Vraag & Antwoord

Beveiliging & privacy

'Ze' moeten me weer hebben!

Anoniem
None
23 antwoorden
 • Ze zijn er weer, die ongewenste webpagina's die plotseling in volbeeld op mijn monitor verschijnen.
  Ook de irritante 'inlays' op de door mij bezochte pagina's die mij willen verleiden mijn systeem te scannen verschijnen te pas en te onpas.
  En ze waren allemaal zo lekker lang weggebleven, want ik heb dit probleem eerder gehad.
  Nu verhinderen ze zelfs het terugklikken naar (een) vorige pagina('s) en dus het ongestoord surfen.
  Spybot S&D, AVG AntiSpyware en Hitman Pro heb ik er op losgelaten en alhoewel die wel wat ellendelingen hebben opgespoord en verwijderd, de omschreven ergernis is niet verdwenen.
  Ik hoop dat er een 'forumist' is die mij andermaal kan en wil adviseren en aangeven hoe ik weer 'normaal' zonder gepest kan surfen…
  Bijvoorbaat mijn hartelijke dank!
 • In de FAQ staat hoe je een hijackthis-log moet maken. Als je dat log hier post, dan wil een van de experts op dit forum vast wel kijken hoe je van die troep af komt.
 • Lavasoft Ad-ware, Spybot Search & Destroy en CoolWebShredder volgens de instructies in "FAQ - Spyware" gedraaid maar dit heet niet het geoogde resultaat opgeleverd.
  Nog altijd last vann popups en ongewenste schermen.
  Ook blijft de HD maar rateleren… en dat geeft mij een onhaaglijk gevoel.

  Hieronder mijn logbestand van HyjackThis.
  Hoop dat iemand mij verder kan en wil helpen/adviseren.

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 2:18:36, on 18-3-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16608)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\imapi.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\WINDOWS\system32\PSIService.exe
  C:\Program Files\SPAMfighter\sfus.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\WINDOWS\system32\SearchIndexer.exe
  C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
  C:\WINDOWS\Dit.exe
  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
  C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
  C:\Program Files\SPAMfighter\SFAgent.exe
  C:\Program Files\FreePDF_XP\fpassist.exe
  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
  C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  C:\Program Files\Microsoft Works\WkDStore.exe
  C:\Program Files\Skype\Plugin Manager\skypePM.exe
  C:\Program Files\Outlook Express\msimn.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\SearchProtocolHost.exe
  C:\WINDOWS\explorer.exe
  C:\totalcmd\TOTALCMD.EXE
  C:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
  O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [Dit] Dit.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [BMb3f5ef97] Rundll32.exe "C:\WINDOWS\system32\dukmtfyc.dll",s
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: BlueSoleil.lnk = ?
  O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
  O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
  O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


  End of file - 12329 bytes
 • Hallo, ik denk een vundo besmetting.


  [b:4ec0e7c43a]Schakel tijdelijk Windows Defender uit[/b:4ec0e7c43a]
  Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
  * Open Windows Defender > Klik [b:4ec0e7c43a]Tools[/b:4ec0e7c43a]
  * Klik [b:4ec0e7c43a]"General Settings"[/b:4ec0e7c43a]
  * Scroll naar [b:4ec0e7c43a]"Real Time Protection Options"[/b:4ec0e7c43a]
  * Haal het vinkje weg bij [b:4ec0e7c43a]"Turn on Real Time Protection (recommended)"[/b:4ec0e7c43a] > Klik [b:4ec0e7c43a]"Save"[/b:4ec0e7c43a]
  * Sluit Windows Defender
  (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)  Schakel [b:4ec0e7c43a]Spybot's TeaTimer[/b:4ec0e7c43a] even uit, omdat deze de fix in de weg kan zitten:
  - Start Spybot
  - Ga naar Mode > selecteer Advanced Mode
  - Ga naar Tools en klik op het Resident-icoon in de lijst
  - Haal het vinkje weg bij Resident [b:4ec0e7c43a]TeaTimer[/b:4ec0e7c43a] en klik OK
  - Herstart de computer

  Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
  Dubbelklik op [b:4ec0e7c43a]ResetTeaTimer.bat[/b:4ec0e7c43a] om alle entries in [b:4ec0e7c43a] TeaTimer[/b:4ec0e7c43a] te verwijderen.
  [i:4ec0e7c43a]Als de computer schoon is, kun je [b:4ec0e7c43a]TeaTimer[/b:4ec0e7c43a] weer aan zetten [/i:4ec0e7c43a]

  Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

  Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
  Is er iets niet duidelijk, dan vraag je het.
  Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
  Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

  Fix gelijk deze regels even

  Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:4ec0e7c43a]
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
  O4 - HKLM\..\Run: [BMb3f5ef97] Rundll32.exe "C:\WINDOWS\system32\dukmtfyc.dll",s
  [/b:4ec0e7c43a]
  Klik op 'Fix checked' om de items te verwijderen.


  Update je java,

  Download [b:4ec0e7c43a].
  [list:4ec0e7c43a][*:4ec0e7c43a]Scroll omlaag naar : "[i:4ec0e7c43a]Java Runtime Environment (JRE) 6 Update 5[/i:4ec0e7c43a]".
  [*:4ec0e7c43a]Klik op de "[b:4ec0e7c43a]Download[/b:4ec0e7c43a]" knop aan de rechterkant.
  [*:4ec0e7c43a]Vink aan: "[b:4ec0e7c43a]Accept License Agreement[/b:4ec0e7c43a]", en klik op [b:4ec0e7c43a]Continue[/b:4ec0e7c43a].
  [*:4ec0e7c43a]De pagina zal herladen.
  [*:4ec0e7c43a]Klik op de [b:4ec0e7c43a]Windows Offline Installation, Multi-language[/b:4ec0e7c43a] link ONDER [b:4ec0e7c43a]Windows Platform - Java SE Runtime Environment 6 Update 5[/b:4ec0e7c43a] en bewaar het op je Bureaublad.
  [*:4ec0e7c43a]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  [*:4ec0e7c43a]Ga dan naar [b:4ec0e7c43a]Start[/b:4ec0e7c43a] > [b:4ec0e7c43a]Configuratiescherm[/b:4ec0e7c43a] > [b:4ec0e7c43a]Software[/b:4ec0e7c43a] en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
  [*:4ec0e7c43a]Herhaal dit tot alle oudere versies verdwenen zijn.
  [*:4ec0e7c43a]Na het verwijderen van alle oudere versies, [b:4ec0e7c43a]herstart[/b:4ec0e7c43a] je pc.
  [*:4ec0e7c43a]Dubbelklik vervolgens op [b:4ec0e7c43a]jre-6u5-windows-i586-p.exe[/b:4ec0e7c43a] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:4ec0e7c43a]

  plaats een nieuw HJT logje samen met de combofix uitslag aub
 • Ben bezig het opgegeven traject te doorlopen.
  Loop toch even vast op het volgende:
  Bij opstarten verschjijnt, voordat Windows wordt geladen, een zwart scherm met de keuze verder te gaan met Windows Home Edition of de Recovery Console.
  Uit voorzorg toch maar de vraag welke keuze ik nu moet maken, want dit stond niet in de CombiFix-handleiding.
 • home edition.
 • Hieronder nieuwe Logs:

  ComboFix is gisterenavond (18-03) laat gedraaid en uit HijackThis heb ik eerst de opgegeven sleutels verwijderd (de vierde hieruit kon ik niet vinden, wellicht al door Combofix verwijderd…) en vanmorgen kort na opstart een nieuwe log gemaakt.

