Vraag & Antwoord

Beveiliging & privacy

"schijven beveiligd tegen schrijven"+"u bent

Anoniem
None
33 antwoorden
 • Hallo, ik heb een probleem met mijn computer, deze werkt onder Windows XP. Norton updates kan ik downloaden maar niet instaleren. "niet bevoegd" Mappen kan ik niet verwijderen. Geluid was weg, Steeds de error “schijven beveiligd tegen schrijven”als je een map wilde verwijderen. ( foto,s of bestanden ). Het begon nadat ik Nero 8 had gekocht en geinstaleerd.

  Dat heb ik uiteindelijk met veel moeite kunnen verwijderen met een backup harde schijf en de image weer terug te zetten met Acronis software. Nero 8 retour winkel. ( Net 2 dagen uit!) Nu heb ik in ieder geval mijn geluid weer terug en normaal uitziende mappen!. Ik kan Dus niet meer mappen verwijderen, dan krijg ik de melding; “u bent niet bevoegd”. Ik denk dat het toch een virus is, of dat de gebruiker gewisseld is op een of andere manier. Norton is pas vernieuwd tot 2008 ( via e-mail gedownload ) download wel updates maar verwerkt ze niet!

  Cc geprobeerd. Hitmanpro geprobeerd. In de veilige mode RO–HKCUSofware\Microsoft\Internet Explorer\Main ect. En de RO-HKLM\Software\Microsoft\Internet Explorer\Main ect.ect. verwijderd. Ook niet echt geholpen! Hierna systeemherstel uitgevoerd omdat mijn e-mail niet meer werkte. Nu zijn mijn mappen opties kleiner geworden en omschrijvingen bij mappen zijn onduidelijker Ik heb nog info in de veilige mode van Hyjack this:

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 11:25:12, on 13-10-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  Boot mode: Safe mode

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\LVComsX.exe
  C:\Documents and Settings\J. de Brabander\Mijn documenten\HiJackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hetnet.nl/
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
  O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Toolband.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
  O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [OpwareSE2] "D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
  O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Nieuwe map\TrueImageMonitor.exe
  O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Nieuwe map\TimounterMonitor.exe
  O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
  O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
  O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
  O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
  O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [osCheck] "D:\Nieuwe map\osCheck.exe"
  O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - S-1-5-18 Startup: Butler 4012 USB VoIP.lnk = ? (User 'SYSTEM')
  O4 - .DEFAULT Startup: Butler 4012 USB VoIP.lnk = ? (User 'Default user')
  O4 - Startup: Butler 4012 USB VoIP.lnk = ?
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_AddToList.html
  O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_HSPrint.html
  O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Preview.html
  O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Print.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk
  O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/
  O15 - Trusted Zone: *.msn messenger
  O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
  O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
  O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
  O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
  O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
  O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
  O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


  End of file - 9908 bytes


  Ik kan hier echt geen wijs uit!

  is het misschien beter om weer het bewaard image bestand er overheen te zetten? Omdat na deze ingreep de mappen er wel normaal uitzagen! Alllen zit ik dan nog steeds met "schijven beveiligd tegen schrijven"….

  Ik lees altijd graag het blad Computer totaal en ik hoop dat ik ook op deze manier geholpen kan worden.  Kunt u mij helpen?  Vriendelijke groet,  Jack de Brabander
 • Kijk eens of het lukt een nieuwe account met volledige rechten aan te maken. Daarmee inloggen en zien of dat uitmaakt.
 • bedankt voor je reactie, ik zal het proberen. kan helaas nog geen verbinding krijgen op deze nieuwe account naar hetnet. De nieuwe account is ook volledig leeg in het bureablad.

  groeten,

  jack
 • Het Hijackthis logje is gemaakt in Veilige modus, kun je eens een logje maken in normale modus?
 • Bedankt voor je reactie!

  Dit is in de normale mode:

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 18:05:21, on 14-10-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\Program Files\QuickTime\qttask.exe
  D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
  D:\Nieuwe map\TrueImageMonitor.exe
  D:\Nieuwe map\TimounterMonitor.exe
  C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
  C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
  C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
  C:\Program Files\TOPCOM\BULTER 4012\Butler 4012 USB VoIP.exe
  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
  C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
  C:\WINDOWS\ASUSKBService.exe
  C:\WINDOWS\system32\bgsvcgen.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\UAService7.exe
  C:\Program Files\Canon\CAL\CALMAIN.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\Program Files\Skype\Plugin Manager\SkypePM.exe
  C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
  C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hetnet.nl/
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
  O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Toolband.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
  O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [OpwareSE2] "D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
  O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Nieuwe map\TrueImageMonitor.exe
  O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Nieuwe map\TimounterMonitor.exe
  O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
  O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
  O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
  O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
  O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [osCheck] "D:\Nieuwe map\osCheck.exe"
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - Startup: Butler 4012 USB VoIP.lnk = ?
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_AddToList.html
  O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_HSPrint.html
  O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Preview.html
  O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Print.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk
  O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/
  O15 - Trusted Zone: *.msn messenger
  O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
  O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
  O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
  O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
  O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
  O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
  O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


  End of file - 10863 bytes


  groeten,

  jack
 • hallo, hier heb ik nog meer info van Hyjackthis. Ik hoop dat iemand mij kan helpen. In de nieuwe account kan ik geen internet verbinding maken en zijn er geen mappen gevuld zoals bij mijn eerste account. Wat doe ik verkeerd? Norton is niet in staat in mijn oude account om de gegevens te verwerken. "error, neem contact op met Symatec". Maar ook daar kan ik het verwijdertool niet van instaleren. Wederom "error, neem contact op met Symatec". Verwijderen lukt niet, bij geen enkele map. "niet bevoegd tot". Ik weet het niet meer…..Ik hoop dat iemand mij kan helpen!

  groeten, jack

  Hier is de info van Hyjackthis:  Comparison of your HijackThis log file items to others
  The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.

  Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.


