Vraag & Antwoord

Beveiliging & privacy

'Ze' moeten me weer hebben!

Anoniem
None
23 antwoorden
  • Ze zijn er weer, die ongewenste webpagina's die plotseling in volbeeld op mijn monitor verschijnen.
    Ook de irritante 'inlays' op de door mij bezochte pagina's die mij willen verleiden mijn systeem te scannen verschijnen te pas en te onpas.
    En ze waren allemaal zo lekker lang weggebleven, want ik heb dit probleem eerder gehad.
    Nu verhinderen ze zelfs het terugklikken naar (een) vorige pagina('s) en dus het ongestoord surfen.
    Spybot S&D, AVG AntiSpyware en Hitman Pro heb ik er op losgelaten en alhoewel die wel wat ellendelingen hebben opgespoord en verwijderd, de omschreven ergernis is niet verdwenen.
    Ik hoop dat er een 'forumist' is die mij andermaal kan en wil adviseren en aangeven hoe ik weer 'normaal' zonder gepest kan surfen…
    Bijvoorbaat mijn hartelijke dank!
  • In de FAQ staat hoe je een hijackthis-log moet maken. Als je dat log hier post, dan wil een van de experts op dit forum vast wel kijken hoe je van die troep af komt.
  • Lavasoft Ad-ware, Spybot Search & Destroy en CoolWebShredder volgens de instructies in "FAQ - Spyware" gedraaid maar dit heet niet het geoogde resultaat opgeleverd.
    Nog altijd last vann popups en ongewenste schermen.
    Ook blijft de HD maar rateleren… en dat geeft mij een onhaaglijk gevoel.

    Hieronder mijn logbestand van HyjackThis.
    Hoop dat iemand mij verder kan en wil helpen/adviseren.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:18:36, on 18-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\FreePDF_XP\fpassist.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Works\WkDStore.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\explorer.exe
    C:\totalcmd\TOTALCMD.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [BMb3f5ef97] Rundll32.exe "C:\WINDOWS\system32\dukmtfyc.dll",s
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 12329 bytes
  • Hallo, ik denk een vundo besmetting.


    [b:4ec0e7c43a]Schakel tijdelijk Windows Defender uit[/b:4ec0e7c43a]
    Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
    * Open Windows Defender > Klik [b:4ec0e7c43a]Tools[/b:4ec0e7c43a]
    * Klik [b:4ec0e7c43a]"General Settings"[/b:4ec0e7c43a]
    * Scroll naar [b:4ec0e7c43a]"Real Time Protection Options"[/b:4ec0e7c43a]
    * Haal het vinkje weg bij [b:4ec0e7c43a]"Turn on Real Time Protection (recommended)"[/b:4ec0e7c43a] > Klik [b:4ec0e7c43a]"Save"[/b:4ec0e7c43a]
    * Sluit Windows Defender
    (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)



    Schakel [b:4ec0e7c43a]Spybot's TeaTimer[/b:4ec0e7c43a] even uit, omdat deze de fix in de weg kan zitten:
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident [b:4ec0e7c43a]TeaTimer[/b:4ec0e7c43a] en klik OK
    - Herstart de computer

    Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op [b:4ec0e7c43a]ResetTeaTimer.bat[/b:4ec0e7c43a] om alle entries in [b:4ec0e7c43a] TeaTimer[/b:4ec0e7c43a] te verwijderen.
    [i:4ec0e7c43a]Als de computer schoon is, kun je [b:4ec0e7c43a]TeaTimer[/b:4ec0e7c43a] weer aan zetten [/i:4ec0e7c43a]

    Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

    Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
    Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Fix gelijk deze regels even

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:4ec0e7c43a]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    O4 - HKLM\..\Run: [BMb3f5ef97] Rundll32.exe "C:\WINDOWS\system32\dukmtfyc.dll",s
    [/b:4ec0e7c43a]
    Klik op 'Fix checked' om de items te verwijderen.


    Update je java,

    Download [b:4ec0e7c43a].
    [list:4ec0e7c43a][*:4ec0e7c43a]Scroll omlaag naar : "[i:4ec0e7c43a]Java Runtime Environment (JRE) 6 Update 5[/i:4ec0e7c43a]".
    [*:4ec0e7c43a]Klik op de "[b:4ec0e7c43a]Download[/b:4ec0e7c43a]" knop aan de rechterkant.
    [*:4ec0e7c43a]Vink aan: "[b:4ec0e7c43a]Accept License Agreement[/b:4ec0e7c43a]", en klik op [b:4ec0e7c43a]Continue[/b:4ec0e7c43a].
    [*:4ec0e7c43a]De pagina zal herladen.
    [*:4ec0e7c43a]Klik op de [b:4ec0e7c43a]Windows Offline Installation, Multi-language[/b:4ec0e7c43a] link ONDER [b:4ec0e7c43a]Windows Platform - Java SE Runtime Environment 6 Update 5[/b:4ec0e7c43a] en bewaar het op je Bureaublad.
    [*:4ec0e7c43a]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:4ec0e7c43a]Ga dan naar [b:4ec0e7c43a]Start[/b:4ec0e7c43a] > [b:4ec0e7c43a]Configuratiescherm[/b:4ec0e7c43a] > [b:4ec0e7c43a]Software[/b:4ec0e7c43a] en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:4ec0e7c43a]Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:4ec0e7c43a]Na het verwijderen van alle oudere versies, [b:4ec0e7c43a]herstart[/b:4ec0e7c43a] je pc.
    [*:4ec0e7c43a]Dubbelklik vervolgens op [b:4ec0e7c43a]jre-6u5-windows-i586-p.exe[/b:4ec0e7c43a] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:4ec0e7c43a]

    plaats een nieuw HJT logje samen met de combofix uitslag aub
  • Ben bezig het opgegeven traject te doorlopen.
    Loop toch even vast op het volgende:
    Bij opstarten verschjijnt, voordat Windows wordt geladen, een zwart scherm met de keuze verder te gaan met Windows Home Edition of de Recovery Console.
    Uit voorzorg toch maar de vraag welke keuze ik nu moet maken, want dit stond niet in de CombiFix-handleiding.
  • home edition.
  • Hieronder nieuwe Logs:

    ComboFix is gisterenavond (18-03) laat gedraaid en uit HijackThis heb ik eerst de opgegeven sleutels verwijderd (de vierde hieruit kon ik niet vinden, wellicht al door Combofix verwijderd…) en vanmorgen kort na opstart een nieuwe log gemaakt.

