Ga naar inhoud
  • 0

'Ze' moeten me weer hebben!


anoniem

Vraag

Ze zijn er weer, die ongewenste webpagina's die plotseling in volbeeld op mijn monitor verschijnen. Ook de irritante 'inlays' op de door mij bezochte pagina's die mij willen verleiden mijn systeem te scannen verschijnen te pas en te onpas. En ze waren allemaal zo lekker lang weggebleven, want ik heb dit probleem eerder gehad. Nu verhinderen ze zelfs het terugklikken naar (een) vorige pagina('s) en dus het ongestoord surfen. Spybot S&D, AVG AntiSpyware en Hitman Pro heb ik er op losgelaten en alhoewel die wel wat ellendelingen hebben opgespoord en verwijderd, de omschreven ergernis is niet verdwenen. Ik hoop dat er een 'forumist' is die mij andermaal kan en wil adviseren en aangeven hoe ik weer 'normaal' zonder gepest kan surfen... Bijvoorbaat mijn hartelijke dank!
Link naar reactie

Aanbevolen berichten

  • 0
Lavasoft Ad-ware, Spybot Search & Destroy en CoolWebShredder volgens de instructies in "FAQ - Spyware" gedraaid maar dit heet niet het geoogde resultaat opgeleverd. Nog altijd last vann popups en ongewenste schermen. Ook blijft de HD maar rateleren... en dat geeft mij een onhaaglijk gevoel. Hieronder mijn logbestand van HyjackThis. Hoop dat iemand mij verder kan en wil helpen/adviseren. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:18:36, on 18-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\imapi.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\WINDOWS\Dit.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Microsoft Works\WkDStore.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\explorer.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [BMb3f5ef97] Rundll32.exe "C:\WINDOWS\system32\dukmtfyc.dll",s O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12329 bytes
Link naar reactie
  • 0
Hallo, ik denk een vundo besmetting. [b:4ec0e7c43a]Schakel tijdelijk Windows Defender uit[/b:4ec0e7c43a] Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken) * Open Windows Defender > Klik [b:4ec0e7c43a]Tools[/b:4ec0e7c43a] * Klik [b:4ec0e7c43a]"General Settings"[/b:4ec0e7c43a] * Scroll naar [b:4ec0e7c43a]"Real Time Protection Options"[/b:4ec0e7c43a] * Haal het vinkje weg bij [b:4ec0e7c43a]"Turn on Real Time Protection (recommended)"[/b:4ec0e7c43a] > Klik [b:4ec0e7c43a]"Save"[/b:4ec0e7c43a] * Sluit Windows Defender (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten) Schakel [b:4ec0e7c43a]Spybot's TeaTimer[/b:4ec0e7c43a] even uit, omdat deze de fix in de weg kan zitten: - Start Spybot - Ga naar Mode > selecteer Advanced Mode - Ga naar Tools en klik op het Resident-icoon in de lijst - Haal het vinkje weg bij Resident [b:4ec0e7c43a]TeaTimer[/b:4ec0e7c43a] en klik OK - Herstart de computer Download vervolgens [url=http://downloads.subratam.org/ResetTeaTimer.bat] ResetTeaTimer.bat[/url] naar je Bureaublad. Dubbelklik op [b:4ec0e7c43a]ResetTeaTimer.bat[/b:4ec0e7c43a] om alle entries in [b:4ec0e7c43a] TeaTimer[/b:4ec0e7c43a] te verwijderen. [i:4ec0e7c43a]Als de computer schoon is, kun je [b:4ec0e7c43a]TeaTimer[/b:4ec0e7c43a] weer aan zetten [/i:4ec0e7c43a] Volg de instructies zoals beschreven op de volgende pagina: [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]hoe-dient-combofix-gebruikt-te-worden[/url] Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd. Is er iets niet duidelijk, dan vraag je het. Als het tooltje klaar is, opent er een logfile (C:\combofix.txt). Post de inhoud van dit bestandje samen met een nieuwe hijackthislog. Fix gelijk deze regels even Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:4ec0e7c43a] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm O4 - HKLM\..