  Overigens: het antwoord op mijn vorige vraag over de herstelconsole stond wel in de ComoFix-handleiding; ik heb er in de hectiek van het voor mij toch spannende en wat onzekere gedoe overheen gelezen.

  Ben zeer belangstellend naar je verdere instructies.
  Er lijkt zich (maar dat kan louter gevoelsmatig zijn) al enige verbetering voor te doen…

  ————————————————————————-

  ComboFix 08-03-17.1 - Robert H. Vorwald 2008-03-18 23:00:58.1 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.425 [GMT 1:00]
  Gestart vanuit: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
  * Nieuw herstelpunt werd aangemaakt
  .
  TimeOut - progfile.dat

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\WINDOWS\BMb3f5ef97.xml
  C:\WINDOWS\pskt.ini
  C:\WINDOWS\system32\awvvw.dll
  C:\WINDOWS\system32\dukmtfyc.dll
  C:\WINDOWS\system32\majhwlqv.dll
  C:\WINDOWS\system32\mcrh.tmp
  C:\WINDOWS\system32\tuddepbp.dll
  C:\WINDOWS\system32\wvvwa.ini
  C:\WINDOWS\system32\wvvwa.ini2

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))
  .

  2008-03-17 02:46 . 2008-03-17 02:46 1,158 –a—— C:\WINDOWS\mozver.dat
  2008-03-17 02:26 . 2008-03-17 02:26 0 –a—— C:\WINDOWS\nsreg.dat
  2008-03-17 02:15 . 2008-03-17 02:15 <DIR> d–h—– C:\WINDOWS\PIF
  2008-03-17 02:09 . 2008-03-17 02:09 95,296 –a—— C:\WINDOWS\system32\kcivgsur.dll
  2008-03-16 11:14 . 2008-03-16 11:14 5 –a—— C:\stgs4.temp
  2008-03-16 11:14 . 2008-03-16 11:14 5 –a—— C:\stgs1.temp
  2008-03-16 04:22 . 2008-03-16 04:22 <DIR> d——– C:\Program Files\Windows Defender
  2008-03-15 10:12 . 2008-03-15 10:12 <DIR> d——– C:\Program Files\PowerPoint Viewer
  2008-03-14 14:10 . 2008-03-14 14:10 <DIR> d——– C:\Program Files\Vstplugins
  2008-03-14 14:09 . 2008-03-14 14:11 <DIR> d——– C:\Program Files\Sony
  2008-03-14 12:02 . 2008-03-14 12:02 54,156 –ah—– C:\WINDOWS\QTFont.qfn
  2008-03-14 12:02 . 2008-03-14 12:02 1,409 –a—— C:\WINDOWS\QTFont.for
  2008-03-14 00:16 . 2008-03-14 00:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
  2008-03-14 00:01 . 2008-03-14 00:02 <DIR> d——– C:\WINDOWS\SHELLNEW
  2008-03-13 23:51 . 2008-03-13 23:51 <DIR> d——– C:\Program Files\Windows Installer Clean Up
  2008-03-13 23:35 . 2008-03-13 23:36 <DIR> d——– C:\Program Files\RegSeeker
  2008-03-13 15:37 . 2008-03-13 15:37 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\Windows Desktop Search
  2008-03-13 11:13 . 2008-03-13 15:36 <DIR> d——– C:\Program Files\Windows Desktop Search
  2008-03-13 10:39 . 2006-10-26 19:56 32,592 –a—— C:\WINDOWS\system32\msonpmon.dll
  2008-03-12 22:39 . 2008-03-12 22:39 <DIR> d——– C:\Program Files\Microsoft.NET
  2008-03-12 15:22 . 2008-03-13 14:51 <DIR> d——– C:\Program Files\MSBuild
  2008-03-12 15:13 . 2008-03-13 14:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Microsoft Help
  2008-03-08 01:53 . 2008-03-08 01:53 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
  2008-03-01 13:09 . 2008-03-01 15:13 <DIR> d——– C:\Program Files\Belastingdienst
  2008-02-29 02:24 . 2008-02-29 02:24 <DIR> d——– C:\Program Files\Common Files\Skype
  2008-02-29 02:24 . 2008-03-18 18:42 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\skypePM
  2008-02-29 02:24 . 2008-02-29 02:24 32 –a—— C:\Documents and Settings\All Users\Application Data\ezsid.dat
  2008-02-19 22:55 . 2007-09-13 16:07 302,419 –a—— C:\Program Files\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-03-18 22:12 ——— d—–w C:\Program Files\SPAMfighter
  2008-03-18 22:11 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
  2008-03-18 21:54 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Skype
  2008-03-17 02:32 ——— d—–w C:\Program Files\Nuria
  2008-03-16 23:57 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Azureus
  2008-03-16 23:45 ——— d—–w C:\Documents and Settings\All Users\Application Data\Lavasoft
  2008-03-16 23:44 ——— d—–w C:\Program Files\Lavasoft
  2008-03-16 23:44 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Lavasoft
  2008-03-16 23:42 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
  2008-03-16 00:42 ——— d—–w C:\Program Files\Hitman Pro
  2008-03-16 00:35 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
  2008-03-16 00:35 ——— d—–w C:\Program Files\Spyware Doctor
  2008-03-15 23:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-03-15 22:26 ——— d—–w C:\Program Files\SpywareBlaster
  2008-03-15 19:44 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
  2008-03-15 19:27 74,240 —-a-w C:\WINDOWS\system32\drivers\iksyssec.sys
  2008-03-15 19:27 56,832 —-a-w C:\WINDOWS\system32\drivers\iksysflt.sys
  2008-03-14 13:33 ——— d—–w C:\Program Files\Sony Setup
  2008-03-14 11:30 ——— d—–w C:\Program Files\Sonic Foundry Noise Reduction Plug-In
  2008-03-14 09:15 ——— d—–w C:\Program Files\Common Files\Adobe
  2008-03-14 00:24 ——— d—–w C:\Program Files\eMule
  2008-03-13 23:20 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Canon
  2008-03-13 13:52 ——— d—–w C:\Program Files\Microsoft Works
  2008-03-13 11:35 59,252 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\wklnhst.dat
  2008-03-13 02:24 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\OpenOffice.org2
  2008-03-12 20:53 ——— d—–w C:\Program Files\MSECache
  2008-03-12 12:20 ——— d—–w C:\Program Files\Java
  2008-03-11 20:50 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Vso
  2008-03-09 22:40 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2008-03-07 21:42 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Corel
  2008-03-07 21:04 ——— d—–w C:\Documents and Settings\All Users\Application Data\Corel
  2008-03-07 20:22 ——— d—–w C:\Program Files\Common Files\Corel
  2008-03-07 20:21 ——— d—–w C:\Program Files\Corel
  2008-03-07 09:33 ——— d—–w C:\Program Files\Azureus
  2008-03-01 16:53 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Davilex
  2008-02-29 01:24 ——— d—–w C:\Program Files\Skype
  2008-02-29 01:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
  2008-02-16 02:18 ——— d—–w C:\Program Files\FreePDF_XP
  2008-02-16 02:04 ——— d—–w C:\Program Files\Spybot - Search & Destroy
  2008-02-15 22:16 691,545 —-a-w C:\WINDOWS\unins000.exe
  2008-02-09 16:35 ——— d—–w C:\Program Files\TomTom HOME 2
  2008-02-09 15:35 ——— d—–w C:\Program Files\TomTom HOME
  2008-02-09 11:30 ——— d—–w C:\Program Files\Amor Video Joiner
  2008-02-05 02:13 ——— d—–w C:\Program Files\vso
  2008-02-02 03:37 ——— d—–w C:\Program Files\gs
  2008-02-02 03:29 ——— d—–w C:\Program Files\Neuratron PhotoScore
  2008-01-31 03:02 ——— d—–w C:\Program Files\Innovatools
  2008-01-31 02:47 ——— d—–w C:\Program Files\bb
  2008-01-28 01:52 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\AVG7
  2008-01-26 02:43 ——— d—–w C:\Program Files\AccurateTime
  2008-01-25 03:27 ——— d—–w C:\Program Files\Common Files\Ahead
  2008-01-25 03:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Nero
  2008-01-24 01:54 ——— d—–w C:\Program Files\Monkey's Audio
  2008-01-24 01:49 ——— d—–w C:\Program Files\Winamp
  2007-01-10 21:45 87,608 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.exe
  2007-01-10 21:45 47,360 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\pcouffin.sys
  2005-08-21 17:20 6,984,582 ——w C:\Documents and Settings\Jim\DarkMessiahscreenshots.zip
  2005-06-02 15:24 6,407,716 ——w C:\Documents and Settings\Jim\metroid2.zip
  2005-06-02 15:16 442,581 ——w C:\Documents and Settings\Jim\metroidcommercial.zip
  2005-04-25 20:08 56,082 —-a-w C:\Documents and Settings\Melody\anim_bear.zip
  2007-01-12 02:44 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
  2005-01-27 13:59 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
  2006-07-23 17:50 56 –sh–r C:\WINDOWS\system32\FA58369351.sys
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
  "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000]
  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648]
  "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 14:31 118926]
  "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 11:35 98304]
  "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]
  "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05 344064]
  "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
  "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
  "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:56 579072]
  "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 06:34 360448]
  "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
  "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]
  "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184]
  "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]
  "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
  "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:39 219136]