    Overigens: het antwoord op mijn vorige vraag over de herstelconsole stond wel in de ComoFix-handleiding; ik heb er in de hectiek van het voor mij toch spannende en wat onzekere gedoe overheen gelezen.

    Ben zeer belangstellend naar je verdere instructies.
    Er lijkt zich (maar dat kan louter gevoelsmatig zijn) al enige verbetering voor te doen…

    ————————————————————————-

    ComboFix 08-03-17.1 - Robert H. Vorwald 2008-03-18 23:00:58.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.425 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .
    TimeOut - progfile.dat

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BMb3f5ef97.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\awvvw.dll
    C:\WINDOWS\system32\dukmtfyc.dll
    C:\WINDOWS\system32\majhwlqv.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\tuddepbp.dll
    C:\WINDOWS\system32\wvvwa.ini
    C:\WINDOWS\system32\wvvwa.ini2

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))
    .

    2008-03-17 02:46 . 2008-03-17 02:46 1,158 –a—— C:\WINDOWS\mozver.dat
    2008-03-17 02:26 . 2008-03-17 02:26 0 –a—— C:\WINDOWS\nsreg.dat
    2008-03-17 02:15 . 2008-03-17 02:15 <DIR> d–h—– C:\WINDOWS\PIF
    2008-03-17 02:09 . 2008-03-17 02:09 95,296 –a—— C:\WINDOWS\system32\kcivgsur.dll
    2008-03-16 11:14 . 2008-03-16 11:14 5 –a—— C:\stgs4.temp
    2008-03-16 11:14 . 2008-03-16 11:14 5 –a—— C:\stgs1.temp
    2008-03-16 04:22 . 2008-03-16 04:22 <DIR> d——– C:\Program Files\Windows Defender
    2008-03-15 10:12 . 2008-03-15 10:12 <DIR> d——– C:\Program Files\PowerPoint Viewer
    2008-03-14 14:10 . 2008-03-14 14:10 <DIR> d——– C:\Program Files\Vstplugins
    2008-03-14 14:09 . 2008-03-14 14:11 <DIR> d——– C:\Program Files\Sony
    2008-03-14 12:02 . 2008-03-14 12:02 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-03-14 12:02 . 2008-03-14 12:02 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-03-14 00:16 . 2008-03-14 00:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    2008-03-14 00:01 . 2008-03-14 00:02 <DIR> d——– C:\WINDOWS\SHELLNEW
    2008-03-13 23:51 . 2008-03-13 23:51 <DIR> d——– C:\Program Files\Windows Installer Clean Up
    2008-03-13 23:35 . 2008-03-13 23:36 <DIR> d——– C:\Program Files\RegSeeker
    2008-03-13 15:37 . 2008-03-13 15:37 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\Windows Desktop Search
    2008-03-13 11:13 . 2008-03-13 15:36 <DIR> d——– C:\Program Files\Windows Desktop Search
    2008-03-13 10:39 . 2006-10-26 19:56 32,592 –a—— C:\WINDOWS\system32\msonpmon.dll
    2008-03-12 22:39 . 2008-03-12 22:39 <DIR> d——– C:\Program Files\Microsoft.NET
    2008-03-12 15:22 . 2008-03-13 14:51 <DIR> d——– C:\Program Files\MSBuild
    2008-03-12 15:13 . 2008-03-13 14:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-08 01:53 . 2008-03-08 01:53 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
    2008-03-01 13:09 . 2008-03-01 15:13 <DIR> d——– C:\Program Files\Belastingdienst
    2008-02-29 02:24 . 2008-02-29 02:24 <DIR> d——– C:\Program Files\Common Files\Skype
    2008-02-29 02:24 . 2008-03-18 18:42 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\skypePM
    2008-02-29 02:24 . 2008-02-29 02:24 32 –a—— C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-02-19 22:55 . 2007-09-13 16:07 302,419 –a—— C:\Program Files\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-18 22:12 ——— d—–w C:\Program Files\SPAMfighter
    2008-03-18 22:11 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2008-03-18 21:54 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Skype
    2008-03-17 02:32 ——— d—–w C:\Program Files\Nuria
    2008-03-16 23:57 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Azureus
    2008-03-16 23:45 ——— d—–w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-16 23:44 ——— d—–w C:\Program Files\Lavasoft
    2008-03-16 23:44 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Lavasoft
    2008-03-16 23:42 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-16 00:42 ——— d—–w C:\Program Files\Hitman Pro
    2008-03-16 00:35 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-16 00:35 ——— d—–w C:\Program Files\Spyware Doctor
    2008-03-15 23:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-15 22:26 ——— d—–w C:\Program Files\SpywareBlaster
    2008-03-15 19:44 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
    2008-03-15 19:27 74,240 —-a-w C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-03-15 19:27 56,832 —-a-w C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-03-14 13:33 ——— d—–w C:\Program Files\Sony Setup
    2008-03-14 11:30 ——— d—–w C:\Program Files\Sonic Foundry Noise Reduction Plug-In
    2008-03-14 09:15 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-03-14 00:24 ——— d—–w C:\Program Files\eMule
    2008-03-13 23:20 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Canon
    2008-03-13 13:52 ——— d—–w C:\Program Files\Microsoft Works
    2008-03-13 11:35 59,252 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\wklnhst.dat
    2008-03-13 02:24 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\OpenOffice.org2
    2008-03-12 20:53 ——— d—–w C:\Program Files\MSECache
    2008-03-12 12:20 ——— d—–w C:\Program Files\Java
    2008-03-11 20:50 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Vso
    2008-03-09 22:40 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-03-07 21:42 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Corel
    2008-03-07 21:04 ——— d—–w C:\Documents and Settings\All Users\Application Data\Corel
    2008-03-07 20:22 ——— d—–w C:\Program Files\Common Files\Corel
    2008-03-07 20:21 ——— d—–w C:\Program Files\Corel
    2008-03-07 09:33 ——— d—–w C:\Program Files\Azureus
    2008-03-01 16:53 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Davilex
    2008-02-29 01:24 ——— d—–w C:\Program Files\Skype
    2008-02-29 01:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
    2008-02-16 02:18 ——— d—–w C:\Program Files\FreePDF_XP
    2008-02-16 02:04 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-02-15 22:16 691,545 —-a-w C:\WINDOWS\unins000.exe
    2008-02-09 16:35 ——— d—–w C:\Program Files\TomTom HOME 2
    2008-02-09 15:35 ——— d—–w C:\Program Files\TomTom HOME
    2008-02-09 11:30 ——— d—–w C:\Program Files\Amor Video Joiner
    2008-02-05 02:13 ——— d—–w C:\Program Files\vso
    2008-02-02 03:37 ——— d—–w C:\Program Files\gs
    2008-02-02 03:29 ——— d—–w C:\Program Files\Neuratron PhotoScore
    2008-01-31 03:02 ——— d—–w C:\Program Files\Innovatools
    2008-01-31 02:47 ——— d—–w C:\Program Files\bb
    2008-01-28 01:52 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\AVG7
    2008-01-26 02:43 ——— d—–w C:\Program Files\AccurateTime
    2008-01-25 03:27 ——— d—–w C:\Program Files\Common Files\Ahead
    2008-01-25 03:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Nero
    2008-01-24 01:54 ——— d—–w C:\Program Files\Monkey's Audio
    2008-01-24 01:49 ——— d—–w C:\Program Files\Winamp
    2007-01-10 21:45 87,608 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.exe
    2007-01-10 21:45 47,360 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\pcouffin.sys
    2005-08-21 17:20 6,984,582 ——w C:\Documents and Settings\Jim\DarkMessiahscreenshots.zip
    2005-06-02 15:24 6,407,716 ——w C:\Documents and Settings\Jim\metroid2.zip
    2005-06-02 15:16 442,581 ——w C:\Documents and Settings\Jim\metroidcommercial.zip
    2005-04-25 20:08 56,082 —-a-w C:\Documents and Settings\Melody\anim_bear.zip
    2007-01-12 02:44 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
    2005-01-27 13:59 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
    2006-07-23 17:50 56 –sh–r C:\WINDOWS\system32\FA58369351.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 14:31 118926]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 11:35 98304]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05 344064]
    "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
    "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:56 579072]
    "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 06:34 360448]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]
    "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:39 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-18 00:05:34 1048576]
    RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-06-18 00:18:40 528384]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaax]
    fccyaax.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-06-03 13:40]
    R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02]
    R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [2002-09-25 16:02]
    R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07]
    S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-18 23:11]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
    S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2002-09-25 16:02]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-03-18 22:13:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-18 23:10:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-03-18 23:16:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-18 22:16:32
    .
    2008-03-16 02:02:01 — E O F —


