Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijack this log

pimvandenderen
8 antwoorden
  • Hallo ik heb wat problemen op mijn pc, steeds als ik op internet rond surf komen er pop ups te voorschijn van www.mt50.nl die ik niet weg krijg met cleaning tooltjes.

    ook heb ik bij mijn startup manager in het programma tweak now de volgende filename staan :8cd1b7b4 en bij PATH staan dit : rundll.exe"C:\WINDOWS\system32\xpmktoli.dll",b

    En als ik die mee laat opstarten krijg ik tijdens het opstarten dus een foutmelding met C:\WINDOWS\system32\xpmktoli.dll dat hij de module niet kan vinden,als ik dit dus uitvink bij tweak now en het dus niet mee op laat starten is de foutmelding wel weg, maar ik wil graag weten waar dit vanaf komt of bij welk programma dit hoort ik heb dus echt geen idee en zoek resultaten met google leveren niks op.

    Ik heb een hijack this log toegevoegt om te kijken of jullie er wat rotzooi in kunnen vinden.

    Alvast bedankt voor jullie tijd en moeite
    Mvg. Opelmantagek

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:37:06, on 8-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IncrediMail\bin\ImApp.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?from=start.home.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215861374390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200165312531
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 6798 bytes
  • Volg
  • ComboFix 08-03-09.1 - Stan 2008-03-09 17:57:06.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.622 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Stan\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\jkkjk.dll
    C:\WINDOWS\system32\kjkkj.ini
    C:\WINDOWS\system32\kjkkj.ini2

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))
    .

    2008-03-08 22:36 . 2008-03-08 22:36 <DIR> d——– C:\Program Files\Trend Micro
    2008-03-03 12:07 . 2008-03-03 12:07 268 –ah—– C:\sqmdata05.sqm
    2008-03-03 12:07 . 2008-03-03 12:07 244 –ah—– C:\sqmnoopt05.sqm
    2008-02-25 14:07 . 2008-02-25 14:07 <DIR> d——– C:\Program Files\Tuning Car Studio
    2008-02-25 13:23 . 2008-02-25 13:24 <DIR> d——– C:\Program Files\PcMedik
    2008-02-22 09:23 . 2008-02-22 10:01 151 –a—— C:\WINDOWS\PhotoSnapViewer.INI
    2008-02-19 10:43 . 2008-02-22 20:30 2,334 —hs—- C:\WINDOWS\system32\ilotkmpx.ini
    2008-02-16 10:51 . 2008-02-19 09:37 1,254 —hs—- C:\WINDOWS\system32\ggmkjwpm.ini
    2008-02-15 09:19 . 2008-02-15 09:19 691,545 –a—— C:\WINDOWS\unins000.exe
    2008-02-15 09:19 . 2008-02-15 09:19 3,449 –a—— C:\WINDOWS\unins000.dat
    2008-02-15 09:06 . 2008-02-16 10:48 834 —hs—- C:\WINDOWS\system32\blcjpkgm.ini
    2008-02-14 09:08 . 2008-02-15 09:00 474 —hs—- C:\WINDOWS\system32\lxmqcmmh.ini
    2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d——– C:\WINDOWS\Sun
    2008-02-12 10:13 . 2008-02-12 10:13 <DIR> d–hs—- C:\WINDOWS\ftpcache
    2008-02-12 10:06 . 2008-02-12 10:06 268 –ah—– C:\sqmdata04.sqm
    2008-02-12 10:06 . 2008-02-12 10:06 244 –ah—– C:\sqmnoopt04.sqm
    2008-02-11 20:10 . 2008-02-11 20:10 244 –ah—– C:\sqmnoopt03.sqm
    2008-02-11 20:10 . 2008-02-11 20:10 232 –ah—– C:\sqmdata03.sqm
    2008-02-10 20:58 . 2008-02-10 20:58 22 –a—— C:\Display.opt