  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
  BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-18 00:05:34 1048576]
  RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-06-18 00:18:40 528384]
  Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308]
  Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
  "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaax]
  fccyaax.dll

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "C:\\Program Files\\Azureus\\Azureus.exe"=
  "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
  "C:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"=
  "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
  "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
  "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
  "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
  "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
  "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
  "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
  "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
  "C:\\Program Files\\eMule\\emule.exe"=
  "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
  "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
  "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

  R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
  R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
  R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-06-03 13:40]
  R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02]
  R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [2002-09-25 16:02]
  R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07]
  S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-18 23:11]
  S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]
  S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
  S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2002-09-25 16:02]

  .
  Inhoud van de 'Gedeelde Taken' map
  "2008-03-18 22:13:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
  - C:\Program Files\Windows Defender\MpCmdRun.exe
  .
  **************************************************************************

  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-03-18 23:10:55
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  ———————— Other Running Processes ————————
  .
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\System32\SCardSvr.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  C:\WINDOWS\system32\imapi.exe
  C:\WINDOWS\system32\msiexec.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\WINDOWS\system32\PSIService.exe
  C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  C:\WINDOWS\system32\SearchIndexer.exe
  C:\WINDOWS\system32\fxssvc.exe
  C:\Program Files\Windows Media Player\WMPNetwk.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  C:\WINDOWS\system32\wscntfy.exe
  .
  **************************************************************************
  .
  Voltooingstijd: 2008-03-18 23:16:35 - machine was rebooted
  ComboFix-quarantined-files.txt 2008-03-18 22:16:32
  .
  2008-03-16 02:02:01 — E O F —


  ————————————————————————————–

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 11:17:23, on 19-3-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16608)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\imapi.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
  C:\WINDOWS\system32\PSIService.exe
  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
  C:\Program Files\SPAMfighter\sfus.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
  C:\WINDOWS\Dit.exe
  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
  C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
  C:\Program Files\SPAMfighter\SFAgent.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  C:\Program Files\FreePDF_XP\fpassist.exe
  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
  C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
  C:\WINDOWS\system32\SearchIndexer.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
  C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  C:\Program Files\Skype\Plugin Manager\skypePM.exe
  C:\Program Files\Outlook Express\msimn.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\SearchProtocolHost.exe
  C:\totalcmd\TOTALCMD.EXE
  C:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
  O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [Dit] Dit.exe
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: BlueSoleil.lnk = ?
  O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
  O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O20 - Winlogon Notify: fccyaax - fccyaax.dll (file missing)
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
  O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


  End of file - 12421 bytes
 • Hieronder nieuwe Logs:

  ComboFix is gisterenavond laat gedraaid en uit HijackThis heb ik eerst de opgegeven sleutels verwijderd (de vierde hieruit kon ik niet vinden, wellicht al door Combofix verwijderd…) en vanmorgen kort na opstart een nieuwe HijackThis log gemaakt.


  ComboFix 08-03-17.1 - Robert H. Vorwald 2008-03-18 23:00:58.1 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.425 [GMT 1:00]
  Gestart vanuit: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
  * Nieuw herstelpunt werd aangemaakt
  .
  TimeOut - progfile.dat

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\WINDOWS\BMb3f5ef97.xml
  C:\WINDOWS\pskt.ini
  C:\WINDOWS\system32\awvvw.dll
  C:\WINDOWS\system32\dukmtfyc.dll
  C:\WINDOWS\system32\majhwlqv.dll
  C:\WINDOWS\system32\mcrh.tmp
  C:\WINDOWS\system32\tuddepbp.dll
  C:\WINDOWS\system32\wvvwa.ini
  C:\WINDOWS\system32\wvvwa.ini2

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))
  .