    ————————————————————————————–

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:17:23, on 19-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Dit.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\FreePDF_XP\fpassist.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\totalcmd\TOTALCMD.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: fccyaax - fccyaax.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 12421 bytes
  • Hieronder nieuwe Logs:

    ComboFix is gisterenavond laat gedraaid en uit HijackThis heb ik eerst de opgegeven sleutels verwijderd (de vierde hieruit kon ik niet vinden, wellicht al door Combofix verwijderd…) en vanmorgen kort na opstart een nieuwe HijackThis log gemaakt.


    ComboFix 08-03-17.1 - Robert H. Vorwald 2008-03-18 23:00:58.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.425 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .
    TimeOut - progfile.dat

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BMb3f5ef97.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\awvvw.dll
    C:\WINDOWS\system32\dukmtfyc.dll
    C:\WINDOWS\system32\majhwlqv.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\tuddepbp.dll
    C:\WINDOWS\system32\wvvwa.ini
    C:\WINDOWS\system32\wvvwa.ini2

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))
    .

    2008-03-17 02:46 . 2008-03-17 02:46 1,158 –a—— C:\WINDOWS\mozver.dat
    2008-03-17 02:26 . 2008-03-17 02:26 0 –a—— C:\WINDOWS\nsreg.dat
    2008-03-17 02:15 . 2008-03-17 02:15 <DIR> d–h—– C:\WINDOWS\PIF
    2008-03-17 02:09 . 2008-03-17 02:09 95,296 –a—— C:\WINDOWS\system32\kcivgsur.dll
    2008-03-16 11:14 . 2008-03-16 11:14 5 –a—— C:\stgs4.temp
    2008-03-16 11:14 . 2008-03-16 11:14 5 –a—— C:\stgs1.temp
    2008-03-16 04:22 . 2008-03-16 04:22 <DIR> d——– C:\Program Files\Windows Defender
    2008-03-15 10:12 . 2008-03-15 10:12 <DIR> d——– C:\Program Files\PowerPoint Viewer
    2008-03-14 14:10 . 2008-03-14 14:10 <DIR> d——– C:\Program Files\Vstplugins
    2008-03-14 14:09 . 2008-03-14 14:11 <DIR> d——– C:\Program Files\Sony
    2008-03-14 12:02 . 2008-03-14 12:02 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-03-14 12:02 . 2008-03-14 12:02 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-03-14 00:16 . 2008-03-14 00:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    2008-03-14 00:01 . 2008-03-14 00:02 <DIR> d——– C:\WINDOWS\SHELLNEW
    2008-03-13 23:51 . 2008-03-13 23:51 <DIR> d——– C:\Program Files\Windows Installer Clean Up
    2008-03-13 23:35 . 2008-03-13 23:36 <DIR> d——– C:\Program Files\RegSeeker
    2008-03-13 15:37 . 2008-03-13 15:37 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\Windows Desktop Search
    2008-03-13 11:13 . 2008-03-13 15:36 <DIR> d——– C:\Program Files\Windows Desktop Search
    2008-03-13 10:39 . 2006-10-26 19:56 32,592 –a—— C:\WINDOWS\system32\msonpmon.dll
    2008-03-12 22:39 . 2008-03-12 22:39 <DIR> d——– C:\Program Files\Microsoft.NET
    2008-03-12 15:22 . 2008-03-13 14:51 <DIR> d——– C:\Program Files\MSBuild
    2008-03-12 15:13 . 2008-03-13 14:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-08 01:53 . 2008-03-08 01:53 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
    2008-03-01 13:09 . 2008-03-01 15:13 <DIR> d——– C:\Program Files\Belastingdienst
    2008-02-29 02:24 . 2008-02-29 02:24 <DIR> d——– C:\Program Files\Common Files\Skype
    2008-02-29 02:24 . 2008-03-18 18:42 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\skypePM
    2008-02-29 02:24 . 2008-02-29 02:24 32 –a—— C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-02-19 22:55 . 2007-09-13 16:07 302,419 –a—— C:\Program Files\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-18 22:12 ——— d—–w C:\Program Files\SPAMfighter
    2008-03-18 22:11 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2008-03-18 21:54 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Skype
    2008-03-17 02:32 ——— d—–w C:\Program Files\Nuria
    2008-03-16 23:57 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Azureus
    2008-03-16 23:45 ——— d—–w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-16 23:44 ——— d—–w C:\Program Files\Lavasoft
    2008-03-16 23:44 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Lavasoft
    2008-03-16 23:42 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-16 00:42 ——— d—–w C:\Program Files\Hitman Pro
    2008-03-16 00:35 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-16 00:35 ——— d—–w C:\Program Files\Spyware Doctor
    2008-03-15 23:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-15 22:26 ——— d—–w C:\Program Files\SpywareBlaster
    2008-03-15 19:44 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
    2008-03-15 19:27 74,240 —-a-w C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-03-15 19:27 56,832 —-a-w C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-03-14 13:33 ——— d—–w C:\Program Files\Sony Setup
    2008-03-14 11:30 ——— d—–w C:\Program Files\Sonic Foundry Noise Reduction Plug-In
    2008-03-14 09:15 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-03-14 00:24 ——— d—–w C:\Program Files\eMule
    2008-03-13 23:20 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Canon
    2008-03-13 13:52 ——— d—–w C:\Program Files\Microsoft Works
    2008-03-13 11:35 59,252 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\wklnhst.dat
    2008-03-13 02:24 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\OpenOffice.org2
    2008-03-12 20:53 ——— d—–w C:\Program Files\MSECache
    2008-03-12 12:20 ——— d—–w C:\Program Files\Java
    2008-03-11 20:50 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Vso
    2008-03-09 22:40 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-03-07 21:42 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Corel
    2008-03-07 21:04 ——— d—–w C:\Documents and Settings\All Users\Application Data\Corel
    2008-03-07 20:22 ——— d—–w C:\Program Files\Common Files\Corel
    2008-03-07 20:21 ——— d—–w C:\Program Files\Corel
    2008-03-07 09:33 ——— d—–w C:\Program Files\Azureus
    2008-03-01 16:53 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Davilex
    2008-02-29 01:24 ——— d—–w C:\Program Files\Skype
    2008-02-29 01:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
    2008-02-16 02:18 ——— d—–w C:\Program Files\FreePDF_XP
    2008-02-16 02:04 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-02-15 22:16 691,545 —-a-w C:\WINDOWS\unins000.exe
    2008-02-09 16:35 ——— d—–w C:\Program Files\TomTom HOME 2
    2008-02-09 15:35 ——— d—–w C:\Program Files\TomTom HOME
    2008-02-09 11:30 ——— d—–w C:\Program Files\Amor Video Joiner
    2008-02-05 02:13 ——— d—–w C:\Program Files\vso
    2008-02-02 03:37 ——— d—–w C:\Program Files\gs
    2008-02-02 03:29 ——— d—–w C:\Program Files\Neuratron PhotoScore
    2008-01-31 03:02 ——— d—–w C:\Program Files\Innovatools
    2008-01-31 02:47 ——— d—–w C:\Program Files\bb
    2008-01-28 01:52 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\AVG7
    2008-01-26 02:43 ——— d—–w C:\Program Files\AccurateTime
    2008-01-25 03:27 ——— d—–w C:\Program Files\Common Files\Ahead
    2008-01-25 03:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Nero
    2008-01-24 01:54 ——— d—–w C:\Program Files\Monkey's Audio
    2008-01-24 01:49 ——— d—–w C:\Program Files\Winamp
    2007-01-10 21:45 87,608 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.exe
    2007-01-10 21:45 47,360 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\pcouffin.sys
    2005-08-21 17:20 6,984,582 ——w C:\Documents and Settings\Jim\DarkMessiahscreenshots.zip
    2005-06-02 15:24 6,407,716 ——w C:\Documents and Settings\Jim\metroid2.zip
    2005-06-02 15:16 442,581 ——w C:\Documents and Settings\Jim\metroidcommercial.zip
    2005-04-25 20:08 56,082 —-a-w C:\Documents and Settings\Melody\anim_bear.zip
    2007-01-12 02:44 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
    2005-01-27 13:59 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
    2006-07-23 17:50 56 –sh–r C:\WINDOWS\system32\FA58369351.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 14:31 118926]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 11:35 98304]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05 344064]
    "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
    "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:56 579072]
    "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 06:34 360448]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]
    "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:39 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-18 00:05:34 1048576]
    RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-06-18 00:18:40 528384]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaax]
    fccyaax.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-06-03 13:40]
    R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02]
    R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [2002-09-25 16:02]
    R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07]
    S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-18 23:11]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
    S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2002-09-25 16:02]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-03-18 22:13:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-18 23:10:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-03-18 23:16:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-18 22:16:32
    .
    2008-03-16 02:02:01 — E O F —


