgtop.gif
    C:\WINDOWS\system32\mblnppqc\bottom1.gif
    C:\WINDOWS\system32\mblnppqc\essentials.gif
    C:\WINDOWS\system32\mblnppqc\icon1.ico
    C:\WINDOWS\system32\mblnppqc\install1.gif
    C:\WINDOWS\system32\mblnppqc\left1.gif
    C:\WINDOWS\system32\mblnppqc\li.gif
    C:\WINDOWS\system32\mblnppqc\logo.gif
    C:\WINDOWS\system32\mblnppqc\main.htm
    C:\WINDOWS\system32\mblnppqc\mainframe.htm
    C:\WINDOWS\system32\mblnppqc\reinstall1.gif
    C:\WINDOWS\system32\mblnppqc\right1.gif
    C:\WINDOWS\system32\mblnppqc\s1.htm
    C:\WINDOWS\system32\mblnppqc\s2.htm
    C:\WINDOWS\system32\mblnppqc\s3.htm
    C:\WINDOWS\system32\mblnppqc\SMTop1.gif
    C:\WINDOWS\system32\mblnppqc\SMTop2.gif
    C:\WINDOWS\system32\mblnppqc\SMTop3.gif
    C:\WINDOWS\system32\mblnppqc\SMTop4.gif
    C:\WINDOWS\system32\mblnppqc\soft1_off.gif
    C:\WINDOWS\system32\mblnppqc\soft1_off_ext.gif
    C:\WINDOWS\system32\mblnppqc\soft1_on.gif
    C:\WINDOWS\system32\mblnppqc\soft1_on_ext.gif
    C:\WINDOWS\system32\mblnppqc\soft2_off.gif
    C:\WINDOWS\system32\mblnppqc\soft2_off_ext.gif
    C:\WINDOWS\system32\mblnppqc\soft2_on.gif
    C:\WINDOWS\system32\mblnppqc\soft2_on_ext.gif
    C:\WINDOWS\system32\mblnppqc\soft3_off.gif
    C:\WINDOWS\system32\mblnppqc\soft3_off_ext.gif
    C:\WINDOWS\system32\mblnppqc\soft3_on.gif
    C:\WINDOWS\system32\mblnppqc\soft3_on_ext.gif
    C:\WINDOWS\system32\mblnppqc\softbottom_off.gif
    C:\WINDOWS\system32\mblnppqc\softbottom_on.gif
    C:\WINDOWS\system32\mblnppqc\softleft_off.gif
    C:\WINDOWS\system32\mblnppqc\softleft_on.gif
    C:\WINDOWS\system32\mblnppqc\top1.gif
    C:\WINDOWS\system32\mblnppqc\top2.gif
    C:\WINDOWS\system32\mblnppqc\turnoff1.gif
    C:\WINDOWS\system32\mblnppqc\turnon1.gif
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\wctwvfnd
    C:\WINDOWS\system32\wctwvfnd\bg1.gif
    C:\WINDOWS\system32\wctwvfnd\bgtop.gif
    C:\WINDOWS\system32\wctwvfnd\bottom1.gif
    C:\WINDOWS\system32\wctwvfnd\essentials.gif
    C:\WINDOWS\system32\wctwvfnd\icon1.ico
    C:\WINDOWS\system32\wctwvfnd\install1.gif
    C:\WINDOWS\system32\wctwvfnd\left1.gif
    C:\WINDOWS\system32\wctwvfnd\li.gif
    C:\WINDOWS\system32\wctwvfnd\logo.gif
    C:\WINDOWS\system32\wctwvfnd\main.htm
    C:\WINDOWS\system32\wctwvfnd\mainframe.htm
    C:\WINDOWS\system32\wctwvfnd\reinstall1.gif
    C:\WINDOWS\system32\wctwvfnd\right1.gif
    C:\WINDOWS\system32\wctwvfnd\s1.htm
    C:\WINDOWS\system32\wctwvfnd\s2.htm
    C:\WINDOWS\system32\wctwvfnd\s3.htm
    C:\WINDOWS\system32\wctwvfnd\SMTop1.gif
    C:\WINDOWS\system32\wctwvfnd\SMTop2.gif
    C:\WINDOWS\system32\wctwvfnd\SMTop3.gif
    C:\WINDOWS\system32\wctwvfnd\SMTop4.gif
    C:\WINDOWS\system32\wctwvfnd\soft1_off.gif
    C:\WINDOWS\system32\wctwvfnd\soft1_off_ext.gif
    C:\WINDOWS\system32\wctwvfnd\soft1_on.gif
    C:\WINDOWS\system32\wctwvfnd\soft1_on_ext.gif
    C:\WINDOWS\system32\wctwvfnd\soft2_off.gif
    C:\WINDOWS\system32\wctwvfnd\soft2_off_ext.gif
    C:\WINDOWS\system32\wctwvfnd\soft2_on.gif
    C:\WINDOWS\system32\wctwvfnd\soft2_on_ext.gif
    C:\WINDOWS\system32\wctwvfnd\soft3_off.gif
    C:\WINDOWS\system32\wctwvfnd\soft3_off_ext.gif
    C:\WINDOWS\system32\wctwvfnd\soft3_on.gif
    C:\WINDOWS\system32\wctwvfnd\soft3_on_ext.gif
    C:\WINDOWS\system32\wctwvfnd\softbottom_off.gif
    C:\WINDOWS\system32\wctwvfnd\softbottom_on.gif
    C:\WINDOWS\system32\wctwvfnd\softleft_off.gif
    C:\WINDOWS\system32\wctwvfnd\softleft_on.gif
    C:\WINDOWS\system32\wctwvfnd\top1.gif
    C:\WINDOWS\system32\wctwvfnd\top2.gif
    C:\WINDOWS\system32\wctwvfnd\turnoff1.gif
    C:\WINDOWS\system32\wctwvfnd\turnon1.gif