  2008-03-17 02:46 . 2008-03-17 02:46 1,158 –a—— C:\WINDOWS\mozver.dat
  2008-03-17 02:26 . 2008-03-17 02:26 0 –a—— C:\WINDOWS\nsreg.dat
  2008-03-17 02:15 . 2008-03-17 02:15 <DIR> d–h—– C:\WINDOWS\PIF
  2008-03-17 02:09 . 2008-03-17 02:09 95,296 –a—— C:\WINDOWS\system32\kcivgsur.dll
  2008-03-16 11:14 . 2008-03-16 11:14 5 –a—— C:\stgs4.temp
  2008-03-16 11:14 . 2008-03-16 11:14 5 –a—— C:\stgs1.temp
  2008-03-16 04:22 . 2008-03-16 04:22 <DIR> d——– C:\Program Files\Windows Defender
  2008-03-15 10:12 . 2008-03-15 10:12 <DIR> d——– C:\Program Files\PowerPoint Viewer
  2008-03-14 14:10 . 2008-03-14 14:10 <DIR> d——– C:\Program Files\Vstplugins
  2008-03-14 14:09 . 2008-03-14 14:11 <DIR> d——– C:\Program Files\Sony
  2008-03-14 12:02 . 2008-03-14 12:02 54,156 –ah—– C:\WINDOWS\QTFont.qfn
  2008-03-14 12:02 . 2008-03-14 12:02 1,409 –a—— C:\WINDOWS\QTFont.for
  2008-03-14 00:16 . 2008-03-14 00:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
  2008-03-14 00:01 . 2008-03-14 00:02 <DIR> d——– C:\WINDOWS\SHELLNEW
  2008-03-13 23:51 . 2008-03-13 23:51 <DIR> d——– C:\Program Files\Windows Installer Clean Up
  2008-03-13 23:35 . 2008-03-13 23:36 <DIR> d——– C:\Program Files\RegSeeker
  2008-03-13 15:37 . 2008-03-13 15:37 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\Windows Desktop Search
  2008-03-13 11:13 . 2008-03-13 15:36 <DIR> d——– C:\Program Files\Windows Desktop Search
  2008-03-13 10:39 . 2006-10-26 19:56 32,592 –a—— C:\WINDOWS\system32\msonpmon.dll
  2008-03-12 22:39 . 2008-03-12 22:39 <DIR> d——– C:\Program Files\Microsoft.NET
  2008-03-12 15:22 . 2008-03-13 14:51 <DIR> d——– C:\Program Files\MSBuild
  2008-03-12 15:13 . 2008-03-13 14:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Microsoft Help
  2008-03-08 01:53 . 2008-03-08 01:53 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
  2008-03-01 13:09 . 2008-03-01 15:13 <DIR> d——– C:\Program Files\Belastingdienst
  2008-02-29 02:24 . 2008-02-29 02:24 <DIR> d——– C:\Program Files\Common Files\Skype
  2008-02-29 02:24 . 2008-03-18 18:42 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\skypePM
  2008-02-29 02:24 . 2008-02-29 02:24 32 –a—— C:\Documents and Settings\All Users\Application Data\ezsid.dat
  2008-02-19 22:55 . 2007-09-13 16:07 302,419 –a—— C:\Program Files\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-03-18 22:12 ——— d—–w C:\Program Files\SPAMfighter
  2008-03-18 22:11 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
  2008-03-18 21:54 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Skype
  2008-03-17 02:32 ——— d—–w C:\Program Files\Nuria
  2008-03-16 23:57 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Azureus
  2008-03-16 23:45 ——— d—–w C:\Documents and Settings\All Users\Application Data\Lavasoft
  2008-03-16 23:44 ——— d—–w C:\Program Files\Lavasoft
  2008-03-16 23:44 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Lavasoft
  2008-03-16 23:42 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
  2008-03-16 00:42 ——— d—–w C:\Program Files\Hitman Pro
  2008-03-16 00:35 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
  2008-03-16 00:35 ——— d—–w C:\Program Files\Spyware Doctor
  2008-03-15 23:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-03-15 22:26 ——— d—–w C:\Program Files\SpywareBlaster
  2008-03-15 19:44 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
  2008-03-15 19:27 74,240 —-a-w C:\WINDOWS\system32\drivers\iksyssec.sys
  2008-03-15 19:27 56,832 —-a-w C:\WINDOWS\system32\drivers\iksysflt.sys
  2008-03-14 13:33 ——— d—–w C:\Program Files\Sony Setup
  2008-03-14 11:30 ——— d—–w C:\Program Files\Sonic Foundry Noise Reduction Plug-In
  2008-03-14 09:15 ——— d—–w C:\Program Files\Common Files\Adobe
  2008-03-14 00:24 ——— d—–w C:\Program Files\eMule
  2008-03-13 23:20 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Canon
  2008-03-13 13:52 ——— d—–w C:\Program Files\Microsoft Works
  2008-03-13 11:35 59,252 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\wklnhst.dat
  2008-03-13 02:24 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\OpenOffice.org2
  2008-03-12 20:53 ——— d—–w C:\Program Files\MSECache
  2008-03-12 12:20 ——— d—–w C:\Program Files\Java
  2008-03-11 20:50 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Vso
  2008-03-09 22:40 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2008-03-07 21:42 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Corel
  2008-03-07 21:04 ——— d—–w C:\Documents and Settings\All Users\Application Data\Corel
  2008-03-07 20:22 ——— d—–w C:\Program Files\Common Files\Corel
  2008-03-07 20:21 ——— d—–w C:\Program Files\Corel
  2008-03-07 09:33 ——— d—–w C:\Program Files\Azureus
  2008-03-01 16:53 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Davilex
  2008-02-29 01:24 ——— d—–w C:\Program Files\Skype
  2008-02-29 01:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
  2008-02-16 02:18 ——— d—–w C:\Program Files\FreePDF_XP
  2008-02-16 02:04 ——— d—–w C:\Program Files\Spybot - Search & Destroy
  2008-02-15 22:16 691,545 —-a-w C:\WINDOWS\unins000.exe
  2008-02-09 16:35 ——— d—–w C:\Program Files\TomTom HOME 2
  2008-02-09 15:35 ——— d—–w C:\Program Files\TomTom HOME
  2008-02-09 11:30 ——— d—–w C:\Program Files\Amor Video Joiner
  2008-02-05 02:13 ——— d—–w C:\Program Files\vso
  2008-02-02 03:37 ——— d—–w C:\Program Files\gs
  2008-02-02 03:29 ——— d—–w C:\Program Files\Neuratron PhotoScore
  2008-01-31 03:02 ——— d—–w C:\Program Files\Innovatools
  2008-01-31 02:47 ——— d—–w C:\Program Files\bb
  2008-01-28 01:52 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\AVG7
  2008-01-26 02:43 ——— d—–w C:\Program Files\AccurateTime
  2008-01-25 03:27 ——— d—–w C:\Program Files\Common Files\Ahead
  2008-01-25 03:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Nero
  2008-01-24 01:54 ——— d—–w C:\Program Files\Monkey's Audio
  2008-01-24 01:49 ——— d—–w C:\Program Files\Winamp
  2007-01-10 21:45 87,608 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.exe
  2007-01-10 21:45 47,360 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\pcouffin.sys
  2005-08-21 17:20 6,984,582 ——w C:\Documents and Settings\Jim\DarkMessiahscreenshots.zip
  2005-06-02 15:24 6,407,716 ——w C:\Documents and Settings\Jim\metroid2.zip
  2005-06-02 15:16 442,581 ——w C:\Documents and Settings\Jim\metroidcommercial.zip
  2005-04-25 20:08 56,082 —-a-w C:\Documents and Settings\Melody\anim_bear.zip
  2007-01-12 02:44 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
  2005-01-27 13:59 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
  2006-07-23 17:50 56 –sh–r C:\WINDOWS\system32\FA58369351.sys
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
  "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000]
  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648]
  "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 14:31 118926]
  "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 11:35 98304]
  "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]
  "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05 344064]
  "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
  "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
  "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:56 579072]
  "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 06:34 360448]
  "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
  "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]
  "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184]
  "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]
  "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
  "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:39 219136]

  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
  BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-18 00:05:34 1048576]
  RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-06-18 00:18:40 528384]
  Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308]
  Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
  "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaax]
  fccyaax.dll

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "C:\\Program Files\\Azureus\\Azureus.exe"=
  "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
  "C:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"=
  "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
  "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
  "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
  "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
  "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
  "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
  "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
  "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
  "C:\\Program Files\\eMule\\emule.exe"=
  "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
  "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
  "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

  R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
  R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
  R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-06-03 13:40]
  R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02]
  R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [2002-09-25 16:02]
  R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07]
  S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-18 23:11]
  S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]
  S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
  S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2002-09-25 16:02]

  .
  Inhoud van de 'Gedeelde Taken' map
  "2008-03-18 22:13:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
  - C:\Program Files\Windows Defender\MpCmdRun.exe
  .
  **************************************************************************