    ————————————————————————————–

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:17:23, on 19-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Dit.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\FreePDF_XP\fpassist.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\totalcmd\TOTALCMD.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: fccyaax - fccyaax.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 12421 bytes
  • Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:54c7a57872][b:54c7a57872]
  • ComboFix sloot af met 'log.txt' op een blanco bureaublad (alleen wallpaper).
    Hierdoor kon de inhoud van die logtekst niet gesaved en/of gekopieërd worden.
    Een herstart middels de powerknop was nodig om het bureaublad in volle glorie terug te krijgen, maar het bestand ComboFix.txt ontbreekt hierop.
    ComboFix opnieuw draaien?
  • Nee hoeft niet denk ik, plaats wel even een nieuw HJT logje en vertel even hoe het nu gaat.
  • Heb nog niet zoveel ge-internet, maar de tijd dat ik dat gedaan heb zijn er geen popups of ongewenste schermen verschenen.
    Opstarten gaat weer wat sneller en ook het constante geratel van de HD is stukken minder; zal ik ook nog extra op letten.
    Ziet er dus optimistisch uit!
    Hoe kom ik nu van het zwarte keuzescherm af (Windows HE of Windows
    herstelconsole) dat verschijnt na het rootscherm en voordat Windows opstart?
    Of moet de herstelconsole d.m.v. deze keuze eerst gedraaid hebben alvorens het te kunnen de-installeren?

    Komtiedan, de nieuwste HijackThis logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:03:58, on 19-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Dit.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\FreePDF_XP\fpassist.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\totalcmd\TOTALCMD.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 12223 bytes
  • Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

    Verwijder ComboFix via [b:4476b835cb]Start[/b:4476b835cb] > [b:4476b835cb]Uitvoeren[/b:4476b835cb], kopiëer en plak [b:4476b835cb]Combofix /U[/b:4476b835cb]
    Klik op OK of toets Enter.
    Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

    [img:4476b835cb]http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG[/img:4476b835cb]

    als het goed is is alles nu normaal ?
  • Heb toch het laatste CombixFix-log nog gevonden.
    Wellicht wilde je dit nog inzien.

    ———————————————————-

    ComboFix 08-03-17.1 - Robert H. Vorwald 2008-03-19 13:00:05.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.360 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    C:\stgs1.temp
    C:\stgs4.temp
    C:\WINDOWS\system32\kcivgsur.dll
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.log
    C:\stgs1.temp
    C:\stgs4.temp
    C:\WINDOWS\system32\kcivgsur.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))
    .