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-12 11:03 ——— d—–w C:\Program Files\microsoft frontpage
    2008-03-09 16:52 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-03-09 16:45 ——— d—–w C:\Program Files\Lx_cats
    2008-03-08 21:14 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-07 15:30 ——— d—–w C:\Program Files\Bit Che
    2008-03-02 19:17 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-02-21 14:48 ——— d—–w C:\Program Files\Common Files\InstallShield
    2008-02-20 09:08 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-02-15 08:25 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-15 08:22 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-02-14 10:10 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-02-06 15:54 ——— d—–w C:\Program Files\MSBuild
    2008-02-06 15:54 ——— d—–w C:\Program Files\Microsoft Works
    2008-02-06 15:26 ——— d—–w C:\Documents and Settings\Stan\Application Data\DAEMON Tools
    2008-02-06 06:41 ——— d—–w C:\Program Files\MSXML 4.0
    2008-02-05 17:03 ——— d—–w C:\Program Files\DAEMON Tools Lite
    2008-02-05 17:00 715,248 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-04 20:40 ——— d—–w C:\Documents and Settings\Stan\Application Data\LimeWire
    2008-02-04 15:29 ——— d—–w C:\Program Files\IncrediMail
    2008-02-04 15:29 ——— d—–w C:\Documents and Settings\All Users\Application Data\IM
    2008-02-04 15:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-02-02 15:42 ——— d—–w C:\Program Files\LimeWire
    2008-01-29 21:54 ——— d—–w C:\Program Files\Norton 360
    2008-01-27 16:14 ——— d—–w C:\Program Files\Windows Media Connect 2
    2008-01-21 15:01 ——— d—–w C:\Program Files\BitComet
    2008-01-21 09:01 56 –sha-w C:\redir.sys
    2008-01-21 09:01 ——— d—–w C:\Program Files\Common Files\PACE Anti-Piracy
    2008-01-21 09:01 ——— d—–w C:\Documents and Settings\Stan\Application Data\Sonic
    2008-01-21 09:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    2008-01-21 08:59 ——— d—–w C:\Program Files\InterLok
    2008-01-21 08:51 ——— d—–w C:\Program Files\Sonic
    2008-01-21 08:51 ——— d—–w C:\Program Files\Common Files\SureThing Shared
    2008-01-18 18:25 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-01-17 16:26 ——— d—–w C:\Documents and Settings\Stan\Application Data\Ahead
    2008-01-16 15:15 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-16 15:15 ——— d—–w C:\Program Files\Messenger Plus! Live
    2008-01-15 18:39 ——— d—–w C:\Program Files\Magentic
    2008-01-15 08:54 10,537 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-01-15 04:28 706 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-01-14 12:34 ——— d—–w C:\Documents and Settings\Stan\Application Data\Media Player Classic
    2008-01-14 06:10 ——— d—–w C:\Documents and Settings\Stan\Application Data\Symantec
    2008-01-13 17:26 ——— d—–w C:\Program Files\Abbyy FineReader 6.0 Sprint
    2008-01-12 22:34 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-01-12 22:34 60,800 —-a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2008-01-12 22:34 123,952 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-01-12 22:34 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-01-12 22:34 ——— d—–w C:\Program Files\Symantec
    2008-01-12 19:20 ——— d—–w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-12 19:06 28,672 —-a-w C:\WINDOWS\system32\qttask.exe
    2008-01-12 19:06 ——— d—–w C:\Program Files\QuickTime
    2008-01-12 19:06 ——— d—–w C:\Program Files\Java
    2008-01-12 19:06 ——— d—–w C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-01-12 19:05 ——— d—–w C:\Program Files\Real
    2008-01-12 19:05 ——— d—–w C:\Program Files\Common Files\Real
    2008-01-12 18:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-01-12 18:51 ——— d—–w C:\Program Files\Windows Live
    2008-01-12 18:51 ——— d—–w C:\Program Files\Common Files\Java
    2008-01-12 18:47 ——— d—–w C:\Program Files\K-Lite Codec Pack
    2008-01-12 18:44 ——— d—–w C:\Program Files\TweakNow PowerPack 2006
    2008-01-12 18:39 ——— d—–w C:\Program Files\Ahead
    2008-01-12 18:37 ——— d—–w C:\Program Files\Common Files\Ahead
    2008-01-12 18:35 ——— d—–w C:\Documents and Settings\All Users\Application Data\Ahead
    2008-01-12 17:32 23,904 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-01-12 14:45 ——— d—–w C:\Program Files\CleanUp!
    2008-01-12 14:20 ——— d—–w C:\Program Files\UnderCoverXP
    2008-01-12 14:20 ——— d—–w C:\Program Files\DVD Shrink
    2008-01-12 13:59 ——— d—–w C:\Program Files\Lexmark 4300 Series
    2008-01-12 13:59 ——— d—–w C:\Documents and Settings\Stan\Application Data\FaxCtr
    2008-01-12 13:55 ——— d—–w C:\Program Files\Lexmark Fax Solutions
    2008-01-12 13:54 ——— d—–w C:\Documents and Settings\All Users\Application Data\FaxCtr
    2008-01-12 13:13 ——— d—–w C:\Program Files\Intel
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3788ebf9-c4bc-4465-b5e9-3bb1c67a3798}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F18DFF7-62FC-4C1B-8275-0833F437C679}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95C9CE4F-3F47-4B3D-85FD-368FD0B4AB65}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79F97F6-5EFE-433B-84BE-A20F8FA5FD5B}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
    "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
    "8cd1b7b4"="C:\WINDOWS\system32\xpmktoli.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveSearch"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
    "C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
    "C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "25280:TCP"= 25280:TCP:BitComet 25280 TCP
    "25280:UDP"= 25280:UDP:BitComet 25280 UDP