  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-03-18 23:10:55
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  ———————— Other Running Processes ————————
  .
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\System32\SCardSvr.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  C:\WINDOWS\system32\imapi.exe
  C:\WINDOWS\system32\msiexec.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\WINDOWS\system32\PSIService.exe
  C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  C:\WINDOWS\system32\SearchIndexer.exe
  C:\WINDOWS\system32\fxssvc.exe
  C:\Program Files\Windows Media Player\WMPNetwk.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  C:\WINDOWS\system32\wscntfy.exe
  .
  **************************************************************************
  .
  Voltooingstijd: 2008-03-18 23:16:35 - machine was rebooted
  ComboFix-quarantined-files.txt 2008-03-18 22:16:32
  .
  2008-03-16 02:02:01 — E O F —


  ————————————————————————————–

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 11:17:23, on 19-3-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16608)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\imapi.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
  C:\WINDOWS\system32\PSIService.exe
  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
  C:\Program Files\SPAMfighter\sfus.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
  C:\WINDOWS\Dit.exe
  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
  C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
  C:\Program Files\SPAMfighter\SFAgent.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  C:\Program Files\FreePDF_XP\fpassist.exe
  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
  C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
  C:\WINDOWS\system32\SearchIndexer.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
  C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  C:\Program Files\Skype\Plugin Manager\skypePM.exe
  C:\Program Files\Outlook Express\msimn.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\SearchProtocolHost.exe
  C:\totalcmd\TOTALCMD.EXE
  C:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
  O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [Dit] Dit.exe
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: BlueSoleil.lnk = ?
  O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
  O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O20 - Winlogon Notify: fccyaax - fccyaax.dll (file missing)
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
  O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


  End of file - 12421 bytes
 • Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:54c7a57872][b:54c7a57872]
 • ComboFix sloot af met 'log.txt' op een blanco bureaublad (alleen wallpaper).
  Hierdoor kon de inhoud van die logtekst niet gesaved en/of gekopieërd worden.
  Een herstart middels de powerknop was nodig om het bureaublad in volle glorie terug te krijgen, maar het bestand ComboFix.txt ontbreekt hierop.
  ComboFix opnieuw draaien?
 • Nee hoeft niet denk ik, plaats wel even een nieuw HJT logje en vertel even hoe het nu gaat.
 • Heb nog niet zoveel ge-internet, maar de tijd dat ik dat gedaan heb zijn er geen popups of ongewenste schermen verschenen.
  Opstarten gaat weer wat sneller en ook het constante geratel van de HD is stukken minder; zal ik ook nog extra op letten.
  Ziet er dus optimistisch uit!
  Hoe kom ik nu van het zwarte keuzescherm af (Windows HE of Windows
  herstelconsole) dat verschijnt na het rootscherm en voordat Windows opstart?
  Of moet de herstelconsole d.m.v. deze keuze eerst gedraaid hebben alvorens het te kunnen de-installeren?

  Komtiedan, de nieuwste HijackThis logfile:

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 19:03:58, on 19-3-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16608)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\imapi.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\WINDOWS\system32\PSIService.exe
  C:\Program Files\SPAMfighter\sfus.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
  C:\WINDOWS\Dit.exe
  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
  C:\Program Files\SPAMfighter\SFAgent.exe
  C:\WINDOWS\system32\SearchIndexer.exe
  C:\Program Files\FreePDF_XP\fpassist.exe
  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
  C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
  C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  C:\Program Files\Skype\Plugin Manager\skypePM.exe
  C:\totalcmd\TOTALCMD.EXE
  C:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
  O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [Dit] Dit.exe
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: BlueSoleil.lnk = ?
  O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
  O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
  O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
  O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


  End of file - 12223 bytes
 • Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

  Verwijder ComboFix via [b:4476b835cb]Start[/b:4476b835cb] > [b:4476b835cb]Uitvoeren[/b:4476b835cb], kopiëer en plak [b:4476b835cb]Combofix /U[/b:4476b835cb]
  Klik op OK of toets Enter.
  Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

  [img:4476b835cb]http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG[/img:4476b835cb]

  als het goed is is alles nu normaal ?
 • Heb toch het laatste CombixFix-log nog gevonden.
  Wellicht wilde je dit nog inzien.

  ———————————————————-

  ComboFix 08-03-17.1 - Robert H. Vorwald 2008-03-19 13:00:05.2 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.360 [GMT 1:00]
  Gestart vanuit: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
  Command switches used :: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\CFScript.txt
  * Nieuw herstelpunt werd aangemaakt

  FILE ::
  C:\stgs1.temp
  C:\stgs4.temp
  C:\WINDOWS\system32\kcivgsur.dll
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.log
  C:\stgs1.temp
  C:\stgs4.temp
  C:\WINDOWS\system32\kcivgsur.dll

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))
  .