    2008-03-19 00:06 . 2008-03-19 00:06 <DIR> d——– C:\Program Files\Sun
    2008-03-17 02:46 . 2008-03-17 02:46 1,158 –a—— C:\WINDOWS\mozver.dat
    2008-03-17 02:26 . 2008-03-17 02:26 0 –a—— C:\WINDOWS\nsreg.dat
    2008-03-17 02:15 . 2008-03-17 02:15 <DIR> d–h—– C:\WINDOWS\PIF
    2008-03-16 04:22 . 2008-03-16 04:22 <DIR> d——– C:\Program Files\Windows Defender
    2008-03-15 10:12 . 2008-03-15 10:12 <DIR> d——– C:\Program Files\PowerPoint Viewer
    2008-03-14 14:10 . 2008-03-14 14:10 <DIR> d——– C:\Program Files\Vstplugins
    2008-03-14 14:09 . 2008-03-14 14:11 <DIR> d——– C:\Program Files\Sony
    2008-03-14 12:02 . 2008-03-14 12:02 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-03-14 12:02 . 2008-03-14 12:02 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-03-14 00:16 . 2008-03-14 00:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    2008-03-14 00:01 . 2008-03-14 00:02 <DIR> d——– C:\WINDOWS\SHELLNEW
    2008-03-13 23:51 . 2008-03-13 23:51 <DIR> d——– C:\Program Files\Windows Installer Clean Up
    2008-03-13 23:35 . 2008-03-13 23:36 <DIR> d——– C:\Program Files\RegSeeker
    2008-03-13 15:37 . 2008-03-13 15:37 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\Windows Desktop Search
    2008-03-13 11:13 . 2008-03-13 15:36 <DIR> d——– C:\Program Files\Windows Desktop Search
    2008-03-13 10:39 . 2006-10-26 19:56 32,592 –a—— C:\WINDOWS\system32\msonpmon.dll
    2008-03-12 22:39 . 2008-03-12 22:39 <DIR> d——– C:\Program Files\Microsoft.NET
    2008-03-12 15:22 . 2008-03-13 14:51 <DIR> d——– C:\Program Files\MSBuild
    2008-03-12 15:13 . 2008-03-13 14:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-08 01:53 . 2008-03-08 01:53 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
    2008-03-01 13:09 . 2008-03-01 15:13 <DIR> d——– C:\Program Files\Belastingdienst
    2008-02-29 02:24 . 2008-02-29 02:24 <DIR> d——– C:\Program Files\Common Files\Skype
    2008-02-29 02:24 . 2008-03-19 10:40 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\skypePM
    2008-02-29 02:24 . 2008-02-29 02:24 32 –a—— C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-02-19 22:55 . 2007-09-13 16:07 302,419 –a—— C:\Program Files\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-19 11:58 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Skype
    2008-03-19 11:20 59,288 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\wklnhst.dat
    2008-03-19 10:00 ——— d—–w C:\Program Files\SPAMfighter
    2008-03-19 09:57 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2008-03-18 23:06 ——— d—–w C:\Program Files\Java
    2008-03-17 02:32 ——— d—–w C:\Program Files\Nuria
    2008-03-16 23:57 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Azureus
    2008-03-16 23:45 ——— d—–w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-16 23:44 ——— d—–w C:\Program Files\Lavasoft
    2008-03-16 23:44 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Lavasoft
    2008-03-16 23:42 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-16 00:42 ——— d—–w C:\Program Files\Hitman Pro
    2008-03-16 00:35 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-16 00:35 ——— d—–w C:\Program Files\Spyware Doctor
    2008-03-15 23:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-15 22:26 ——— d—–w C:\Program Files\SpywareBlaster
    2008-03-15 19:44 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
    2008-03-15 19:27 74,240 —-a-w C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-03-15 19:27 56,832 —-a-w C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-03-14 13:33 ——— d—–w C:\Program Files\Sony Setup
    2008-03-14 11:30 ——— d—–w C:\Program Files\Sonic Foundry Noise Reduction Plug-In
    2008-03-14 11:03 10,332 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-03-14 09:15 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-03-14 00:24 ——— d—–w C:\Program Files\eMule
    2008-03-13 23:20 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Canon
    2008-03-13 13:52 ——— d—–w C:\Program Files\Microsoft Works
    2008-03-13 02:24 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\OpenOffice.org2
    2008-03-12 20:53 ——— d—–w C:\Program Files\MSECache
    2008-03-11 20:50 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Vso
    2008-03-09 22:40 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-03-07 21:55 3,082 —-a-w C:\WINDOWS\system32\affv9553p4now.sys
    2008-03-07 21:42 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Corel
    2008-03-07 21:04 ——— d—–w C:\Documents and Settings\All Users\Application Data\Corel
    2008-03-07 20:22 ——— d—–w C:\Program Files\Common Files\Corel
    2008-03-07 20:21 ——— d—–w C:\Program Files\Corel
    2008-03-07 09:33 ——— d—–w C:\Program Files\Azureus
    2008-03-01 16:53 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Davilex
    2008-02-29 01:24 ——— d—–w C:\Program Files\Skype
    2008-02-29 01:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
    2008-02-16 02:18 ——— d—–w C:\Program Files\FreePDF_XP
    2008-02-16 02:04 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-02-15 22:16 691,545 —-a-w C:\WINDOWS\unins000.exe
    2008-02-09 16:35 ——— d—–w C:\Program Files\TomTom HOME 2
    2008-02-09 15:35 ——— d—–w C:\Program Files\TomTom HOME
    2008-02-09 11:30 ——— d—–w C:\Program Files\Amor Video Joiner
    2008-02-05 02:13 ——— d—–w C:\Program Files\vso
    2008-02-02 03:37 ——— d—–w C:\Program Files\gs
    2008-02-02 03:29 ——— d—–w C:\Program Files\Neuratron PhotoScore
    2008-01-31 03:02 ——— d—–w C:\Program Files\Innovatools
    2008-01-31 02:47 ——— d—–w C:\Program Files\bb
    2008-01-28 01:52 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\AVG7
    2008-01-26 02:43 ——— d—–w C:\Program Files\AccurateTime
    2008-01-25 03:27 ——— d—–w C:\Program Files\Common Files\Ahead
    2008-01-25 03:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Nero
    2008-01-24 01:54 ——— d—–w C:\Program Files\Monkey's Audio
    2008-01-24 01:49 ——— d—–w C:\Program Files\Winamp
    2007-01-10 21:45 87,608 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.exe
    2007-01-10 21:45 47,360 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\pcouffin.sys
    2005-08-21 17:20 6,984,582 ——w C:\Documents and Settings\Jim\DarkMessiahscreenshots.zip
    2005-06-02 15:24 6,407,716 ——w C:\Documents and Settings\Jim\metroid2.zip
    2005-06-02 15:16 442,581 ——w C:\Documents and Settings\Jim\metroidcommercial.zip
    2005-04-25 20:08 56,082 —-a-w C:\Documents and Settings\Melody\anim_bear.zip
    2007-01-12 02:44 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
    2005-01-27 13:59 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
    2006-07-23 17:50 56 –sh–r C:\WINDOWS\system32\FA58369351.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-18_23.16.20.14 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-09-24 20:30:28 135,168 —-a-w C:\WINDOWS\system32\java.exe
    + 2008-02-22 00:23:35 135,168 —-a-w C:\WINDOWS\system32\java.exe
    - 2007-09-24 20:30:30 135,168 —-a-w C:\WINDOWS\system32\javaw.exe
    + 2008-02-22 00:23:39 135,168 —-a-w C:\WINDOWS\system32\javaw.exe
    - 2007-09-24 21:31:42 139,264 —-a-w C:\WINDOWS\system32\javaws.exe
    + 2008-02-22 01:33:32 139,264 —-a-w C:\WINDOWS\system32\javaws.exe
    + 2008-03-19 09:57:33 16,384 —-atw C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 14:31 118926]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 11:35 98304]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05 344064]
    "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
    "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:56 579072]
    "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 06:34 360448]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]
    "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:39 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-18 00:05:34 1048576]
    RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-06-18 00:18:40 528384]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-06-03 13:40]
    R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02]
    R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [2002-09-25 16:02]
    R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07]
    S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-19 10:57]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
    S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2002-09-25 16:02]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-03-19 10:00:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-19 13:04:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-03-19 13:05:13
    ComboFix-quarantined-files.txt 2008-03-19 12:04:59
    ComboFix2.txt 2008-03-18 22:16:36
    .
    2008-03-19 10:03:07 — E O F —
  • Heb toch het laatste CombixFix-log nog gevonden.
    Wellicht wilde je dit nog inzien.

    ———————————————————-

    ComboFix 08-03-17.1 - Robert H. Vorwald 2008-03-19 13:00:05.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.360 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    C:\stgs1.temp
    C:\stgs4.temp
    C:\WINDOWS\system32\kcivgsur.dll
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.log
    C:\stgs1.temp
    C:\stgs4.temp
    C:\WINDOWS\system32\kcivgsur.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))
    .