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))
    .

    2008-02-18 16:14 . 2008-02-18 16:15 <DIR> d——– C:\Documents and Settings\User\Application Data\AVG7
    2008-02-18 16:14 . 2008-02-18 16:14 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-02-18 16:14 . 2008-02-18 16:14 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-18 16:14 . 2008-02-18 16:15 <DIR> d——– C:\Documents and Settings\All Users\Application Data\avg7
    2008-02-18 15:56 . 1998-06-24 13:00 244,024 –a—— C:\WINDOWS\system32\MSFLXGRD.OCX
    2008-02-18 15:56 . 2004-03-09 13:00 132,880 –a—— C:\WINDOWS\system32\MSINET.OCX
    2008-02-18 14:52 . 2008-02-18 14:52 <DIR> d——– C:\Program Files\Ashampoo
    2008-02-18 12:18 . 2008-02-18 13:18 <DIR> d——– C:\RVAXO
    2008-02-18 12:16 . 2008-02-17 12:52 700,333 –a—— C:\WINDOWS\system32\RVAXO.bat
    2008-02-18 12:16 . 2001-10-01 14:51 69,632 –a—— C:\WINDOWS\system32\remove.exe
    2008-02-16 18:02 . 2008-02-16 18:02 <DIR> d——– C:\Program Files\Trend Micro
    2008-02-16 16:43 . 2008-02-16 16:43 <DIR> d——– C:\Program Files\Lavasoft
    2008-02-16 16:43 . 2008-02-16 16:45 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-16 16:42 . 2008-02-16 16:42 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-10 14:54 . 2008-02-10 14:54 <DIR> d——– C:\Program Files\Spybot - Search & Destroy2
    2008-01-31 03:02 . 2008-01-31 03:02 54,608 –a—— C:\WINDOWS\system32\xfcodec.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-18 18:03 ——— d—–w C:\Documents and Settings\User\Application Data\Xfire
    2008-02-18 13:34 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-18 12:16 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-02-16 17:13 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-02-14 14:59 ——— d-s—w C:\Program Files\Xfire
    2008-01-29 17:29 ——— d—–w C:\Program Files\Frets on Fire
    2008-01-27 19:39 ——— d—–w C:\Program Files\Line6
    2007-12-22 11:17 ——— d—–w C:\Documents and Settings\User\Application Data\SPAMfighter
    2007-12-19 19:00 ——— d—–w C:\Program Files\MSN Messenger
    2007-12-19 19:00 ——— d—–w C:\Program Files\Messenger Plus! Live
    2007-12-18 09:51 179,584 —-a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-11 21:38 23,506 —-a-w C:\Documents and Settings\User\Application Data\info.dat
    2007-12-03 21:45 81,248 —-a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-11 17:37 359,112 —-a-w C:\Program Files\LimeWireWin.exe
    2007-04-04 20:29 8,180,408 —-a-w C:\Program Files\BearShare nieuwe versie.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
    "nwiz"="nwiz.exe" []
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-10 17:29 77824 C:\WINDOWS\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 10:20 2557952 C:\WINDOWS\ALCWZRD.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-02-23 10:03 58992]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 10:10 110740]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-09 20:55 100056]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-18 00:29 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-25 15:35 155648]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 14:29 86016]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 09:27 200704]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 00:07 593920]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 23:00 385024]
    "AntiSpyWare2Guard"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2007-08-14 08:29 2334040]
    "BHR"="C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe" [ ]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-18 16:14 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-18 16:14 219136]