  2008-03-19 00:06 . 2008-03-19 00:06 <DIR> d——– C:\Program Files\Sun
  2008-03-17 02:46 . 2008-03-17 02:46 1,158 –a—— C:\WINDOWS\mozver.dat
  2008-03-17 02:26 . 2008-03-17 02:26 0 –a—— C:\WINDOWS\nsreg.dat
  2008-03-17 02:15 . 2008-03-17 02:15 <DIR> d–h—– C:\WINDOWS\PIF
  2008-03-16 04:22 . 2008-03-16 04:22 <DIR> d——– C:\Program Files\Windows Defender
  2008-03-15 10:12 . 2008-03-15 10:12 <DIR> d——– C:\Program Files\PowerPoint Viewer
  2008-03-14 14:10 . 2008-03-14 14:10 <DIR> d——– C:\Program Files\Vstplugins
  2008-03-14 14:09 . 2008-03-14 14:11 <DIR> d——– C:\Program Files\Sony
  2008-03-14 12:02 . 2008-03-14 12:02 54,156 –ah—– C:\WINDOWS\QTFont.qfn
  2008-03-14 12:02 . 2008-03-14 12:02 1,409 –a—— C:\WINDOWS\QTFont.for
  2008-03-14 00:16 . 2008-03-14 00:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
  2008-03-14 00:01 . 2008-03-14 00:02 <DIR> d——– C:\WINDOWS\SHELLNEW
  2008-03-13 23:51 . 2008-03-13 23:51 <DIR> d——– C:\Program Files\Windows Installer Clean Up
  2008-03-13 23:35 . 2008-03-13 23:36 <DIR> d——– C:\Program Files\RegSeeker
  2008-03-13 15:37 . 2008-03-13 15:37 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\Windows Desktop Search
  2008-03-13 11:13 . 2008-03-13 15:36 <DIR> d——– C:\Program Files\Windows Desktop Search
  2008-03-13 10:39 . 2006-10-26 19:56 32,592 –a—— C:\WINDOWS\system32\msonpmon.dll
  2008-03-12 22:39 . 2008-03-12 22:39 <DIR> d——– C:\Program Files\Microsoft.NET
  2008-03-12 15:22 . 2008-03-13 14:51 <DIR> d——– C:\Program Files\MSBuild
  2008-03-12 15:13 . 2008-03-13 14:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Microsoft Help
  2008-03-08 01:53 . 2008-03-08 01:53 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
  2008-03-01 13:09 . 2008-03-01 15:13 <DIR> d——– C:\Program Files\Belastingdienst
  2008-02-29 02:24 . 2008-02-29 02:24 <DIR> d——– C:\Program Files\Common Files\Skype
  2008-02-29 02:24 . 2008-03-19 10:40 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\skypePM
  2008-02-29 02:24 . 2008-02-29 02:24 32 –a—— C:\Documents and Settings\All Users\Application Data\ezsid.dat
  2008-02-19 22:55 . 2007-09-13 16:07 302,419 –a—— C:\Program Files\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-03-19 11:58 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Skype
  2008-03-19 11:20 59,288 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\wklnhst.dat
  2008-03-19 10:00 ——— d—–w C:\Program Files\SPAMfighter
  2008-03-19 09:57 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
  2008-03-18 23:06 ——— d—–w C:\Program Files\Java
  2008-03-17 02:32 ——— d—–w C:\Program Files\Nuria
  2008-03-16 23:57 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Azureus
  2008-03-16 23:45 ——— d—–w C:\Documents and Settings\All Users\Application Data\Lavasoft
  2008-03-16 23:44 ——— d—–w C:\Program Files\Lavasoft
  2008-03-16 23:44 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Lavasoft
  2008-03-16 23:42 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
  2008-03-16 00:42 ——— d—–w C:\Program Files\Hitman Pro
  2008-03-16 00:35 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
  2008-03-16 00:35 ——— d—–w C:\Program Files\Spyware Doctor
  2008-03-15 23:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-03-15 22:26 ——— d—–w C:\Program Files\SpywareBlaster
  2008-03-15 19:44 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
  2008-03-15 19:27 74,240 —-a-w C:\WINDOWS\system32\drivers\iksyssec.sys
  2008-03-15 19:27 56,832 —-a-w C:\WINDOWS\system32\drivers\iksysflt.sys
  2008-03-14 13:33 ——— d—–w C:\Program Files\Sony Setup
  2008-03-14 11:30 ——— d—–w C:\Program Files\Sonic Foundry Noise Reduction Plug-In
  2008-03-14 11:03 10,332 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
  2008-03-14 09:15 ——— d—–w C:\Program Files\Common Files\Adobe
  2008-03-14 00:24 ——— d—–w C:\Program Files\eMule
  2008-03-13 23:20 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Canon
  2008-03-13 13:52 ——— d—–w C:\Program Files\Microsoft Works
  2008-03-13 02:24 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\OpenOffice.org2
  2008-03-12 20:53 ——— d—–w C:\Program Files\MSECache
  2008-03-11 20:50 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Vso
  2008-03-09 22:40 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2008-03-07 21:55 3,082 —-a-w C:\WINDOWS\system32\affv9553p4now.sys
  2008-03-07 21:42 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Corel
  2008-03-07 21:04 ——— d—–w C:\Documents and Settings\All Users\Application Data\Corel
  2008-03-07 20:22 ——— d—–w C:\Program Files\Common Files\Corel
  2008-03-07 20:21 ——— d—–w C:\Program Files\Corel
  2008-03-07 09:33 ——— d—–w C:\Program Files\Azureus
  2008-03-01 16:53 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Davilex
  2008-02-29 01:24 ——— d—–w C:\Program Files\Skype
  2008-02-29 01:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
  2008-02-16 02:18 ——— d—–w C:\Program Files\FreePDF_XP
  2008-02-16 02:04 ——— d—–w C:\Program Files\Spybot - Search & Destroy
  2008-02-15 22:16 691,545 —-a-w C:\WINDOWS\unins000.exe
  2008-02-09 16:35 ——— d—–w C:\Program Files\TomTom HOME 2
  2008-02-09 15:35 ——— d—–w C:\Program Files\TomTom HOME
  2008-02-09 11:30 ——— d—–w C:\Program Files\Amor Video Joiner
  2008-02-05 02:13 ——— d—–w C:\Program Files\vso
  2008-02-02 03:37 ——— d—–w C:\Program Files\gs
  2008-02-02 03:29 ——— d—–w C:\Program Files\Neuratron PhotoScore
  2008-01-31 03:02 ——— d—–w C:\Program Files\Innovatools
  2008-01-31 02:47 ——— d—–w C:\Program Files\bb
  2008-01-28 01:52 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\AVG7
  2008-01-26 02:43 ——— d—–w C:\Program Files\AccurateTime
  2008-01-25 03:27 ——— d—–w C:\Program Files\Common Files\Ahead
  2008-01-25 03:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Nero
  2008-01-24 01:54 ——— d—–w C:\Program Files\Monkey's Audio
  2008-01-24 01:49 ——— d—–w C:\Program Files\Winamp
  2007-01-10 21:45 87,608 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.exe
  2007-01-10 21:45 47,360 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\pcouffin.sys
  2005-08-21 17:20 6,984,582 ——w C:\Documents and Settings\Jim\DarkMessiahscreenshots.zip
  2005-06-02 15:24 6,407,716 ——w C:\Documents and Settings\Jim\metroid2.zip
  2005-06-02 15:16 442,581 ——w C:\Documents and Settings\Jim\metroidcommercial.zip
  2005-04-25 20:08 56,082 —-a-w C:\Documents and Settings\Melody\anim_bear.zip
  2007-01-12 02:44 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
  2005-01-27 13:59 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
  2006-07-23 17:50 56 –sh–r C:\WINDOWS\system32\FA58369351.sys
  .

  ((((((((((((((((((((((((((((( snapshot@2008-03-18_23.16.20.14 )))))))))))))))))))))))))))))))))))))))))
  .
  - 2007-09-24 20:30:28 135,168 —-a-w C:\WINDOWS\system32\java.exe
  + 2008-02-22 00:23:35 135,168 —-a-w C:\WINDOWS\system32\java.exe
  - 2007-09-24 20:30:30 135,168 —-a-w C:\WINDOWS\system32\javaw.exe
  + 2008-02-22 00:23:39 135,168 —-a-w C:\WINDOWS\system32\javaw.exe
  - 2007-09-24 21:31:42 139,264 —-a-w C:\WINDOWS\system32\javaws.exe
  + 2008-02-22 01:33:32 139,264 —-a-w C:\WINDOWS\system32\javaws.exe
  + 2008-03-19 09:57:33 16,384 —-atw C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
  "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000]
  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648]
  "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 14:31 118926]
  "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 11:35 98304]
  "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]
  "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05 344064]
  "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
  "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
  "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:56 579072]
  "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 06:34 360448]
  "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
  "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]
  "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184]
  "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]
  "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
  "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:39 219136]

  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
  BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-18 00:05:34 1048576]
  RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-06-18 00:18:40 528384]
  Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308]
  Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
  "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "C:\\Program Files\\Azureus\\Azureus.exe"=
  "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
  "C:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"=
  "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
  "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
  "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
  "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
  "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
  "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
  "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
  "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
  "C:\\Program Files\\eMule\\emule.exe"=
  "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
  "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
  "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

  R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
  R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
  R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-06-03 13:40]
  R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02]
  R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [2002-09-25 16:02]
  R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07]
  S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-19 10:57]
  S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]
  S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
  S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2002-09-25 16:02]

  .
  Inhoud van de 'Gedeelde Taken' map
  "2008-03-19 10:00:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
  - C:\Program Files\Windows Defender\MpCmdRun.exe
  .
  **************************************************************************

  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-03-19 13:04:26
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2008-03-19 13:05:13
  ComboFix-quarantined-files.txt 2008-03-19 12:04:59
  ComboFix2.txt 2008-03-18 22:16:36
  .
  2008-03-19 10:03:07 — E O F —
 • Heb toch het laatste CombixFix-log nog gevonden.
  Wellicht wilde je dit nog inzien.