    2008-03-19 00:06 . 2008-03-19 00:06 <DIR> d——– C:\Program Files\Sun
    2008-03-17 02:46 . 2008-03-17 02:46 1,158 –a—— C:\WINDOWS\mozver.dat
    2008-03-17 02:26 . 2008-03-17 02:26 0 –a—— C:\WINDOWS\nsreg.dat
    2008-03-17 02:15 . 2008-03-17 02:15 <DIR> d–h—– C:\WINDOWS\PIF
    2008-03-16 04:22 . 2008-03-16 04:22 <DIR> d——– C:\Program Files\Windows Defender
    2008-03-15 10:12 . 2008-03-15 10:12 <DIR> d——– C:\Program Files\PowerPoint Viewer
    2008-03-14 14:10 . 2008-03-14 14:10 <DIR> d——– C:\Program Files\Vstplugins
    2008-03-14 14:09 . 2008-03-14 14:11 <DIR> d——– C:\Program Files\Sony
    2008-03-14 12:02 . 2008-03-14 12:02 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-03-14 12:02 . 2008-03-14 12:02 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-03-14 00:16 . 2008-03-14 00:16 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    2008-03-14 00:01 . 2008-03-14 00:02 <DIR> d——– C:\WINDOWS\SHELLNEW
    2008-03-13 23:51 . 2008-03-13 23:51 <DIR> d——– C:\Program Files\Windows Installer Clean Up
    2008-03-13 23:35 . 2008-03-13 23:36 <DIR> d——– C:\Program Files\RegSeeker
    2008-03-13 15:37 . 2008-03-13 15:37 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\Windows Desktop Search
    2008-03-13 11:13 . 2008-03-13 15:36 <DIR> d——– C:\Program Files\Windows Desktop Search
    2008-03-13 10:39 . 2006-10-26 19:56 32,592 –a—— C:\WINDOWS\system32\msonpmon.dll
    2008-03-12 22:39 . 2008-03-12 22:39 <DIR> d——– C:\Program Files\Microsoft.NET
    2008-03-12 15:22 . 2008-03-13 14:51 <DIR> d——– C:\Program Files\MSBuild
    2008-03-12 15:13 . 2008-03-13 14:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-08 01:53 . 2008-03-08 01:53 <DIR> d——– C:\Program Files\Samsung ML-1610 Series
    2008-03-01 13:09 . 2008-03-01 15:13 <DIR> d——– C:\Program Files\Belastingdienst
    2008-02-29 02:24 . 2008-02-29 02:24 <DIR> d——– C:\Program Files\Common Files\Skype
    2008-02-29 02:24 . 2008-03-19 10:40 <DIR> d——– C:\Documents and Settings\Robert H. Vorwald\Application Data\skypePM
    2008-02-29 02:24 . 2008-02-29 02:24 32 –a—— C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-02-19 22:55 . 2007-09-13 16:07 302,419 –a—— C:\Program Files\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-19 11:58 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Skype
    2008-03-19 11:20 59,288 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\wklnhst.dat
    2008-03-19 10:00 ——— d—–w C:\Program Files\SPAMfighter
    2008-03-19 09:57 17,408 —-a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2008-03-18 23:06 ——— d—–w C:\Program Files\Java
    2008-03-17 02:32 ——— d—–w C:\Program Files\Nuria
    2008-03-16 23:57 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Azureus
    2008-03-16 23:45 ——— d—–w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-16 23:44 ——— d—–w C:\Program Files\Lavasoft
    2008-03-16 23:44 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Lavasoft
    2008-03-16 23:42 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-16 00:42 ——— d—–w C:\Program Files\Hitman Pro
    2008-03-16 00:35 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-16 00:35 ——— d—–w C:\Program Files\Spyware Doctor
    2008-03-15 23:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-15 22:26 ——— d—–w C:\Program Files\SpywareBlaster
    2008-03-15 19:44 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
    2008-03-15 19:27 74,240 —-a-w C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-03-15 19:27 56,832 —-a-w C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-03-14 13:33 ——— d—–w C:\Program Files\Sony Setup
    2008-03-14 11:30 ——— d—–w C:\Program Files\Sonic Foundry Noise Reduction Plug-In
    2008-03-14 11:03 10,332 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-03-14 09:15 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-03-14 00:24 ——— d—–w C:\Program Files\eMule
    2008-03-13 23:20 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Canon
    2008-03-13 13:52 ——— d—–w C:\Program Files\Microsoft Works
    2008-03-13 02:24 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\OpenOffice.org2
    2008-03-12 20:53 ——— d—–w C:\Program Files\MSECache
    2008-03-11 20:50 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Vso
    2008-03-09 22:40 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-03-07 21:55 3,082 —-a-w C:\WINDOWS\system32\affv9553p4now.sys