  Index % of PCs with item Code Data
  1 0.0% O14 START_PAGE_URL=http://www.hetnet.nl/
  2 0.0% O15 *.msn messenger
  3 1.8% O16 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
  4 0.3% O16 {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
  5 0.2% O16 {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
  6 0.2% O16 {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
  7 0.1% O16 {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
  8 1.4% O18 skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  9 3.7% O2 (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  10 2.5% O2 Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  11 0.7% O2 Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
  12 0.0% O2 Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
  13 0.0% O2 SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  14 0.0% O2 NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
  15 0.0% O2 Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
  16 0.0% O20 MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
  17 5.4% O23 NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  18 5.1% O23 Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  19 4.2% O23 Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  20 4.1% O23 InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  21 2.7% O23 ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  22 0.9% O23 iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  23 0.5% O23 ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  24 0.3% O23 Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
  25 0.3% O23 Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
  26 0.1% O23 SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  27 0.1% O23 B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
  28 0.0% O23 ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
  29 0.0% O23 Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
  30 0.0% O23 NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
  31 0.0% O23 DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
  32 0.0% O23 Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  33 0.0% O23 PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Nieuwe map\Spyware Doctor\svcntaux.exe
  34 0.0% O23 PC Tools Security Service (sdCoreService) - PC Tools - D:\Nieuwe map\Spyware Doctor\swdsvc.exe
  35 0.0% O23 PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Nieuwe map\Spyware Doctor\sdhelp.exe
  36 0.7% O3 &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
  37 0.0% O3 Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
  38 0.0% O3 Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Toolband.dll
  39 14.3% O4 [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  40 6.4% O4 [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  41 5.6% O4 [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  42 4.0% O4 [nwiz] nwiz.exe /install
  43 2.9% O4 [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  44 2.6% O4 [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  45 1.0% O4 [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  46 0.7% O4 [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  47 0.6% O4 [Logitech Utility] Logi_MwX.Exe
  48 0.3% O4 [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
  49 0.2% O4 [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
  50 0.2% O4 [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
  51 0.1% O4 [Spyware Doctor] (User 'SYSTEM')
  52 0.1% O4 [Spyware Doctor] (User 'Default user')
  53 0.0% O4 [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
  54 0.0% O4 [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
  55 0.0% O4 [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
  56 0.0% O4 [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
  57 0.0% O4 Butler 4012 USB VoIP.lnk = ?
  58 0.0% O4 [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  59 0.0% O4 [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  60 0.0% O4 [OpwareSE2] "D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe"
  61 0.0% O4 [TrueImageMonitor.exe] D:\Nieuwe map\TrueImageMonitor.exe
  62 0.0% O4 [AcronisTimounterMonitor] D:\Nieuwe map\TimounterMonitor.exe
  63 0.0% O4 [osCheck] "D:\Nieuwe map\osCheck.exe"
  64 0.1% O8 E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  65 0.0% O8 Easy-WebPrint Add To Print List - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_AddToList.html
  66 0.0% O8 Easy-WebPrint High Speed Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_HSPrint.html
  67 0.0% O8 Easy-WebPrint Preview - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Preview.html
  68 0.0% O8 Easy-WebPrint Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Print.html
  69 11.5% O9 Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  70 11.3% O9 Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  71 0.2% O9 Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  72 0.0% O9 Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
  73 0.0% O9 Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
  74 0.0% O9 RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk
  75 0.0% O9 (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  76 0.0% O9 Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  77 0.0% O9 Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\NIEUWE~1\Spyware Doctor\tools\iesdpb.dll
  78 22.3% P01 C:\WINDOWS\Explorer.EXE
  79 21.8% P01 C:\WINDOWS\system32\svchost.exe
  80 21.8% P01 C:\WINDOWS\system32\lsass.exe
  81 21.8% P01 C:\WINDOWS\system32\winlogon.exe
  82 21.8% P01 C:\WINDOWS\system32\services.exe
  83 21.7% P01 C:\WINDOWS\System32\smss.exe
  84 20.9% P01 C:\WINDOWS\system32\spoolsv.exe
  85 15.1% P01 C:\WINDOWS\system32\ctfmon.exe
  86 5.3% P01 C:\WINDOWS\system32\Ati2evxx.exe
  87 4.7% P01 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  88 4.0% P01 C:\Program Files\QuickTime\qttask.exe
  89 2.5% P01 C:\WINDOWS\system32\csrss.exe
  90 1.8% P01 C:\WINDOWS\system32\wbem\wmiprvse.exe
  91 1.2% P01 C:\WINDOWS\system32\msiexec.exe
  92 0.9% P01 C:\Program Files\Skype\Phone\Skype.exe
  93 0.9% P01 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  94 0.8% P01 C:\WINDOWS\system32\LVCOMSX.EXE
  95 0.6% P01 C:\Program Files\Skype\Plugin Manager\SkypePM.exe
  96 0.5% P01 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  97 0.3% P01 C:\Program Files\Logitech\MouseWare\system\em_exec.exe
  98 0.3% P01 C:\Program Files\Canon\CAL\CALMAIN.exe
  99 0.3% P01 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
  100 0.3% P01 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
  101 0.2% P01 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
  102 0.2% P01 C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
  103 0.2% P01 C:\WINDOWS\system32\UAService7.exe
  104 0.1% P01 C:\WINDOWS\system32\bgsvcgen.exe
  105 0.0% P01 C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
  106 0.0% P01 c:\WINDOWS\ASUSKBService.exe
  107 0.0% P01 C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
  108 0.0% P01 C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
  109 0.0% P01 C:\Program Files\TOPCOM\BULTER 4012\Butler 4012 USB VoIP.exe
  110 0.0% P01 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  111 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  112 0.0% P01 D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe
  113 0.0% P01 D:\Nieuwe map\TrueImageMonitor.exe
  114 0.0% P01 D:\Nieuwe map\TimounterMonitor.exe
  115 0.0% P01 C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe
  116 0.5% R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  117 0.7% R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  118 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/
  119 0.0% R1 HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hetnet.nl/
  120 1.1% R3 Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

  Explanation of the codes

  R - Registry, StartPage/SearchPage changes


  R0 - Changed registry value
  R1 - Created registry value
  R2 - Created registry key
  R3 - Created extra registry value where only one should be

  F - IniFiles, autoloading entries


  F0 - Changed inifile value
  F1 - Created inifile value
  F2 - Changed inifile value, mapped to Registry
  F3 - Created inifile value, mapped to Registry

  N - Netscape/Mozilla StartPage/SearchPage changes


  N1 - Change in prefs.js of Netscape 4.x
  N2 - Change in prefs.js of Netscape 6
  N3 - Change in prefs.js of Netscape 7
  N4 - Change in prefs.js of Mozilla

  O - Other, several sections which represent:


  O1 - Hijack of auto.search.msn.com with Hosts file
  O2 - Enumeration of existing MSIE BHO's
  O3 - Enumeration of existing MSIE toolbars
  O4 - Enumeration of suspicious autoloading Registry entries
  O5 - Blocking of loading Internet Options in Control Panel
  O6 - Disabling of 'Internet Options' Main tab with Policies
  O7 - Disabling of Regedit with Policies
  O8 - Extra MSIE context menu items
  O9 - Extra 'Tools' menuitems and buttons
  O10 - Breaking of Internet access by New.Net or WebHancer
  O11 - Extra options in MSIE 'Advanced' settings tab
  O12 - MSIE plugins for file extensions or MIME types
  O13 - Hijack of default URL prefixes
  O14 - Changing of IERESET.INF
  O15 - Trusted Zone Autoadd
  O16 - Download Program Files item
  O17 - Domain hijack
  O18 - Enumeration of existing protocols and filters
  O19 - User stylesheet hijack
  O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
  O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
  O22 - SharedTaskScheduler autorun Registry key
  O23 - Enumeration of NT Services
  O24 - Enumeration of ActiveX Desktop Components
 • Ga naar start –> uitvoeren en typ daar: [b:e3613514dd]sfc /scannow[/b:e3613514dd]
  Meer info over scannow: http://www.updatexp.com/scannow-sfc.html

  Daarna:

  Download Combofix naar je [b:e3613514dd]bureaublad[/b:e3613514dd]

  Dubbelklik op [u:e3613514dd]combofix.exe[/u:e3613514dd]
  Kies voor "Continue" door [b:e3613514dd]1[/b:e3613514dd] te typen gevolgd door [b:e3613514dd]ENTER[/b:e3613514dd].
  Tijdens het runnen van de fix, [b:e3613514dd]NIET[/b:e3613514dd] in het venster klikken, want dit zal je pc doen vasthangen.

  Wanneer de fix voltooid is en na herstart, zal de log [b:e3613514dd]combofix.txt[/b:e3613514dd] openen. Bewaar dit logje.

  [i:e3613514dd]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:e3613514dd]

  Plaats in je volgende antwoord het logje van combofix ([i:e3613514dd]combofix.txt[/i:e3613514dd])
 • Hallo,

  Bedankt voor uw reactie!

  Ik heb Scannow onderzoek laten doen op mijn computer met als resultaat: "679 found + 679 Restricted" dat volgens mij betekend dat het software programma niets kon uitrichten? Met Combofix ging het beter, ondanks dat Windows het programma af wilde sluiten met een "in Sed.cfexe is een fout opgetreden en moet worden afgesloten", maakte Combofix het logje af!