  ———————————————————-

  ComboFix 08-03-17.1 - Robert H. Vorwald 2008-03-19 13:00:05.2 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.360 [GMT 1:00]
  Gestart vanuit: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
  Command switches used :: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\CFScript.txt
  * Nieuw herstelpunt werd aangemaakt

  FILE ::
  C:\stgs1.temp
  C:\stgs4.temp
  C:\WINDOWS\system32\kcivgsur.dll
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.log
  C:\stgs1.temp
  C:\stgs4.temp
  C:\WINDOWS\system32\kcivgsur.dll

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))
  .

  2008-03-19 00:06 . 2008-03-19 00:06 <DIR> d——– C:\Program Files\Sun
  2008-03-17 02:46 . 2008-03-17 02:46 1,158 –a—— C:\WINDOWS\mozver.dat
  2008-03-17 02:26 . 2008-03-17 02:26 0 –a—— C:\WINDOWS\nsreg.dat
  2008-03-17 02:15 . 2008-03-17 02:15 <DIR> d–h—– C:\WINDOWS\PIF
  2008-03-16 04:22 . 2008-03-16 04:22 <DIR> d——– C:\Program Files\Windows Defender
  2008-03-15 10:12 . 2008-03-15 10:12 <DIR> d——– C:\Program Files\PowerPoint Viewer
  2008-03-14 14:10 . 2008-03-14 14:10 <DIR> d——– C:\Program Files\Vstplugins
  2008-03-14 14:09 . 2008-03-14 14:11 <DIR> d——– C:\Program Files\Sony
  2008-03-14 12:02 . 2008-03-14 12:02 54,156 –ah—– C:\WINDOWS\QTFont.qfn
  2008-03-14 12:02 . 2008-03-14 12:02 1,409 –a—— C:\WINDOWS\QTFont.for
  2008-03-14 00:16 . 2008-03-14 00:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
  2008-03-14 00:01 . 2008-03-14 00:02 <DIR> d——– C:\WINDOWS\SHELLNEW
  2008-03-13 23:51 . 2008-03-13 23:51 <DIR> d——– C:\Program Files\Windows Installer Clean Up
  2008-03-13 23:35 . 2008-03-13 23:36 <DIR> d——– C:\Program Files\RegSeeker
  2008-03-13 15:37 . 2008-03-13 15:37 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\Windows Desktop Search
  2008-03-13 11:13 . 2008-03-13 15:36 <DIR> d——– C:\Program Files\Windows Desktop Search
  2008-03-13 10:39 . 2006-10-26 19:56 32,592 –a—— C:\WINDOWS\system32\msonpmon.dll
  2008-03-12 22:39 . 2008-03-12 22:39 <DIR> d——– C:\Program Files\Microsoft.NET
  2008-03-12 15:22 . 2008-03-13 14:51 <DIR> d——– C:\Program Files\MSBuild
  2008-03-12 15:13 . 2008-03-13 14:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Microsoft Help
  2008-03-08 01:53 . 2008-03-08 01:53 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
  2008-03-01 13:09 . 2008-03-01 15:13 <DIR> d——– C:\Program Files\Belastingdienst
  2008-02-29 02:24 . 2008-02-29 02:24 <DIR> d——– C:\Program Files\Common Files\Skype
  2008-02-29 02:24 . 2008-03-19 10:40 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\skypePM
  2008-02-29 02:24 . 2008-02-29 02:24 32 –a—— C:\Documents and Settings\All Users\Application Data\ezsid.dat
  2008-02-19 22:55 . 2007-09-13 16:07 302,419 –a—— C:\Program Files\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-03-19 11:58 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Skype
  2008-03-19 11:20 59,288 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\wklnhst.dat
  2008-03-19 10:00 ——— d—–w C:\Program Files\SPAMfighter
  2008-03-19 09:57 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
  2008-03-18 23:06 ——— d—–w C:\Program Files\Java
  2008-03-17 02:32 ——— d—–w C:\Program Files\Nuria
  2008-03-16 23:57 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Azureus
  2008-03-16 23:45 ——— d—–w C:\Documents and Settings\All Users\Application Data\Lavasoft
  2008-03-16 23:44 ——— d—–w C:\Program Files\Lavasoft
  2008-03-16 23:44 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Lavasoft
  2008-03-16 23:42 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
  2008-03-16 00:42 ——— d—–w C:\Program Files\Hitman Pro
  2008-03-16 00:35 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
  2008-03-16 00:35 ——— d—–w C:\Program Files\Spyware Doctor
  2008-03-15 23:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-03-15 22:26 ——— d—–w C:\Program Files\SpywareBlaster
  2008-03-15 19:44 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
  2008-03-15 19:27 74,240 —-a-w C:\WINDOWS\system32\drivers\iksyssec.sys
  2008-03-15 19:27 56,832 —-a-w C:\WINDOWS\system32\drivers\iksysflt.sys
  2008-03-14 13:33 ——— d—–w C:\Program Files\Sony Setup
  2008-03-14 11:30 ——— d—–w C:\Program Files\Sonic Foundry Noise Reduction Plug-In
  2008-03-14 11:03 10,332 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
  2008-03-14 09:15 ——— d—–w C:\Program Files\Common Files\Adobe
  2008-03-14 00:24 ——— d—–w C:\Program Files\eMule
  2008-03-13 23:20 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Canon
  2008-03-13 13:52 ——— d—–w C:\Program Files\Microsoft Works
  2008-03-13 02:24 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\OpenOffice.org2
  2008-03-12 20:53 ——— d—–w C:\Program Files\MSECache
  2008-03-11 20:50 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Vso
  2008-03-09 22:40 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2008-03-07 21:55 3,082 —-a-w C:\WINDOWS\system32\affv9553p4now.sys
  2008-03-07 21:42 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Corel
  2008-03-07 21:04 ——— d—–w C:\Documents and Settings\All Users\Application Data\Corel
  2008-03-07 20:22 ——— d—–w C:\Program Files\Common Files\Corel
  2008-03-07 20:21 ——— d—–w C:\Program Files\Corel
  2008-03-07 09:33 ——— d—–w C:\Program Files\Azureus
  2008-03-01 16:53 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Davilex
  2008-02-29 01:24 ——— d—–w C:\Program Files\Skype
  2008-02-29 01:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
  2008-02-16 02:18 ——— d—–w C:\Program Files\FreePDF_XP
  2008-02-16 02:04 ——— d—–w C:\Program Files\Spybot - Search & Destroy
  2008-02-15 22:16 691,545 —-a-w C:\WINDOWS\unins000.exe
  2008-02-09 16:35 ——— d—–w C:\Program Files\TomTom HOME 2
  2008-02-09 15:35 ——— d—–w C:\Program Files\TomTom HOME
  2008-02-09 11:30 ——— d—–w C:\Program Files\Amor Video Joiner
  2008-02-05 02:13 ——— d—–w C:\Program Files\vso
  2008-02-02 03:37 ——— d—–w C:\Program Files\gs
  2008-02-02 03:29 ——— d—–w C:\Program Files\Neuratron PhotoScore
  2008-01-31 03:02 ——— d—–w C:\Program Files\Innovatools
  2008-01-31 02:47 ——— d—–w C:\Program Files\bb
  2008-01-28 01:52 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\AVG7
  2008-01-26 02:43 ——— d—–w C:\Program Files\AccurateTime
  2008-01-25 03:27 ——— d—–w C:\Program Files\Common Files\Ahead
  2008-01-25 03:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Nero
  2008-01-24 01:54 ——— d—–w C:\Program Files\Monkey's Audio
  2008-01-24 01:49 ——— d—–w C:\Program Files\Winamp
  2007-01-10 21:45 87,608 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.exe
  2007-01-10 21:45 47,360 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\pcouffin.sys
  2005-08-21 17:20 6,984,582 ——w C:\Documents and Settings\Jim\DarkMessiahscreenshots.zip
  2005-06-02 15:24 6,407,716 ——w C:\Documents and Settings\Jim\metroid2.zip
  2005-06-02 15:16 442,581 ——w C:\Documents and Settings\Jim\metroidcommercial.zip
  2005-04-25 20:08 56,082 —-a-w C:\Documents and Settings\Melody\anim_bear.zip
  2007-01-12 02:44 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
  2005-01-27 13:59 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
  2006-07-23 17:50 56 –sh–r C:\WINDOWS\system32\FA58369351.sys
  .