\Run: [BMb3f5ef97] Rundll32.exe "C:\WINDOWS\system32\dukmtfyc.dll",s [/b:4ec0e7c43a] Klik op 'Fix checked' om de items te verwijderen. Update je java, Download [url=http://java.sun.com/javase/downloads/index.jsp][b:4ec0e7c43a][color=blue:4ec0e7c43a]Java Runtime Environment (JRE) 6u5[/color:4ec0e7c43a][/b:4ec0e7c43a][/url]. [list:4ec0e7c43a][*:4ec0e7c43a]Scroll omlaag naar : "[i:4ec0e7c43a]Java Runtime Environment (JRE) 6 Update 5[/i:4ec0e7c43a]". [*:4ec0e7c43a]Klik op de "[b:4ec0e7c43a]Download[/b:4ec0e7c43a]" knop aan de rechterkant. [*:4ec0e7c43a]Vink aan: "[b:4ec0e7c43a]Accept License Agreement[/b:4ec0e7c43a]", en klik op [b:4ec0e7c43a]Continue[/b:4ec0e7c43a]. [*:4ec0e7c43a]De pagina zal herladen. [*:4ec0e7c43a]Klik op de [b:4ec0e7c43a]Windows Offline Installation, Multi-language[/b:4ec0e7c43a] link ONDER [b:4ec0e7c43a]Windows Platform - Java SE Runtime Environment 6 Update 5[/b:4ec0e7c43a] en bewaar het op je Bureaublad. [*:4ec0e7c43a]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:4ec0e7c43a]Ga dan naar [b:4ec0e7c43a]Start[/b:4ec0e7c43a] > [b:4ec0e7c43a]Configuratiescherm[/b:4ec0e7c43a] > [b:4ec0e7c43a]Software[/b:4ec0e7c43a] en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam. [*:4ec0e7c43a]Herhaal dit tot alle oudere versies verdwenen zijn. [*:4ec0e7c43a]Na het verwijderen van alle oudere versies, [b:4ec0e7c43a]herstart[/b:4ec0e7c43a] je pc. [*:4ec0e7c43a]Dubbelklik vervolgens op [b:4ec0e7c43a]jre-6u5-windows-i586-p.exe[/b:4ec0e7c43a] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:4ec0e7c43a] plaats een nieuw HJT logje samen met de combofix uitslag aub
Link naar reactie
  • 0
Ben bezig het opgegeven traject te doorlopen. Loop toch even vast op het volgende: Bij opstarten verschjijnt, voordat Windows wordt geladen, een zwart scherm met de keuze verder te gaan met Windows Home Edition of de Recovery Console. Uit voorzorg toch maar de vraag welke keuze ik nu moet maken, want dit stond niet in de CombiFix-handleiding.
Link naar reactie
  • 0
Hieronder nieuwe Logs: ComboFix is gisterenavond (18-03) laat gedraaid en uit HijackThis heb ik eerst de opgegeven sleutels verwijderd (de vierde hieruit kon ik niet vinden, wellicht al door Combofix verwijderd...) en vanmorgen kort na opstart een nieuwe log gemaakt. Overigens: het antwoord op mijn vorige vraag over de herstelconsole stond wel in de ComoFix-handleiding; ik heb er in de hectiek van het voor mij toch spannende en wat onzekere gedoe overheen gelezen. Ben zeer belangstellend naar je verdere instructies. Er lijkt zich (maar dat kan louter gevoelsmatig zijn) al enige verbetering voor te doen... ------------------------------------------------------------------------- ComboFix 08-03-17.1 - Robert H. Vorwald 2008-03-18 23:00:58.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.425 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . TimeOut - progfile.dat (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMb3f5ef97.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\awvvw.dll C:\WINDOWS\system32\dukmtfyc.dll C:\WINDOWS\system32\majhwlqv.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\tuddepbp.dll C:\WINDOWS\system32\wvvwa.ini C:\WINDOWS\system32\wvvwa.ini2 . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))) . 2008-03-17 02:46 . 2008-03-17 02:46 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-17 02:26 . 2008-03-17 02:26 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-17 02:15 . 2008-03-17 02:15 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-17 02:09 . 2008-03-17 02:09 95,296 --a------ C:\WINDOWS\system32\kcivgsur.dll 2008-03-16 11:14 . 2008-03-16 11:14 5 --a------ C:\stgs4.temp 2008-03-16 11:14 . 2008-03-16 11:14 5 --a------ C:\stgs1.temp 2008-03-16 04:22 . 2008-03-16 04:22 <DIR> d-------- C:\Program Files\Windows Defender 2008-03-15 10:12 . 2008-03-15 10:12 <DIR> d-------- C:\Program Files\PowerPoint Viewer 2008-03-14 14:10 . 2008-03-14 14:10 <DIR> d-------- C:\Program Files\Vstplugins 2008-03-14 14:09 . 2008-03-14 14:11 <DIR> d-------- C:\Program Files\Sony 2008-03-14 12:02 . 2008-03-14 12:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-14 12:02 . 2008-03-14 12:02 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-14 00:16 . 