  Hier het Combofix.txt logje:

  ComboFix 07-10-12.4 - J. de Brabander 2007-10-15 22:31:02.1 - NTFSx86
  Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1976 [GMT 2:00]
  Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((( Bestanden Gemaakt van 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))
  .

  2007-10-15 22:30 51,200 –a—— C:\WINDOWS\NirCmd.exe
  2007-10-14 21:10 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\AdwareAlert
  2007-10-14 20:04 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
  2007-10-14 20:04 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
  2007-10-14 19:34 <DIR> d——– C:\temp\Tmp___553
  2007-10-14 19:34 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\PC Tools
  2007-10-14 19:34 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
  2007-10-14 19:34 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
  2007-10-14 19:34 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
  2007-10-14 19:34 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
  2007-10-14 19:34 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
  2007-10-14 19:34 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
  2007-10-13 17:43 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Application Data\ATI
  2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Sjablonen
  2007-10-13 17:31 <DIR> dr-h—– C:\Documents and Settings\Jack de Brabander\Onlangs geopend
  2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Mijn documenten
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Menu Start
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Favorieten
  2007-10-13 17:31 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Bureaublad
  2007-10-13 11:54 <DIR> d——– C:\Hitman Pro
  2007-10-13 11:13 <DIR> d——– C:\Program Files\Trend Micro
  2007-10-13 10:09 584,192 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
  2007-10-12 20:26 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Symantec
  2007-10-12 20:20 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\LimeWire
  2007-10-06 15:44 <DIR> d——– C:\Program Files\Windows Sidebar
  2007-10-06 15:42 123,952 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
  2007-10-06 15:42 60,800 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
  2007-10-06 14:59 <DIR> d——– C:\Documents and Settings\All Users\Symantec Temporary Files
  2007-10-02 16:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Tages
  2007-09-29 12:20 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
  2007-09-29 12:20 2,414,360 –a—— C:\WINDOWS\system32\d3dx9_31.dll
  2007-09-20 19:47 42,752 ——— C:\WINDOWS\system32\drivers\ser2pl.sys
  2007-09-18 14:43 317,616 –a—— C:\WINDOWS\system32\drivers\srtspl.sys
  2007-09-18 14:43 278,576 –a—— C:\WINDOWS\system32\drivers\srtsp.sys
  2007-09-18 14:43 43,696 –a—— C:\WINDOWS\system32\drivers\srtspx.sys

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-10-15 20:07 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Skype
  2007-10-14 18:34 ——— d—–w C:\Program Files\Yahoo!
  2007-10-14 18:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2007-10-14 18:05 ——— d—–w C:\Program Files\SpywareBlaster
  2007-10-13 10:50 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
  2007-10-13 10:48 ——— d—–w C:\Program Files\Symantec
  2007-10-13 10:24 ——— d—–w C:\Program Files\Common Files\Symantec Shared
  2007-10-06 15:04 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
  2007-10-06 15:04 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
  2007-10-06 13:45 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Symantec
  2007-10-02 20:25 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Canon
  2007-10-02 14:04 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX
  2007-09-29 11:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2007-09-23 18:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
  2007-09-19 09:22 ——— d—–w C:\Program Files\Common Files\Adobe
  2007-09-18 19:37 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
  2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspx.cat
  2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspl.cat
  2007-09-18 12:44 10,658 —-a-w C:\WINDOWS\system32\drivers\srtsp.cat
  2007-09-18 12:44 1,430 —-a-w C:\WINDOWS\system32\drivers\srtspl.inf
  2007-09-18 12:44 1,421 —-a-w C:\WINDOWS\system32\drivers\srtspx.inf
  2007-09-18 12:44 1,415 —-a-w C:\WINDOWS\system32\drivers\srtsp.inf
  2007-09-11 17:14 ——— d—–w C:\Program Files\Microsoft Encarta
  2007-09-10 17:07 ——— d—–w C:\Program Files\CBS
  2007-09-09 09:10 ——— d—–w C:\Documents and Settings\Administrator\Application Data\ATI
  2007-09-02 20:52 ——— d—–w C:\Program Files\Ahead
  2007-09-02 20:50 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Ahead
  2007-09-02 20:49 ——— d—–w C:\Documents and Settings\All Users\Application Data\Ahead
  2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-SAL
  2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-GfxDatas
  2007-08-29 12:18 577,928 —-a-w C:\WINDOWS\system32\SymNeti.dll
  2007-08-28 16:01 ——— d—–w C:\Program Files\Common Files\YDP
  2007-08-24 12:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
  2007-08-24 12:23 ——— d—–w C:\Program Files\DivX
  2007-08-23 15:57 207,240 —-a-w C:\WINDOWS\system32\SymRedir.dll
  2007-08-23 12:46 ——— d—–w C:\Program Files\Skype
  2007-08-23 12:46 ——— d—–w C:\Program Files\Common Files\Skype
  2007-08-23 12:46 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
  2007-08-23 11:53 ——— d—–w C:\Program Files\Java
  2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
  2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
  2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
  2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
  2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
  2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
  2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
  2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
  2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
  2007-06-25 15:31 81,920 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe
  2007-06-25 15:31 47,360 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys
  2006-09-18 08:09 284 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
  2007-08-24 21:51 316784 –a—— C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
  2007-10-06 15:44 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

  [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
  [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
  [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
  "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

  [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
  [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
  [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15]
  "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
  "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe]
  "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50]
  "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49]
  "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
  "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
  "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08]
  "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41]
  "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23]
  "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56]
  "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12]
  "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43]
  "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07]
  "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53]
  "RegistryMechanic"="" []

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Start WingMan Profiler"="" []
  "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]

  [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
  "Spyware Doctor"=

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  "NoSimpleStartMenu"=0 (0x0)
  "NoTrayItemsDisplay"=0 (0x0)
  "NoRecentDocsHistory"=0 (0x0)

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility]
  C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Authentication Packages"= msv1_0 relog_ap

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
  backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
  backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
  backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
  backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
  backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
  "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
  "D:\Nieuwe map\iTunesHelper.exe"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  C:\WINDOWS\system32\NeroCheck.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
  D:\Nieuwe map\olympus master software\Monitor.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
  "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
  C:\Program Files\Logitech\iTouch\iTouch.exe

  R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys
  R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
  R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
  R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
  R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys
  R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
  R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys
  R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
  R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
  R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
  R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
  R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
  R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
  S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
  S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
  S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys
  S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
  S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
  S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
  S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

  *Newly Created Service* - CATCHME
  .
  Inhoud van de 'Gedeelde Taken' map
  "2007-10-14 19:10:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
  - C:\Program Files\AdwareAlert\AdwareAlert.exe
  "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job"
  - D:\Nieuwe map\Norton AntiVirus\Navw32.exe
  .
  **************************************************************************

  catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-10-15 22:34:47
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-10-15 22:35:24
  .
  — E O F —

  Downloads van Symatic worden ook niet verwerkt. Met een speciale tool van Symatic het bestand te verwijderen, met de bedoeling om het software programma van Symatic opnieuw te instaleren is ook niet mogelijk. Ik krijg steeds "error". Of is het beter om een ding te gelijk te bekijken?