    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-09 18:02:09
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\system32\lxcecoms.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-03-09 18:03:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-09 17:03:35
    .
    2008-03-09 08:57:32 — E O F —
  • [quote:b64aef1ae6="opelmantagek"]ComboFix 08-03-09.1 - Stan 2008-03-09 17:57:06.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.622 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Stan\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\jkkjk.dll
    C:\WINDOWS\system32\kjkkj.ini
    C:\WINDOWS\system32\kjkkj.ini2

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))
    .

    2008-03-08 22:36 . 2008-03-08 22:36 <DIR> d——– C:\Program Files\Trend Micro
    2008-03-03 12:07 . 2008-03-03 12:07 268 –ah—– C:\sqmdata05.sqm
    2008-03-03 12:07 . 2008-03-03 12:07 244 –ah—– C:\sqmnoopt05.sqm
    2008-02-25 14:07 . 2008-02-25 14:07 <DIR> d——– C:\Program Files\Tuning Car Studio
    2008-02-25 13:23 . 2008-02-25 13:24 <DIR> d——– C:\Program Files\PcMedik
    2008-02-22 09:23 . 2008-02-22 10:01 151 –a—— C:\WINDOWS\PhotoSnapViewer.INI
    2008-02-19 10:43 . 2008-02-22 20:30 2,334 —hs—- C:\WINDOWS\system32\ilotkmpx.ini
    2008-02-16 10:51 . 2008-02-19 09:37 1,254 —hs—- C:\WINDOWS\system32\ggmkjwpm.ini
    2008-02-15 09:19 . 2008-02-15 09:19 691,545 –a—— C:\WINDOWS\unins000.exe
    2008-02-15 09:19 . 2008-02-15 09:19 3,449 –a—— C:\WINDOWS\unins000.dat
    2008-02-15 09:06 . 2008-02-16 10:48 834 —hs—- C:\WINDOWS\system32\blcjpkgm.ini
    2008-02-14 09:08 . 2008-02-15 09:00 474 —hs—- C:\WINDOWS\system32\lxmqcmmh.ini
    2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d——– C:\WINDOWS\Sun
    2008-02-12 10:13 . 2008-02-12 10:13 <DIR> d–hs—- C:\WINDOWS\ftpcache
    2008-02-12 10:06 . 2008-02-12 10:06 268 –ah—– C:\sqmdata04.sqm
    2008-02-12 10:06 . 2008-02-12 10:06 244 –ah—– C:\sqmnoopt04.sqm
    2008-02-11 20:10 . 2008-02-11 20:10 244 –ah—– C:\sqmnoopt03.sqm
    2008-02-11 20:10 . 2008-02-11 20:10 232 –ah—– C:\sqmdata03.sqm
    2008-02-10 20:58 . 2008-02-10 20:58 22 –a—— C:\Display.opt