    2008-03-07 21:42 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Corel
    2008-03-07 21:04 ——— d—–w C:\Documents and Settings\All Users\Application Data\Corel
    2008-03-07 20:22 ——— d—–w C:\Program Files\Common Files\Corel
    2008-03-07 20:21 ——— d—–w C:\Program Files\Corel
    2008-03-07 09:33 ——— d—–w C:\Program Files\Azureus
    2008-03-01 16:53 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\Davilex
    2008-02-29 01:24 ——— d—–w C:\Program Files\Skype
    2008-02-29 01:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
    2008-02-16 02:18 ——— d—–w C:\Program Files\FreePDF_XP
    2008-02-16 02:04 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2008-02-15 22:16 691,545 —-a-w C:\WINDOWS\unins000.exe
    2008-02-09 16:35 ——— d—–w C:\Program Files\TomTom HOME 2
    2008-02-09 15:35 ——— d—–w C:\Program Files\TomTom HOME
    2008-02-09 11:30 ——— d—–w C:\Program Files\Amor Video Joiner
    2008-02-05 02:13 ——— d—–w C:\Program Files\vso
    2008-02-02 03:37 ——— d—–w C:\Program Files\gs
    2008-02-02 03:29 ——— d—–w C:\Program Files\Neuratron PhotoScore
    2008-01-31 03:02 ——— d—–w C:\Program Files\Innovatools
    2008-01-31 02:47 ——— d—–w C:\Program Files\bb
    2008-01-28 01:52 ——— d—–w C:\Documents and Settings\Robert H. Vorwald\Application Data\AVG7
    2008-01-26 02:43 ——— d—–w C:\Program Files\AccurateTime
    2008-01-25 03:27 ——— d—–w C:\Program Files\Common Files\Ahead
    2008-01-25 03:26 ——— d—–w C:\Documents and Settings\All Users\Application Data\Nero
    2008-01-24 01:54 ——— d—–w C:\Program Files\Monkey's Audio
    2008-01-24 01:49 ——— d—–w C:\Program Files\Winamp
    2007-01-10 21:45 87,608 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.exe
    2007-01-10 21:45 47,360 —-a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\pcouffin.sys
    2005-08-21 17:20 6,984,582 ——w C:\Documents and Settings\Jim\DarkMessiahscreenshots.zip
    2005-06-02 15:24 6,407,716 ——w C:\Documents and Settings\Jim\metroid2.zip
    2005-06-02 15:16 442,581 ——w C:\Documents and Settings\Jim\metroidcommercial.zip
    2005-04-25 20:08 56,082 —-a-w C:\Documents and Settings\Melody\anim_bear.zip
    2007-01-12 02:44 88 –sh–r C:\WINDOWS\system32\1E1866BC88.sys
    2005-01-27 13:59 8 –sh–r C:\WINDOWS\system32\62A95D688F.sys
    2006-07-23 17:50 56 –sh–r C:\WINDOWS\system32\FA58369351.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-18_23.16.20.14 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-09-24 20:30:28 135,168 —-a-w C:\WINDOWS\system32\java.exe
    + 2008-02-22 00:23:35 135,168 —-a-w C:\WINDOWS\system32\java.exe
    - 2007-09-24 20:30:30 135,168 —-a-w C:\WINDOWS\system32\javaw.exe
    + 2008-02-22 00:23:39 135,168 —-a-w C:\WINDOWS\system32\javaw.exe
    - 2007-09-24 21:31:42 139,264 —-a-w C:\WINDOWS\system32\javaws.exe
    + 2008-02-22 01:33:32 139,264 —-a-w C:\WINDOWS\system32\javaws.exe
    + 2008-03-19 09:57:33 16,384 —-atw C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648]
    "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 14:31 118926]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 11:35 98304]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05 344064]
    "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
    "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:56 579072]
    "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 06:34 360448]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]
    "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:39 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-18 00:05:34 1048576]
    RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-06-18 00:18:40 528384]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-06-03 13:40]
    R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02]
    R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [2002-09-25 16:02]
    R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07]
    S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-19 10:57]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
    S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2002-09-25 16:02]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-03-19 10:00:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-19 13:04:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-03-19 13:05:13
    ComboFix-quarantined-files.txt 2008-03-19 12:04:59
    ComboFix2.txt 2008-03-18 22:16:36
    .
    2008-03-19 10:03:07 — E O F —
  • waarom twee x ?