  Groeten, Jack
 • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
  [b:0c0a3812c0]
  Registry::
  [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
  [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
  [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

  [/b:0c0a3812c0]
  Sla dit op op je Bureaublad als [b:0c0a3812c0]CFScript.txt[/b:0c0a3812c0]

  Sleep [b:0c0a3812c0]CFScript.txt[/b:0c0a3812c0] in [b:0c0a3812c0]ComboFix.exe[/b:0c0a3812c0] zoals getoond in onderstaand voorbeeld :

  [img:0c0a3812c0]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:0c0a3812c0]

  Dit zal [b:0c0a3812c0]ComboFix[/b:0c0a3812c0] doen herstarten.
  Start opnieuw op als daarom gevraagd wordt,
  en post de inhoud van de [b:0c0a3812c0]Combofix.txt[/b:0c0a3812c0] in je volgende antwoord

  Download Dial-a-fix via
  http://wiki.djlizard.net/Dial-a-fix#Standard_version

  Start Dial-A-Fix en in het hoofd-venster vink je alles aan en klik onderaan op 'Go'
  Laat het tooltje zijn werk doen en herstart je pc, kijk of het dan gebeterd is.
 • Hallo,

  bedankt voor je reactie!

  Ik hoop dat dit het goede bestand is?

  De andere suggestie zal ik hierna uitvoeren.

  groeten,

  jack

  ComboFix 07-10-12.4 - J. de Brabander 2007-10-16 0:26:32.3 - NTFSx86
  Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1886 [GMT 2:00]
  Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe
  Command switches used :: C:\Documents and Settings\J. de Brabander\Bureaublad\CFScript.txt.lnk
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((( Bestanden Gemaakt van 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))
  .

  2007-10-15 22:30 51,200 –a—— C:\WINDOWS\NirCmd.exe
  2007-10-14 21:10 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\AdwareAlert
  2007-10-14 20:04 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
  2007-10-14 20:04 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
  2007-10-14 19:34 <DIR> d——– C:\temp\Tmp___553
  2007-10-14 19:34 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\PC Tools
  2007-10-14 19:34 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
  2007-10-14 19:34 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
  2007-10-14 19:34 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
  2007-10-14 19:34 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
  2007-10-14 19:34 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
  2007-10-14 19:34 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
  2007-10-13 17:43 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Application Data\ATI
  2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Sjablonen
  2007-10-13 17:31 <DIR> dr-h—– C:\Documents and Settings\Jack de Brabander\Onlangs geopend
  2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Mijn documenten
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Menu Start
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Favorieten
  2007-10-13 17:31 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Bureaublad
  2007-10-13 11:54 <DIR> d——– C:\Hitman Pro
  2007-10-13 11:13 <DIR> d——– C:\Program Files\Trend Micro
  2007-10-13 10:09 584,192 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
  2007-10-12 20:26 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Symantec
  2007-10-12 20:20 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\LimeWire
  2007-10-06 15:44 <DIR> d——– C:\Program Files\Windows Sidebar
  2007-10-06 15:42 123,952 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
  2007-10-06 15:42 60,800 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
  2007-10-06 14:59 <DIR> d——– C:\Documents and Settings\All Users\Symantec Temporary Files
  2007-10-02 16:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Tages
  2007-09-29 12:20 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
  2007-09-29 12:20 2,414,360 –a—— C:\WINDOWS\system32\d3dx9_31.dll
  2007-09-20 19:47 42,752 ——— C:\WINDOWS\system32\drivers\ser2pl.sys
  2007-09-18 14:43 317,616 –a—— C:\WINDOWS\system32\drivers\srtspl.sys
  2007-09-18 14:43 278,576 –a—— C:\WINDOWS\system32\drivers\srtsp.sys
  2007-09-18 14:43 43,696 –a—— C:\WINDOWS\system32\drivers\srtspx.sys

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-10-15 21:52 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Skype
  2007-10-15 21:35 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX
  2007-10-14 18:34 ——— d—–w C:\Program Files\Yahoo!
  2007-10-14 18:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2007-10-14 18:05 ——— d—–w C:\Program Files\SpywareBlaster
  2007-10-13 10:50 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
  2007-10-13 10:48 ——— d—–w C:\Program Files\Symantec
  2007-10-13 10:24 ——— d—–w C:\Program Files\Common Files\Symantec Shared
  2007-10-06 15:04 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
  2007-10-06 15:04 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
  2007-10-06 13:45 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Symantec
  2007-10-02 20:25 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Canon
  2007-09-29 11:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2007-09-23 18:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
  2007-09-19 09:22 ——— d—–w C:\Program Files\Common Files\Adobe
  2007-09-18 19:37 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
  2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspx.cat
  2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspl.cat
  2007-09-18 12:44 10,658 —-a-w C:\WINDOWS\system32\drivers\srtsp.cat
  2007-09-18 12:44 1,430 —-a-w C:\WINDOWS\system32\drivers\srtspl.inf
  2007-09-18 12:44 1,421 —-a-w C:\WINDOWS\system32\drivers\srtspx.inf
  2007-09-18 12:44 1,415 —-a-w C:\WINDOWS\system32\drivers\srtsp.inf
  2007-09-11 17:14 ——— d—–w C:\Program Files\Microsoft Encarta
  2007-09-10 17:07 ——— d—–w C:\Program Files\CBS
  2007-09-09 09:10 ——— d—–w C:\Documents and Settings\Administrator\Application Data\ATI
  2007-09-02 20:52 ——— d—–w C:\Program Files\Ahead
  2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-SAL
  2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-GfxDatas
  2007-08-29 12:18 577,928 —-a-w C:\WINDOWS\system32\SymNeti.dll
  2007-08-28 16:01 ——— d—–w C:\Program Files\Common Files\YDP
  2007-08-24 12:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
  2007-08-24 12:23 ——— d—–w C:\Program Files\DivX
  2007-08-23 15:57 207,240 —-a-w C:\WINDOWS\system32\SymRedir.dll
  2007-08-23 12:46 ——— d—–w C:\Program Files\Skype
  2007-08-23 12:46 ——— d—–w C:\Program Files\Common Files\Skype
  2007-08-23 12:46 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
  2007-08-23 11:53 ——— d—–w C:\Program Files\Java
  2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
  2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
  2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
  2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
  2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
  2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
  2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
  2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
  2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
  2007-06-25 15:31 81,920 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe
  2007-06-25 15:31 47,360 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys
  2006-09-18 08:09 284 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
  2007-08-24 21:51 316784 –a—— C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
  2007-10-06 15:44 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

  [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
  [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
  [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
  "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

  [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
  [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
  [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15]
  "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
  "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe]
  "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50]
  "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49]
  "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
  "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
  "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08]
  "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41]
  "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23]
  "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56]
  "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12]
  "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43]
  "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07]
  "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53]
  "RegistryMechanic"="" []

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Start WingMan Profiler"="" []
  "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]

  [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
  "Spyware Doctor"=

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  "NoSimpleStartMenu"=0 (0x0)
  "NoTrayItemsDisplay"=0 (0x0)
  "NoRecentDocsHistory"=0 (0x0)

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility]
  C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Authentication Packages"= msv1_0 relog_ap

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
  backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
  backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
  backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
  backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
  backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
  "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
  "D:\Nieuwe map\iTunesHelper.exe"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  C:\WINDOWS\system32\NeroCheck.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
  D:\Nieuwe map\olympus master software\Monitor.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
  "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
  C:\Program Files\Logitech\iTouch\iTouch.exe

  R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys
  R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
  R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
  R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
  R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys
  R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
  R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys
  R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
  R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
  R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
  R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
  R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
  S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
  S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
  S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys
  S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
  S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
  S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
  S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
  S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

  .
  Inhoud van de 'Gedeelde Taken' map
  "2007-10-14 19:10:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
  - C:\Program Files\AdwareAlert\AdwareAlert.exe
  "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job"
  - D:\Nieuwe map\Norton AntiVirus\Navw32.exe
  .
  **************************************************************************

  catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-10-16 00:27:50
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-10-16 0:28:30
  C:\ComboFix2.txt … 2007-10-15 22:35
  .
  — E O F —
 • Hoi Jack,