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-12 11:03 ——— d—–w C:\Program Files\microsoft frontpage
    2008-03-09 16:52 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-03-09 16:45 ——— d—–w C:\Program Files\Lx_cats
    2008-03-08 21:14 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-07 15:30 ——— d—–w C:\Program Files\Bit Che
    2008-03-02 19:17 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-02-21 14:48 ——— d—–w C:\Program Files\Common Files\InstallShield
    2008-02-20 09:08 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-02-15 08:25 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-15 08:22 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-02-14 10:10 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-02-06 15:54 ——— d—–w C:\Program Files\MSBuild
    2008-02-06 15:54 ——— d—–w C:\Program Files\Microsoft Works
    2008-02-06 15:26 ——— d—–w C:\Documents and Settings\Stan\Application Data\DAEMON Tools
    2008-02-06 06:41 ——— d—–w C:\Program Files\MSXML 4.0
    2008-02-05 17:03 ——— d—–w C:\Program Files\DAEMON Tools Lite
    2008-02-05 17:00 715,248 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-04 20:40 ——— d—–w C:\Documents and Settings\Stan\Application Data\LimeWire
    2008-02-04 15:29 ——— d—–w C:\Program Files\IncrediMail
    2008-02-04 15:29 ——— d—–w C:\Documents and Settings\All Users\Application Data\IM
    2008-02-04 15:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-02-02 15:42 ——— d—–w C:\Program Files\LimeWire
    2008-01-29 21:54 ——— d—–w C:\Program Files\Norton 360
    2008-01-27 16:14 ——— d—–w C:\Program Files\Windows Media Connect 2
    2008-01-21 15:01 ——— d—–w C:\Program Files\BitComet
    2008-01-21 09:01 56 –sha-w C:\redir.sys
    2008-01-21 09:01 ——— d—–w C:\Program Files\Common Files\PACE Anti-Piracy
    2008-01-21 09:01 ——— d—–w C:\Documents and Settings\Stan\Application Data\Sonic
    2008-01-21 09:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    2008-01-21 08:59 ——— d—–w C:\Program Files\InterLok
    2008-01-21 08:51 ——— d—–w C:\Program Files\Sonic
    2008-01-21 08:51 ——— d—–w C:\Program Files\Common Files\SureThing Shared
    2008-01-18 18:25 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-01-17 16:26 ——— d—–w C:\Documents and Settings\Stan\Application Data\Ahead
    2008-01-16 15:15 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-16 15:15 ——— d—–w C:\Program Files\Messenger Plus! Live
    2008-01-15 18:39 ——— d—–w C:\Program Files\Magentic
    2008-01-15 08:54 10,537 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-01-15 04:28 706 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-01-14 12:34 ——— d—–w C:\Documents and Settings\Stan\Application Data\Media Player Classic
    2008-01-14 06:10 ——— d—–w C:\Documents and Settings\Stan\Application Data\Symantec
    2008-01-13 17:26 ——— d—–w C:\Program Files\Abbyy FineReader 6.0 Sprint
    2008-01-12 22:34 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-01-12 22:34 60,800 —-a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2008-01-12 22:34 123,952 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-01-12 22:34 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-01-12 22:34 ——— d—–w C:\Program Files\Symantec
    2008-01-12 19:20 ——— d—–w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-12 19:06 28,672 —-a-w C:\WINDOWS\system32\qttask.exe
    2008-01-12 19:06 ——— d—–w C:\Program Files\QuickTime
    2008-01-12 19:06 ——— d—–w C:\Program Files\Java
    2008-01-12 19:06 ——— d—–w C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-01-12 19:05 ——— d—–w C:\Program Files\Real
    2008-01-12 19:05 ——— d—–w C:\Program Files\Common Files\Real
    2008-01-12 18:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-01-12 18:51 ——— d—–w C:\Program Files\Windows Live
    2008-01-12 18:51 ——— d—–w C:\Program Files\Common Files\Java
    2008-01-12 18:47 ——— d—–w C:\Program Files\K-Lite Codec Pack
    2008-01-12 18:44 ——— d—–w C:\Program Files\TweakNow PowerPack 2006
    2008-01-12 18:39 ——— d—–w C:\Program Files\Ahead
    2008-01-12 18:37 ——— d—–w C:\Program Files\Common Files\Ahead
    2008-01-12 18:35 ——— d—–w C:\Documents and Settings\All Users\Application Data\Ahead
    2008-01-12 17:32 23,904 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-01-12 14:45 ——— d—–w C:\Program Files\CleanUp!
    2008-01-12 14:20 ——— d—–w C:\Program Files\UnderCoverXP
    2008-01-12 14:20 ——— d—–w C:\Program Files\DVD Shrink
    2008-01-12 13:59 ——— d—–w C:\Program Files\Lexmark 4300 Series
    2008-01-12 13:59 ——— d—–w C:\Documents and Settings\Stan\Application Data\FaxCtr
    2008-01-12 13:55 ——— d—–w C:\Program Files\Lexmark Fax Solutions
    2008-01-12 13:54 ——— d—–w C:\Documents and Settings\All Users\Application Data\FaxCtr
    2008-01-12 13:13 ——— d—–w C:\Program Files\Intel
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3788ebf9-c4bc-4465-b5e9-3bb1c67a3798}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F18DFF7-62FC-4C1B-8275-0833F437C679}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95C9CE4F-3F47-4B3D-85FD-368FD0B4AB65}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79F97F6-5EFE-433B-84BE-A20F8FA5FD5B}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
    "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
    "8cd1b7b4"="C:\WINDOWS\system32\xpmktoli.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveSearch"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
    "C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
    "C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "25280:TCP"= 25280:TCP:BitComet 25280 TCP
    "25280:UDP"= 25280:UDP:BitComet 25280 UDP