  ((((((((((((((((((((((((((((( snapshot@2008-03-18_23.16.20.14 )))))))))))))))))))))))))))))))))))))))))
  .
  - 2007-09-24 20:30:28 135,168 —-a-w C:\WINDOWS\system32\java.exe
  + 2008-02-22 00:23:35 135,168 —-a-w C:\WINDOWS\system32\java.exe
  - 2007-09-24 20:30:30 135,168 —-a-w C:\WINDOWS\system32\javaw.exe
  + 2008-02-22 00:23:39 135,168 —-a-w C:\WINDOWS\system32\javaw.exe
  - 2007-09-24 21:31:42 139,264 —-a-w C:\WINDOWS\system32\javaws.exe
  + 2008-02-22 01:33:32 139,264 —-a-w C:\WINDOWS\system32\javaws.exe
  + 2008-03-19 09:57:33 16,384 —-atw C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
  "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000]
  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648]
  "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 14:31 118926]
  "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 11:35 98304]
  "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]
  "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05 344064]
  "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
  "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
  "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:56 579072]
  "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 06:34 360448]
  "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
  "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]
  "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184]
  "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]
  "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
  "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:39 219136]

  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
  BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-18 00:05:34 1048576]
  RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-06-18 00:18:40 528384]
  Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308]
  Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
  "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "C:\\Program Files\\Azureus\\Azureus.exe"=
  "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
  "C:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"=
  "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
  "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
  "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
  "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
  "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
  "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
  "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
  "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
  "C:\\Program Files\\eMule\\emule.exe"=
  "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
  "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
  "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

  R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
  R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
  R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-06-03 13:40]
  R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02]
  R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [2002-09-25 16:02]
  R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07]
  S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-19 10:57]
  S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]
  S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
  S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2002-09-25 16:02]

  .
  Inhoud van de 'Gedeelde Taken' map
  "2008-03-19 10:00:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
  - C:\Program Files\Windows Defender\MpCmdRun.exe
  .
  **************************************************************************

  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-03-19 13:04:26
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2008-03-19 13:05:13
  ComboFix-quarantined-files.txt 2008-03-19 12:04:59
  ComboFix2.txt 2008-03-18 22:16:36
  .
  2008-03-19 10:03:07 — E O F —
 • waarom twee x ?

  Nog problemen ?
 • Sorry, vergissing mijnerzijds.
  Ik vond dit bestand op mijn C:/-schijf en dacht dat dit het bestand was dat bij de laatste ComboFix-actie niet was gesaved.

  Het surfen gaat weer als vanouds; geen popups en ongewenste schermen meer en IE gaat weer sneller.
  Kleine maar irritante bijwerkingen zoals b.v. een 'stokkende' en vooral trage Outlook Express lijken ook tot het verleden te behoren.
  Ook het geratel van de HD is stukken minder geworden.
  Pfff… weer een hele opluchting!… dank zij jouw!

  Ik denk dat ik nog wat residente progjes die ik net zo goed via het startmenu kan openen moet verwijderen, dan start hopelijk ook mijn systeem weer wat vlotter op, want dat gaat nog erg traag, althans trager dan voorheen…

  Waar ik nog wel vanaf wil is het zwarte besturingssysteemkeuzescherm voordat Windows opstart.
  Ik heb op mijn HD de map C:/cmdcons gevonden van het prog Windows Herstelconsole.
  Kan ik deze gewoon verwijderen?
  Dit kan niet via windows software, want het prog wordt niet in de lijst vermeld.

  De boot.ini ziet er als volgt uit:

  [boot loader]
  timeout=10
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  [operating systems]
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
  C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows XP Herstelconsole" /cmdcons

  Ik heb hierin de timeout al van 30 naar 10 sec. teruggebracht maar heb het (nog) niet aangedurfd (de) verwijzing(en) weg te halen, gewoon omdat ik niet weet welke (nadelige) effecten dat kan hebben.

  Zie je reactie met belangstelling tegemoet.
 • lees dit.
  http://support.microsoft.com/kb/216417/nl  Overbodige opstartitems verwijderen
 • Hartelijk bedankt voor je support en adviezen.
  De boel draait weer stabiel!!
  Wederom was ik er zelf niet uitgekomen.
  Wel heb ik weer geleerd dat iedere virus of spywareinfectie op zichzelf staat en er geen uniforme methode is aan te wenden om dat kwaad uit te roeien.
  Het lijkt of 'ze' me om de zoveel maanden moeten hebben.
  Dat is natuurlijk onzin maar het is wel opmerkelijk en verdacht dat de problemen zich periodiek voordoen.
  Toch maar weer beter oppassen wat ik binnenhaal of waar ik naar toe surf alhoewel ik niet echt een intensieve surfer ben.
  Ik ga voorzichtig te werk, heb de computer helemaal dichtgepijkerd met antivirus, spyware en antispam-programma's en weet niet meer wat ik er verder aan moet doen buiten het draaien van scanners enz.
  Kennelijk weten 'ze' er toch weer doorheen te komen… het is net als ongedierte in je huis… kiertjes en gaatjes dichtgesmeerd, maar toch verschijnen ze weer…
  De link naar de opstartprogjes/procedures heb ik in mijn IE-favorieten gezet en ga ik nader bestuderen.
  Juisterr, nogmaals hartelijk bedankt voor je deskundigheid, inspanningen en hulp.
  Prettige Paasdagen en een hartelijke groet,
  Robert Vorwald.
 • Geen dank graag gedaan.  Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


  - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
  - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
  - Zet een vinkje voor "Systeemherstel uitschakelen".
  - Klik "Toepassen".
  - Windows vraagt of je dat zeker weet.
  - Klik "Ja".
  - Klik "OK".
  - Start de pc opnieuw op.
  - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
  - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
  - Klik "Ja".
  - Verwijder het vinkje voor "Systeemherstel uitschakelen".
  - Klik "Toepassen".
  - Klik "OK".
  - Start de pc opnieuw op
  - Er is nu een nieuw schoon herstel punt aangemaakt

  Hier nog wat tips. Beveiligings Tips

  nog meer tips

  Overbodige opstartitems verwijderen


  Nog een paar tips om problemen te voorkomen in de toekomst:

  Installeer alvast volgende GRATIS programmaatjes indien je ze nog niet hebt:

  Spywareblaster
  Adaware se
  Spybot s&amp;d


  Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt… doe dit enkel wanneer je het volledig vertrouwt.

  En kies eventueel een alternatieve browser zoals Opera Opera
  of Firefox. Firefox

  En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall.

  Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

  En… geregeld eens een bezoekje brengen aan: windowsupdate

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.