  Het is niet helemaal goed gegaan, je hebt nu het tekstbestandje opgeslagen als een snelkoppeling: CFScript.txt.lnk

  Lees bovenstaande instructies nog eens door en probeer het nog eens;)
  Probeer Dial-a-fix ook nog eens.
 • Hallo,

  Het leek mij ook niet zo moeilijk! Maar ik weet niet of dit dan wel goed is? of de volgende? Dus 2 keer hier neergezet. De computer gaf weer de melding "fout in Sed.cfexe opgetreden en moet worden afgesloten".
  Ik hoor wel of het nu wel goed was?Als ik CFScript.txt intik bij opslaan als voor bureablad staat er op het bureaublad CFScript en niet met txt erbij. De Dial a Fix. leverde geen resultaat op. Nog steeds dezelfde problemen. Zal het nog een keer proberen!

  groeten,

  jack

  ComboFix 07-10-12.4 - J. de Brabander 2007-10-16 17:58:45.4 - NTFSx86
  Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.2023 [GMT 2:00]
  Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe
  Command switches used :: C:\Documents and Settings\J. de Brabander\Bureaublad\CFScript.txt.txt
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((( Bestanden Gemaakt van 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))
  .

  2007-10-16 00:46 <DIR> d——– C:\WINDOWS\system32\CatRoot2
  2007-10-15 22:30 51,200 –a—— C:\WINDOWS\NirCmd.exe
  2007-10-14 21:10 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\AdwareAlert
  2007-10-14 20:04 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
  2007-10-14 20:04 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
  2007-10-14 19:34 <DIR> d——– C:\temp\Tmp___553
  2007-10-14 19:34 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\PC Tools
  2007-10-14 19:34 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
  2007-10-14 19:34 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
  2007-10-14 19:34 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
  2007-10-14 19:34 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
  2007-10-14 19:34 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
  2007-10-14 19:34 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
  2007-10-13 17:43 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Application Data\ATI
  2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Sjablonen
  2007-10-13 17:31 <DIR> dr-h—– C:\Documents and Settings\Jack de Brabander\Onlangs geopend
  2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Mijn documenten
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Menu Start
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Favorieten
  2007-10-13 17:31 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Bureaublad
  2007-10-13 11:54 <DIR> d——– C:\Hitman Pro
  2007-10-13 11:13 <DIR> d——– C:\Program Files\Trend Micro
  2007-10-13 10:09 584,192 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
  2007-10-12 20:26 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Symantec
  2007-10-12 20:20 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\LimeWire
  2007-10-06 15:44 <DIR> d——– C:\Program Files\Windows Sidebar
  2007-10-06 15:42 123,952 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
  2007-10-06 15:42 60,800 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
  2007-10-06 14:59 <DIR> d——– C:\Documents and Settings\All Users\Symantec Temporary Files
  2007-10-02 16:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Tages
  2007-09-29 12:20 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
  2007-09-29 12:20 2,414,360 –a—— C:\WINDOWS\system32\d3dx9_31.dll
  2007-09-20 19:47 42,752 ——— C:\WINDOWS\system32\drivers\ser2pl.sys
  2007-09-18 14:43 317,616 –a—— C:\WINDOWS\system32\drivers\srtspl.sys
  2007-09-18 14:43 278,576 –a—— C:\WINDOWS\system32\drivers\srtsp.sys
  2007-09-18 14:43 43,696 –a—— C:\WINDOWS\system32\drivers\srtspx.sys

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-10-16 15:48 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Skype
  2007-10-15 21:35 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX
  2007-10-14 18:34 ——— d—–w C:\Program Files\Yahoo!
  2007-10-14 18:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2007-10-14 18:05 ——— d—–w C:\Program Files\SpywareBlaster
  2007-10-13 10:50 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
  2007-10-13 10:48 ——— d—–w C:\Program Files\Symantec
  2007-10-13 10:24 ——— d—–w C:\Program Files\Common Files\Symantec Shared
  2007-10-06 15:04 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
  2007-10-06 15:04 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
  2007-10-06 13:45 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Symantec
  2007-10-02 20:25 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Canon
  2007-09-29 11:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2007-09-23 18:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
  2007-09-19 09:22 ——— d—–w C:\Program Files\Common Files\Adobe
  2007-09-18 19:37 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
  2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspx.cat
  2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspl.cat
  2007-09-18 12:44 10,658 —-a-w C:\WINDOWS\system32\drivers\srtsp.cat
  2007-09-18 12:44 1,430 —-a-w C:\WINDOWS\system32\drivers\srtspl.inf
  2007-09-18 12:44 1,421 —-a-w C:\WINDOWS\system32\drivers\srtspx.inf
  2007-09-18 12:44 1,415 —-a-w C:\WINDOWS\system32\drivers\srtsp.inf
  2007-09-11 17:14 ——— d—–w C:\Program Files\Microsoft Encarta
  2007-09-10 17:07 ——— d—–w C:\Program Files\CBS
  2007-09-09 09:10 ——— d—–w C:\Documents and Settings\Administrator\Application Data\ATI
  2007-09-02 20:52 ——— d—–w C:\Program Files\Ahead
  2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-SAL
  2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-GfxDatas
  2007-08-29 12:18 577,928 —-a-w C:\WINDOWS\system32\SymNeti.dll
  2007-08-28 16:01 ——— d—–w C:\Program Files\Common Files\YDP
  2007-08-24 12:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
  2007-08-24 12:23 ——— d—–w C:\Program Files\DivX
  2007-08-23 15:57 207,240 —-a-w C:\WINDOWS\system32\SymRedir.dll
  2007-08-23 12:46 ——— d—–w C:\Program Files\Skype
  2007-08-23 12:46 ——— d—–w C:\Program Files\Common Files\Skype
  2007-08-23 12:46 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
  2007-08-23 11:53 ——— d—–w C:\Program Files\Java
  2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
  2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
  2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
  2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
  2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
  2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
  2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
  2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
  2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
  2007-06-25 15:31 81,920 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe
  2007-06-25 15:31 47,360 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys
  2006-09-18 08:09 284 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat
  .

  ((((((((((((((((((((((((((((( snapshot@2007-10-15_22.34.58,73 )))))))))))))))))))))))))))))))))))))))))
  .
  + 2007-10-15 22:15:23 1,926,248 —-a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat
  + 2007-10-15 22:15:23 1,926,248 —-a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat.bak
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
  2007-08-24 21:51 316784 –a—— C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
  2007-10-06 15:44 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15]
  "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
  "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe]
  "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50]
  "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49]
  "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
  "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
  "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08]
  "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41]
  "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23]
  "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56]
  "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12]
  "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43]
  "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07]
  "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53]
  "RegistryMechanic"="" []

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Start WingMan Profiler"="" []
  "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]

  [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
  "Spyware Doctor"=

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  "NoSimpleStartMenu"=0 (0x0)
  "NoTrayItemsDisplay"=0 (0x0)
  "NoRecentDocsHistory"=0 (0x0)

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility]
  C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Authentication Packages"= msv1_0 relog_ap

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
  backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
  backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
  backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
  backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
  backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
  "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
  "D:\Nieuwe map\iTunesHelper.exe"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  C:\WINDOWS\system32\NeroCheck.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
  D:\Nieuwe map\olympus master software\Monitor.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
  "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
  C:\Program Files\Logitech\iTouch\iTouch.exe

  R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys
  R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
  R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
  R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
  R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys
  R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
  R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys
  R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
  R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
  R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
  R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
  R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
  S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
  S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
  S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys
  S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
  S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
  S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
  S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
  S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

  .
  Inhoud van de 'Gedeelde Taken' map
  "2007-10-14 19:10:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
  - C:\Program Files\AdwareAlert\AdwareAlert.exe
  "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job"
  - D:\Nieuwe map\Norton AntiVirus\Navw32.exe
  .
  **************************************************************************

  catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-10-16 18:00:24
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-10-16 18:01:04
  C:\ComboFix2.txt … 2007-10-16 00:28
  C:\ComboFix3.txt … 2007-10-15 22:35
  .
  — E O F —
  Of deze uitvoering?:

  ComboFix 07-10-12.4 - J. de Brabander 2007-10-16 18:07:46.5 - NTFSx86
  Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1923 [GMT 2:00]
  Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe
  Command switches used :: C:\Documents and Settings\J. de Brabander\Bureaublad\CFScript.txt
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((( Bestanden Gemaakt van 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))
  .