    Nog problemen ?
  • Sorry, vergissing mijnerzijds.
    Ik vond dit bestand op mijn C:/-schijf en dacht dat dit het bestand was dat bij de laatste ComboFix-actie niet was gesaved.

    Het surfen gaat weer als vanouds; geen popups en ongewenste schermen meer en IE gaat weer sneller.
    Kleine maar irritante bijwerkingen zoals b.v. een 'stokkende' en vooral trage Outlook Express lijken ook tot het verleden te behoren.
    Ook het geratel van de HD is stukken minder geworden.
    Pfff… weer een hele opluchting!… dank zij jouw!

    Ik denk dat ik nog wat residente progjes die ik net zo goed via het startmenu kan openen moet verwijderen, dan start hopelijk ook mijn systeem weer wat vlotter op, want dat gaat nog erg traag, althans trager dan voorheen…

    Waar ik nog wel vanaf wil is het zwarte besturingssysteemkeuzescherm voordat Windows opstart.
    Ik heb op mijn HD de map C:/cmdcons gevonden van het prog Windows Herstelconsole.
    Kan ik deze gewoon verwijderen?
    Dit kan niet via windows software, want het prog wordt niet in de lijst vermeld.

    De boot.ini ziet er als volgt uit:

    [boot loader]
    timeout=10
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows XP Herstelconsole" /cmdcons

    Ik heb hierin de timeout al van 30 naar 10 sec. teruggebracht maar heb het (nog) niet aangedurfd (de) verwijzing(en) weg te halen, gewoon omdat ik niet weet welke (nadelige) effecten dat kan hebben.

    Zie je reactie met belangstelling tegemoet.
  • lees dit.
    http://support.microsoft.com/kb/216417/nl



    Overbodige opstartitems verwijderen
  • Hartelijk bedankt voor je support en adviezen.
    De boel draait weer stabiel!!
    Wederom was ik er zelf niet uitgekomen.
    Wel heb ik weer geleerd dat iedere virus of spywareinfectie op zichzelf staat en er geen uniforme methode is aan te wenden om dat kwaad uit te roeien.
    Het lijkt of 'ze' me om de zoveel maanden moeten hebben.
    Dat is natuurlijk onzin maar het is wel opmerkelijk en verdacht dat de problemen zich periodiek voordoen.
    Toch maar weer beter oppassen wat ik binnenhaal of waar ik naar toe surf alhoewel ik niet echt een intensieve surfer ben.
    Ik ga voorzichtig te werk, heb de computer helemaal dichtgepijkerd met antivirus, spyware en antispam-programma's en weet niet meer wat ik er verder aan moet doen buiten het draaien van scanners enz.
    Kennelijk weten 'ze' er toch weer doorheen te komen… het is net als ongedierte in je huis… kiertjes en gaatjes dichtgesmeerd, maar toch verschijnen ze weer…
    De link naar de opstartprogjes/procedures heb ik in mijn IE-favorieten gezet en ga ik nader bestuderen.
    Juisterr, nogmaals hartelijk bedankt voor je deskundigheid, inspanningen en hulp.
    Prettige Paasdagen en een hartelijke groet,
    Robert Vorwald.
  • Geen dank graag gedaan.



    Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

    Hier nog wat tips. Beveiligings Tips

    nog meer tips

    Overbodige opstartitems verwijderen


    Nog een paar tips om problemen te voorkomen in de toekomst:

    Installeer alvast volgende GRATIS programmaatjes indien je ze nog niet hebt:

    Spywareblaster
    Adaware se
    Spybot s&amp;d


    Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt… doe dit enkel wanneer je het volledig vertrouwt.

    En kies eventueel een alternatieve browser zoals Opera Opera
    of Firefox. Firefox

    En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall.

    Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

    En… geregeld eens een bezoekje brengen aan: windowsupdate

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.