    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-09 18:02:09
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\system32\lxcecoms.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-03-09 18:03:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-09 17:03:35
    .
    2008-03-09 08:57:32 — E O F —[/quote:b64aef1ae6]

    en hier de nieuwe hijacklog

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:11:11, on 9-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?from=start.home.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [8cd1b7b4] rundll32.exe "C:\WINDOWS\system32\xpmktoli.dll",b
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215861374390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200165312531
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 7180 bytes
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:d8003cad7d]
    File::
    C:\WINDOWS\system32\ggmkjwpm.ini
    C:\WINDOWS\system32\blcjpkgm.ini
    C:\WINDOWS\system32\ggmkjwpm.ini
    C:\WINDOWS\system32\ilotkmpx.ini

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3788ebf9-c4bc-4465-b5e9-3bb1c67a3798}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F18DFF7-62FC-4C1B-8275-0833F437C679}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95C9CE4F-3F47-4B3D-85FD-368FD0B4AB65}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79F97F6-5EFE-433B-84BE-A20F8FA5FD5B}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "8cd1b7b4"=-
    [/b:d8003cad7d]
    Sla dit op op je Bureaublad als [b:d8003cad7d]CFScript.txt[/b:d8003cad7d]

    Sleep [b:d8003cad7d]CFScript.txt[/b:d8003cad7d] in [b:d8003cad7d]ComboFix.exe[/b:d8003cad7d] zoals getoond in onderstaand voorbeeld :

    [img:d8003cad7d]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:d8003cad7d]

    Dit zal [b:d8003cad7d]ComboFix[/b:d8003cad7d] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:d8003cad7d]Combofix.txt[/b:d8003cad7d] in je volgende antwoord samen met een nieuw HijackThislogje.

    Nog problemen?
  • ComboFix 08-03-09.1 - Stan 2008-03-10 19:44:52.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.592 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Stan\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Stan\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    C:\WINDOWS\system32\blcjpkgm.ini
    C:\WINDOWS\system32\ggmkjwpm.ini
    C:\WINDOWS\system32\ilotkmpx.ini
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\blcjpkgm.ini
    C:\WINDOWS\system32\ggmkjwpm.ini
    C:\WINDOWS\system32\ilotkmpx.ini

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))
    .