  2007-10-16 00:46 <DIR> d——– C:\WINDOWS\system32\CatRoot2
  2007-10-15 22:30 51,200 –a—— C:\WINDOWS\NirCmd.exe
  2007-10-14 21:10 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\AdwareAlert
  2007-10-14 20:04 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
  2007-10-14 20:04 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
  2007-10-14 19:34 <DIR> d——– C:\temp\Tmp___553
  2007-10-14 19:34 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\PC Tools
  2007-10-14 19:34 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
  2007-10-14 19:34 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
  2007-10-14 19:34 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
  2007-10-14 19:34 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
  2007-10-14 19:34 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
  2007-10-14 19:34 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
  2007-10-13 17:43 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Application Data\ATI
  2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Sjablonen
  2007-10-13 17:31 <DIR> dr-h—– C:\Documents and Settings\Jack de Brabander\Onlangs geopend
  2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Mijn documenten
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Menu Start
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Favorieten
  2007-10-13 17:31 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Bureaublad
  2007-10-13 11:54 <DIR> d——– C:\Hitman Pro
  2007-10-13 11:13 <DIR> d——– C:\Program Files\Trend Micro
  2007-10-13 10:09 584,192 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
  2007-10-12 20:26 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Symantec
  2007-10-12 20:20 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\LimeWire
  2007-10-06 15:44 <DIR> d——– C:\Program Files\Windows Sidebar
  2007-10-06 15:42 123,952 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
  2007-10-06 15:42 60,800 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
  2007-10-06 14:59 <DIR> d——– C:\Documents and Settings\All Users\Symantec Temporary Files
  2007-10-02 16:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Tages
  2007-09-29 12:20 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
  2007-09-29 12:20 2,414,360 –a—— C:\WINDOWS\system32\d3dx9_31.dll
  2007-09-20 19:47 42,752 ——— C:\WINDOWS\system32\drivers\ser2pl.sys
  2007-09-18 14:43 317,616 –a—— C:\WINDOWS\system32\drivers\srtspl.sys
  2007-09-18 14:43 278,576 –a—— C:\WINDOWS\system32\drivers\srtsp.sys
  2007-09-18 14:43 43,696 –a—— C:\WINDOWS\system32\drivers\srtspx.sys

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-10-16 15:48 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Skype
  2007-10-15 21:35 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX
  2007-10-14 18:34 ——— d—–w C:\Program Files\Yahoo!
  2007-10-14 18:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2007-10-14 18:05 ——— d—–w C:\Program Files\SpywareBlaster
  2007-10-13 10:50 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
  2007-10-13 10:48 ——— d—–w C:\Program Files\Symantec
  2007-10-13 10:24 ——— d—–w C:\Program Files\Common Files\Symantec Shared
  2007-10-06 15:04 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
  2007-10-06 15:04 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
  2007-10-06 13:45 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Symantec
  2007-10-02 20:25 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Canon
  2007-09-29 11:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2007-09-23 18:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
  2007-09-19 09:22 ——— d—–w C:\Program Files\Common Files\Adobe
  2007-09-18 19:37 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
  2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspx.cat
  2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspl.cat
  2007-09-18 12:44 10,658 —-a-w C:\WINDOWS\system32\drivers\srtsp.cat
  2007-09-18 12:44 1,430 —-a-w C:\WINDOWS\system32\drivers\srtspl.inf
  2007-09-18 12:44 1,421 —-a-w C:\WINDOWS\system32\drivers\srtspx.inf
  2007-09-18 12:44 1,415 —-a-w C:\WINDOWS\system32\drivers\srtsp.inf
  2007-09-11 17:14 ——— d—–w C:\Program Files\Microsoft Encarta
  2007-09-10 17:07 ——— d—–w C:\Program Files\CBS
  2007-09-09 09:10 ——— d—–w C:\Documents and Settings\Administrator\Application Data\ATI
  2007-09-02 20:52 ——— d—–w C:\Program Files\Ahead
  2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-SAL
  2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-GfxDatas
  2007-08-29 12:18 577,928 —-a-w C:\WINDOWS\system32\SymNeti.dll
  2007-08-28 16:01 ——— d—–w C:\Program Files\Common Files\YDP
  2007-08-24 12:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
  2007-08-24 12:23 ——— d—–w C:\Program Files\DivX
  2007-08-23 15:57 207,240 —-a-w C:\WINDOWS\system32\SymRedir.dll
  2007-08-23 12:46 ——— d—–w C:\Program Files\Skype
  2007-08-23 12:46 ——— d—–w C:\Program Files\Common Files\Skype
  2007-08-23 12:46 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
  2007-08-23 11:53 ——— d—–w C:\Program Files\Java
  2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
  2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
  2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
  2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
  2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
  2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
  2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
  2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
  2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
  2007-06-25 15:31 81,920 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe
  2007-06-25 15:31 47,360 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys
  2006-09-18 08:09 284 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat
  .

  ((((((((((((((((((((((((((((( snapshot@2007-10-15_22.34.58,73 )))))))))))))))))))))))))))))))))))))))))
  .
  + 2007-10-15 22:15:23 1,926,248 —-a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat
  + 2007-10-15 22:15:23 1,926,248 —-a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat.bak
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
  2007-08-24 21:51 316784 –a—— C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
  2007-10-06 15:44 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15]
  "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
  "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe]
  "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50]
  "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49]
  "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
  "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
  "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08]
  "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41]
  "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23]
  "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56]
  "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12]
  "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43]
  "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07]
  "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53]
  "RegistryMechanic"="" []

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Start WingMan Profiler"="" []
  "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]

  [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
  "Spyware Doctor"=

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  "NoSimpleStartMenu"=0 (0x0)
  "NoTrayItemsDisplay"=0 (0x0)
  "NoRecentDocsHistory"=0 (0x0)

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility]
  C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Authentication Packages"= msv1_0 relog_ap

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
  backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
  backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
  backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
  backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
  backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
  "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
  "D:\Nieuwe map\iTunesHelper.exe"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  C:\WINDOWS\system32\NeroCheck.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
  D:\Nieuwe map\olympus master software\Monitor.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
  "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
  C:\Program Files\Logitech\iTouch\iTouch.exe

  R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys
  R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
  R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
  R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
  R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys
  R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
  R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys
  R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
  R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
  R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
  R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
  R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
  S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
  S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
  S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys
  S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
  S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
  S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
  S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
  S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

  .
  Inhoud van de 'Gedeelde Taken' map
  "2007-10-14 19:10:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
  - C:\Program Files\AdwareAlert\AdwareAlert.exe
  "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job"
  - D:\Nieuwe map\Norton AntiVirus\Navw32.exe
  .
  **************************************************************************

  catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-10-16 18:08:57
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-10-16 18:09:35
  .
  — E O F —
 • Het is nog steeds niet helemaal goed gegaan op de een of andere manier, we lossen
  het even anders op. Lees de instructies goed door!