    C:\Documents and Settings\User\Menu Start\Programma's\Opstarten\
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-01-31 03:02:36 2880336]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-27 18:59:21 113664]
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , ,

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
    C:\Program Files\BearShare\BearShare.exe

    R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2007-08-14 08:28]
    R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2006-05-25 18:07]
    R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2006-05-25 18:07]
    R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 20:19]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 19:08]
    R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2002-07-16 04:39]
    R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2006-09-20 19:58]
    S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-01-30 02:17]
    S3 se58bus;Sony Ericsson Device 088 driver (WDM);C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 18:58]
    S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 18:59]
    S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 18:59]
    S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 19:00]
    S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS);C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18:57]
    S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 19:00]
    S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM);C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 18:57]
    S3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-07-14 12:53]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2005-06-02 15:30:46 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2005-06-09 20:20:10 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2008-02-18 17:13:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 19:21:14
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-02-18 19:23:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-18 18:23:44
    ComboFix2.txt 2008-02-18 17:03:10
    ComboFix3.txt 2008-02-18 15:57:44
    ComboFix4.txt 2008-02-17 20:30:23
    .
    2008-02-14 15:03:19 — E O F —

  • Hallo,

    Nou ik ga eerst de infecties te lijf, en dat lijkt me nu aardig gelukt lijkt het wel.

    Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

    Open de map RVAXO op je bureaublad en dubbelklik [b:332f417e11]Uninstall.cmd[/b:332f417e11]
    Dit zal alles van RVAXO doen verwijderen.


    Verwijder ComboFix via [b:332f417e11]Start[/b:332f417e11] > [b:332f417e11]Uitvoeren[/b:332f417e11], kopiëer en plak [b:332f417e11]Combofix /U[/b:332f417e11] klik op OK of toets Enter.
    Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

    [img:332f417e11]http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG[/img:332f417e11]

    plaats nog even een nieuw HJT logje voor controle aub.
  • Oke, ik neem aan dat ik de andere programmaatjes gewoon "normaal" kan deleten?


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:20:12, on 18-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\Explorer.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [AntiSpyWare2Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
    O4 - HKLM\..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.line6.net
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


    End of file - 10352 bytes



  • Ja hoor,

    Doe dit ook even.

    Open een kladblok bestand en kopieer onderstaande vetgedrukte tekst in dat kladblokbestand:
    [b:90d7d4e272]cd..
    cd..
    sc delete PnkBstrB
    sc delete PnkBstrA
    [/b:90d7d4e272]

    Sla het op op je bureaublad als sc.bat met als type "alle bestanden"
    Dubbelklik sc.bat.

    Herstart je pc.

    hoe gaat het nu,

    hier nog wat tips.



    http://users.telenet.be/bluepatchy/miekiemoes/tragecomputer.html

    http://www.jawwi.nl/tips/beveiligen.html

    Overbodige opstartitems verwijderen

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.