    2008-03-08 22:36 . 2008-03-08 22:36 <DIR> d——– C:\Program Files\Trend Micro
    2008-03-03 12:07 . 2008-03-03 12:07 268 –ah—– C:\sqmdata05.sqm
    2008-03-03 12:07 . 2008-03-03 12:07 244 –ah—– C:\sqmnoopt05.sqm
    2008-02-25 14:07 . 2008-02-25 14:07 <DIR> d——– C:\Program Files\Tuning Car Studio
    2008-02-25 13:23 . 2008-02-25 13:24 <DIR> d——– C:\Program Files\PcMedik
    2008-02-22 09:23 . 2008-02-22 10:01 151 –a—— C:\WINDOWS\PhotoSnapViewer.INI
    2008-02-15 09:19 . 2008-02-15 09:19 691,545 –a—— C:\WINDOWS\unins000.exe
    2008-02-15 09:19 . 2008-02-15 09:19 3,449 –a—— C:\WINDOWS\unins000.dat
    2008-02-14 09:08 . 2008-02-15 09:00 474 —hs—- C:\WINDOWS\system32\lxmqcmmh.ini
    2008-02-12 15:51 . 2008-02-12 15:51 <DIR> d——– C:\WINDOWS\Sun
    2008-02-12 10:13 . 2008-02-12 10:13 <DIR> d–hs—- C:\WINDOWS\ftpcache
    2008-02-12 10:06 . 2008-02-12 10:06 268 –ah—– C:\sqmdata04.sqm
    2008-02-12 10:06 . 2008-02-12 10:06 244 –ah—– C:\sqmnoopt04.sqm
    2008-02-11 20:10 . 2008-02-11 20:10 244 –ah—– C:\sqmnoopt03.sqm
    2008-02-11 20:10 . 2008-02-11 20:10 232 –ah—– C:\sqmdata03.sqm
    2008-02-10 20:58 . 2008-02-10 20:58 22 –a—— C:\Display.opt

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-12 11:03 ——— d—–w C:\Program Files\microsoft frontpage
    2008-03-10 18:41 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-03-10 17:09 ——— d—–w C:\Program Files\Lx_cats
    2008-03-08 21:14 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-07 15:30 ——— d—–w C:\Program Files\Bit Che
    2008-03-02 19:17 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-02-21 14:48 ——— d—–w C:\Program Files\Common Files\InstallShield
    2008-02-20 09:08 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-02-15 08:25 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-15 08:22 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-02-14 10:10 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-02-06 15:54 ——— d—–w C:\Program Files\MSBuild
    2008-02-06 15:54 ——— d—–w C:\Program Files\Microsoft Works
    2008-02-06 15:26 ——— d—–w C:\Documents and Settings\Stan\Application Data\DAEMON Tools
    2008-02-06 06:41 ——— d—–w C:\Program Files\MSXML 4.0
    2008-02-05 17:03 ——— d—–w C:\Program Files\DAEMON Tools Lite
    2008-02-05 17:00 715,248 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-04 20:40 ——— d—–w C:\Documents and Settings\Stan\Application Data\LimeWire
    2008-02-04 15:29 ——— d—–w C:\Program Files\IncrediMail
    2008-02-04 15:29 ——— d—–w C:\Documents and Settings\All Users\Application Data\IM
    2008-02-04 15:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-02-02 15:42 ——— d—–w C:\Program Files\LimeWire
    2008-01-29 21:54 ——— d—–w C:\Program Files\Norton 360
    2008-01-27 16:14 ——— d—–w C:\Program Files\Windows Media Connect 2
    2008-01-21 15:01 ——— d—–w C:\Program Files\BitComet
    2008-01-21 09:01 56 –sha-w C:\redir.sys
    2008-01-21 09:01 ——— d—–w C:\Program Files\Common Files\PACE Anti-Piracy
    2008-01-21 09:01 ——— d—–w C:\Documents and Settings\Stan\Application Data\Sonic
    2008-01-21 09:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    2008-01-21 08:59 ——— d—–w C:\Program Files\InterLok
    2008-01-21 08:51 ——— d—–w C:\Program Files\Sonic
    2008-01-21 08:51 ——— d—–w C:\Program Files\Common Files\SureThing Shared
    2008-01-18 18:25 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-01-17 16:26 ——— d—–w C:\Documents and Settings\Stan\Application Data\Ahead
    2008-01-16 15:15 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-16 15:15 ——— d—–w C:\Program Files\Messenger Plus! Live
    2008-01-15 18:39 ——— d—–w C:\Program Files\Magentic
    2008-01-15 08:54 10,537 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-01-15 04:28 706 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-01-14 12:34 ——— d—–w C:\Documents and Settings\Stan\Application Data\Media Player Classic
    2008-01-14 06:10 ——— d—–w C:\Documents and Settings\Stan\Application Data\Symantec
    2008-01-13 17:26 ——— d—–w C:\Program Files\Abbyy FineReader 6.0 Sprint
    2008-01-12 22:34 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-01-12 22:34 60,800 —-a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2008-01-12 22:34 123,952 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-01-12 22:34 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-01-12 22:34 ——— d—–w C:\Program Files\Symantec
    2008-01-12 19:20 ——— d—–w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-12 19:06 28,672 —-a-w C:\WINDOWS\system32\qttask.exe
    2008-01-12 19:06 ——— d—–w C:\Program Files\QuickTime
    2008-01-12 19:06 ——— d—–w C:\Program Files\Java
    2008-01-12 19:06 ——— d—–w C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-01-12 19:05 ——— d—–w C:\Program Files\Real
    2008-01-12 19:05 ——— d—–w C:\Program Files\Common Files\Real
    2008-01-12 18:57 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-01-12 18:51 ——— d—–w C:\Program Files\Windows Live
    2008-01-12 18:51 ——— d—–w C:\Program Files\Common Files\Java
    2008-01-12 18:47 ——— d—–w C:\Program Files\K-Lite Codec Pack
    2008-01-12 18:44 ——— d—–w C:\Program Files\TweakNow PowerPack 2006
    2008-01-12 18:39 ——— d—–w C:\Program Files\Ahead
    2008-01-12 18:37 ——— d—–w C:\Program Files\Common Files\Ahead
    2008-01-12 18:35 ——— d—–w C:\Documents and Settings\All Users\Application Data\Ahead
    2008-01-12 17:32 23,904 —-a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-01-12 14:45 ——— d—–w C:\Program Files\CleanUp!
    2008-01-12 14:20 ——— d—–w C:\Program Files\UnderCoverXP
    2008-01-12 14:20 ——— d—–w C:\Program Files\DVD Shrink
    2008-01-12 13:59 ——— d—–w C:\Program Files\Lexmark 4300 Series
    2008-01-12 13:59 ——— d—–w C:\Documents and Settings\Stan\Application Data\FaxCtr
    2008-01-12 13:55 ——— d—–w C:\Program Files\Lexmark Fax Solutions
    2008-01-12 13:54 ——— d—–w C:\Documents and Settings\All Users\Application Data\FaxCtr
    2008-01-12 13:13 ——— d—–w C:\Program Files\Intel
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 04:10 116328]
    "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveSearch"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
    "C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
    "C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "25280:TCP"= 25280:TCP:BitComet 25280 TCP
    "25280:UDP"= 25280:UDP:BitComet 25280 UDP