  Ik zie dat je het programma AdwareAlert hebt geinstalleerd,
  ik raad je aan deze te deinstalleren vanwege een dubieuze reputatie,
  lees ook dit: http://castlecops.com/s9265-AdwareAlert_Exe.html

  Kopieer onderstaande code in de codebox in een leeg kladblok venster:
  [i:f2118919ab](vergeet REGEDIT4 niet mee te kopieeren!) [/i:f2118919ab]

  [code:1:f2118919ab]
  [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
  [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
  [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
  [/code:1:f2118919ab]

  la deze op als [b:f2118919ab]fixreg.reg[/b:f2118919ab] en geef als type "[b:f2118919ab]Alle bestanden[/b:f2118919ab]"
  Wanneer je hem hebt opgeslagen ziet het icoontje als volgt eruit:
  [img:f2118919ab]http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif[/img:f2118919ab]

  Dubbelklik vervolgens op [b:f2118919ab]fixreg.reg[/b:f2118919ab].
  Bij de vraag of je de wijzigingen aan het register wil toevoegen zeg [b:f2118919ab]Ja/Ok[/b:f2118919ab]

  Herstart je PC.

  Maak een nieuw Combofixlog en Hijackthis logje en post deze in je volgende bericht.

  Pim
 • Hallo Pim,

  Ik weet niet precies wat je bedoeld met "vergeet REGIDIT4 niet er in te zetten". Waar staat deze REGEDIT4 dan? Ziet het er zo uit? Ik heb hem in het kladblok gezet op deze manier:

  [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
  [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
  [-HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
  REGEDIT4

  En opgeslagen als Fixreg.reg en type: alle bestanden.
  Ik kreeg inderdaad dat icoontje. Toen ja en oke. Hierna gaf hij een melding: "C\Document and Settings\J.de Brabander\Bureablad\Fixreg.niet te importeren\Het opgegeven bestand is geen register script. U kunt alleen binaire register bestanden importeren vanuit de register-editor".

  hier het Combifix logje en de Hyjackthis log..
  Ik ben bang dat ik in Kladblok nog niet de juiste handeling heb gezet.
  Want met het Fixreg.reg bestand op mijn bureablad gebeurd niets.

  Dank je wel voor de moeite Pim.

  Groeten,

  jack

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 22:14, on 2007-10-16
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
  C:\WINDOWS\ASUSKBService.exe
  C:\WINDOWS\system32\bgsvcgen.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\Program Files\QuickTime\qttask.exe
  D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  D:\Nieuwe map\TrueImageMonitor.exe
  D:\Nieuwe map\TimounterMonitor.exe
  C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
  C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
  C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\TOPCOM\BULTER 4012\Butler 4012 USB VoIP.exe
  C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
  C:\WINDOWS\system32\UAService7.exe
  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
  C:\Program Files\Canon\CAL\CALMAIN.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\Program Files\Skype\Plugin Manager\SkypePM.exe
  C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
  C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl/
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hetnet.nl/
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
  O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Toolband.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
  O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [OpwareSE2] "D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
  O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Nieuwe map\TrueImageMonitor.exe
  O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Nieuwe map\TimounterMonitor.exe
  O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
  O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
  O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
  O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
  O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [osCheck] "D:\Nieuwe map\osCheck.exe"
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
  O4 - Startup: Butler 4012 USB VoIP.lnk = ?
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_AddToList.html
  O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_HSPrint.html
  O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Preview.html
  O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Nieuwe map\canon pixma mp 170\Easy-WebPrint\Resource.dll/RC_Print.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\NIEUWE~1\Spyware Doctor\tools\iesdpb.dll
  O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/
  O15 - Trusted Zone: *.msn messenger
  O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
  O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
  O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
  O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
  O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
  O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
  O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Nieuwe map\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Nieuwe map\Spyware Doctor\swdsvc.exe
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Nieuwe map\Spyware Doctor\sdhelp.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


  End of file - 10940 bytes
  ComboFix 07-10-12.4 - J. de Brabander 2007-10-16 21:50:16.6 - NTFSx86
  Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.2016 [GMT 2:00]
  Gestart vanuit: C:\Documents and Settings\J. de Brabander\Mijn documenten\ComboFix.exe
  Command switches used :: C:\Documents and Settings\J. de Brabander\Bureaublad\CFScript.txt
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((( Bestanden Gemaakt van 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))
  .

  2007-10-16 18:19 <DIR> d——– C:\WINDOWS\system32\CatRoot2
  2007-10-15 22:30 51,200 –a—— C:\WINDOWS\NirCmd.exe
  2007-10-14 20:04 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
  2007-10-14 20:04 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
  2007-10-14 19:34 <DIR> d——– C:\temp\Tmp___553
  2007-10-14 19:34 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\PC Tools
  2007-10-14 19:34 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
  2007-10-14 19:34 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
  2007-10-14 19:34 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
  2007-10-14 19:34 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
  2007-10-14 19:34 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
  2007-10-14 19:34 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
  2007-10-13 17:43 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Application Data\ATI
  2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Sjablonen
  2007-10-13 17:31 <DIR> dr-h—– C:\Documents and Settings\Jack de Brabander\Onlangs geopend
  2007-10-13 17:31 <DIR> d–h—– C:\Documents and Settings\Jack de Brabander\Netwerkprinteromgeving
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Mijn documenten
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Menu Start
  2007-10-13 17:31 <DIR> dr——- C:\Documents and Settings\Jack de Brabander\Favorieten
  2007-10-13 17:31 <DIR> d——– C:\Documents and Settings\Jack de Brabander\Bureaublad
  2007-10-13 11:54 <DIR> d——– C:\Hitman Pro
  2007-10-13 11:13 <DIR> d——– C:\Program Files\Trend Micro
  2007-10-13 10:09 584,192 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
  2007-10-12 20:26 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Symantec
  2007-10-12 20:20 <DIR> d——– C:\Documents and Settings\J. de Brabander\Application Data\LimeWire
  2007-10-06 15:44 <DIR> d——– C:\Program Files\Windows Sidebar
  2007-10-06 15:42 123,952 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
  2007-10-06 15:42 60,800 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
  2007-10-06 14:59 <DIR> d——– C:\Documents and Settings\All Users\Symantec Temporary Files
  2007-10-02 16:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Tages
  2007-09-29 12:20 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
  2007-09-29 12:20 2,414,360 –a—— C:\WINDOWS\system32\d3dx9_31.dll
  2007-09-20 19:47 42,752 ——— C:\WINDOWS\system32\drivers\ser2pl.sys
  2007-09-18 14:43 317,616 –a—— C:\WINDOWS\system32\drivers\srtspl.sys
  2007-09-18 14:43 278,576 –a—— C:\WINDOWS\system32\drivers\srtsp.sys
  2007-09-18 14:43 43,696 –a—— C:\WINDOWS\system32\drivers\srtspx.sys

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-10-16 19:20 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Lavasoft
  2007-10-16 19:15 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Skype
  2007-10-15 21:35 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\ZoomBrowser EX
  2007-10-14 18:34 ——— d—–w C:\Program Files\Yahoo!
  2007-10-14 18:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2007-10-14 18:05 ——— d—–w C:\Program Files\SpywareBlaster
  2007-10-13 10:50 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
  2007-10-13 10:48 ——— d—–w C:\Program Files\Symantec
  2007-10-13 10:24 ——— d—–w C:\Program Files\Common Files\Symantec Shared
  2007-10-06 15:04 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
  2007-10-06 15:04 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
  2007-10-06 13:45 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Symantec
  2007-10-02 20:25 ——— d—–w C:\Documents and Settings\J. de Brabander\Application Data\Canon
  2007-09-29 11:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2007-09-23 18:59 ——— d—–w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
  2007-09-19 09:22 ——— d—–w C:\Program Files\Common Files\Adobe
  2007-09-18 19:37 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
  2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspx.cat
  2007-09-18 12:44 10,662 —-a-w C:\WINDOWS\system32\drivers\srtspl.cat
  2007-09-18 12:44 10,658 —-a-w C:\WINDOWS\system32\drivers\srtsp.cat
  2007-09-18 12:44 1,430 —-a-w C:\WINDOWS\system32\drivers\srtspl.inf
  2007-09-18 12:44 1,421 —-a-w C:\WINDOWS\system32\drivers\srtspx.inf
  2007-09-18 12:44 1,415 —-a-w C:\WINDOWS\system32\drivers\srtsp.inf
  2007-09-11 17:14 ——— d—–w C:\Program Files\Microsoft Encarta
  2007-09-10 17:07 ——— d—–w C:\Program Files\CBS
  2007-09-09 09:10 ——— d—–w C:\Documents and Settings\Administrator\Application Data\ATI
  2007-09-02 20:52 ——— d—–w C:\Program Files\Ahead
  2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-SAL
  2007-08-31 22:07 ——— d—–w C:\Program Files\AdorageI-GfxDatas
  2007-08-29 12:18 577,928 —-a-w C:\WINDOWS\system32\SymNeti.dll
  2007-08-28 16:01 ——— d—–w C:\Program Files\Common Files\YDP
  2007-08-24 12:48 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
  2007-08-24 12:23 ——— d—–w C:\Program Files\DivX
  2007-08-23 15:57 207,240 —-a-w C:\WINDOWS\system32\SymRedir.dll
  2007-08-23 12:46 ——— d—–w C:\Program Files\Skype
  2007-08-23 12:46 ——— d—–w C:\Program Files\Common Files\Skype
  2007-08-23 12:46 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
  2007-08-23 11:53 ——— d—–w C:\Program Files\Java
  2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
  2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
  2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
  2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
  2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
  2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
  2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
  2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
  2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
  2007-06-25 15:31 81,920 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ezpinst.exe
  2007-06-25 15:31 47,360 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\pcouffin.sys
  2006-09-18 08:09 284 —-a-w C:\Documents and Settings\J. de Brabander\Application Data\ViewerApp.dat
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
  2007-08-24 21:51 316784 –a—— C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
  2007-10-06 15:44 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 17:15]
  "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
  "nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe]
  "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50]
  "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-07-19 13:31]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-07 16:49]
  "OpwareSE2"="D:\Nieuwe map\Objects\omnipage se\OpwareSE2.exe" [2003-05-08 11:00]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
  "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
  "TrueImageMonitor.exe"="D:\Nieuwe map\TrueImageMonitor.exe" [2006-11-10 15:08]
  "AcronisTimounterMonitor"="D:\Nieuwe map\TimounterMonitor.exe" [2006-11-10 15:41]
  "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-10 15:23]
  "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56]
  "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12]
  "Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 15:43]
  "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 13:31]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07]
  "osCheck"="D:\Nieuwe map\osCheck.exe" [2007-08-24 22:53]
  "RegistryMechanic"="" []

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Start WingMan Profiler"="" []
  "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]

  [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
  "Spyware Doctor"=

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  "NoSimpleStartMenu"=0 (0x0)
  "NoTrayItemsDisplay"=0 (0x0)
  "NoRecentDocsHistory"=0 (0x0)

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility]
  C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Authentication Packages"= msv1_0 relog_ap

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
  backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
  backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
  backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk
  backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
  backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
  "D:\Nieuwe map\CloneCD\CloneCDTray.exe" /s

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
  "D:\Nieuwe map\iTunesHelper.exe"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  C:\WINDOWS\system32\NeroCheck.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
  D:\Nieuwe map\olympus master software\Monitor.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
  "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
  C:\Program Files\Logitech\iTouch\iTouch.exe

  R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys
  R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
  R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
  R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
  R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys
  R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
  R3 BulkUsb;VoIPUSBDriver.sys;C:\WINDOWS\system32\Drivers\VoIPUSBDriver.sys
  R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
  R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
  R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
  R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
  R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
  S2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
  S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
  S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\J0259~1.DEB\LOCALS~1\Temp\bDMusicb.sys
  S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
  S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
  S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
  S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
  S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

  .
  Inhoud van de 'Gedeelde Taken' map
  "2007-10-06 15:02:30 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - J. de Brabander.job"
  - D:\Nieuwe map\Norton AntiVirus\Navw32.exe
  .
  **************************************************************************

  catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-10-16 21:51:58
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-10-16 21:52:40
  C:\ComboFix2.txt … 2007-10-16 18:09
  .
  — E O F —
 • Inderdaad foutje van mijn kant, maar hij is weg! (al door Combofix, hij had toch gewerkt, zit te pitten hier:oops:)

  Kun je even de exacte foutmelding plaatsen die je krijgt en/of een duidelijke opsomming geven welke problemen je nog hebt?
 • Hallo,

  Kan je mij ook vertellen wat nu "weg" is?

  Zal het systeem checken en laat het je weten.

  Groeten,

  jack
 • Die register entry's die wegzijn waren een aantal restjes van toolbars die over zijn gebleven.
 • Hallo Pim,

  Bedankt voor je hulp! Ik kan nu alle mappen weer in en kan ze verwijderen of verplaatsen! Zelfs Limewire kan ik weer gebruiken zonder "error ". Ik denk dat Windows Genuine was meegereist op Nero 8.
  Wat nu nog niet werkt is mijn Symantec beveiligings software. Hij download wel maar verwerkt niet. Nu kan ik zelfs geen verbinding meer maken via mijn icoon update van Symantec, er gebeurt dan niets. Het verwijderings tool van Symantec geinstaleerd, deze geeft ook een "error"tijdens het verwijderen, en moet ik contact opnemen met de Symantec helpdesk. Verwijderen via mijn software gaat ook niet! Mapjes een voor een verwijderen? ( weet niet welke ze allemaal zijn ).

  Hoop dat je daar ook iets op weet?

  groeten,

  jack :D
 • Staat er ook een exacte error bij die melding die je krijgt bij de verwijdertool van Symantec? De mapjes één voor één verwijderen lijkt me geen goed idee, want dan blijven er nog steeds resten in het register over en dat levert problemen op bij het opnieuw installeren van de software.

  Probeer eens de CD van Norton erin te stoppen en deze over de bestaande versie heen te installeren, als het goed is krijg je dan vanzelf de melding waarbij je kan kiezen tussen verwijderen en repareren, kies hier eens voor repareren.

  Je zou ook het volgende nog kunnen proberen:
  > Kijk in het mapje van Norton of je daar een uninstaller kan vinden.
  > Draai de verwijdertool eens in veilige modus:
  http://users.telenet.be/marcvn/spyware/1378056.htm

  Post in je volgende antwoord ook een vers Hijackthis logje.
 • Hallo Pim,

  Had ik nou maar een CD gekocht ipv de software downloader van Symantec! Weer wat geleerd! Ik kan wel de oude CD gebruiken van Symantec, die heb ik nog wel! Ik zal nog even zoeken naar een mapje met een uninstaller en proberen in de veilige modus.

  groeten,

  jack

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.