    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-10 19:46:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-03-10 19:46:42
    ComboFix-quarantined-files.txt 2008-03-10 18:46:40
    ComboFix2.txt 2008-03-09 17:03:39
    .
    2008-03-09 08:57:32 — E O F —


    En het nieuwe hijack log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:49:48, on 10-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?from=start.home.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215861374390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200165312531
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 7059 bytes


    Volgens mij zijn de problemen opgelost. Of jullie moeten nog wat kunnen vinden in mijn logjes.

    Heel erg bedankt voor de hulp.

    Mvg Opelmantagek
  • Open een leeg kladblok venster en kopieer/plak onderstaande dikgedrukte tekst daarin:

    [b:f0479aa9dd]
    @ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\WINDOWS\system32\lxmqcmmh.ini) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt
    [/b:f0479aa9dd]

    Sla het vervolgens op als [b:f0479aa9dd]fix.bat[/b:f0479aa9dd] op je [u:f0479aa9dd]Bureaublad[/u:f0479aa9dd]
    Kies bij Opslaan als type voor [b:f0479aa9dd]Alle bestanden[/b:f0479aa9dd].

    Dubbelklik vervolgens op [b:f0479aa9dd]fix.bat[/b:f0479aa9dd] en post de uitslag in je volgende bericht.

    Hoe is het met je problemen?
    Pim :)
  • sorry voor de late reactie.

    maar hier de uitslag van fix.bat

    Deleting files
    C:\WINDOWS\system32\lxmqcmmh.ini deleted

    Verder zijn er geen problemen meer met de pc.

    Mvg. Opelmantagek

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.