2008-03-14 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir 2008-03-14 00:01 . 2008-03-14 00:02 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-03-13 23:51 . 2008-03-13 23:51 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-03-13 23:35 . 2008-03-13 23:36 <DIR> d-------- C:\Program Files\RegSeeker 2008-03-13 15:37 . 2008-03-13 15:37 <DIR> d-------- C:\Documents and Settings\Robert H. Vorwald\Application Data\Windows Desktop Search 2008-03-13 11:13 . 2008-03-13 15:36 <DIR> d-------- C:\Program Files\Windows Desktop Search 2008-03-13 10:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-03-12 22:39 . 2008-03-12 22:39 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-03-12 15:22 . 2008-03-13 14:51 <DIR> d-------- C:\Program Files\MSBuild 2008-03-12 15:13 . 2008-03-13 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-08 01:53 . 2008-03-08 01:53 <DIR> d-------- C:\Program Files\Samsung ML-1610 Series 2008-03-01 13:09 . 2008-03-01 15:13 <DIR> d-------- C:\Program Files\Belastingdienst 2008-02-29 02:24 . 2008-02-29 02:24 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-02-29 02:24 . 2008-03-18 18:42 <DIR> d-------- C:\Documents and Settings\Robert H. Vorwald\Application Data\skypePM 2008-02-29 02:24 . 2008-02-29 02:24 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-19 22:55 . 2007-09-13 16:07 302,419 --a------ C:\Program Files\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-18 22:12 --------- d-----w C:\Program Files\SPAMfighter 2008-03-18 22:11 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-03-18 21:54 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Skype 2008-03-17 02:32 --------- d-----w C:\Program Files\Nuria 2008-03-16 23:57 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Azureus 2008-03-16 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-16 23:44 --------- d-----w C:\Program Files\Lavasoft 2008-03-16 23:44 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Lavasoft 2008-03-16 23:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-16 00:42 --------- d-----w C:\Program Files\Hitman Pro 2008-03-16 00:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-16 00:35 --------- d-----w C:\Program Files\Spyware Doctor 2008-03-15 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-15 22:26 --------- d-----w C:\Program Files\SpywareBlaster 2008-03-15 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-03-15 19:27 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-15 19:27 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-14 13:33 --------- d-----w C:\Program Files\Sony Setup 2008-03-14 11:30 --------- d-----w C:\Program Files\Sonic Foundry Noise Reduction Plug-In 2008-03-14 09:15 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-14 00:24 --------- d-----w C:\Program Files\eMule 2008-03-13 23:20 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Canon 2008-03-13 13:52 --------- d-----w C:\Program Files\Microsoft Works 2008-03-13 11:35 59,252 ----a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\wklnhst.dat 2008-03-13 02:24 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\OpenOffice.org2 2008-03-12 20:53 --------- d-----w C:\Program Files\MSECache 2008-03-12 12:20 --------- d-----w C:\Program Files\Java 2008-03-11 20:50 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Vso 2008-03-09 22:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-07 21:42 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Corel 2008-03-07 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-03-07 20:22 --------- d-----w C:\Program Files\Common Files\Corel 2008-03-07 20:21 --------- d-----w C:\Program Files\Corel 2008-03-07 09:33 --------- d-----w C:\Program Files\Azureus 2008-03-01 16:53 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Davilex 2008-02-29 01:24 --------- d-----w C:\Program Files\Skype 2008-02-29 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-02-16 02:18 --------- d-----w C:\Program Files\FreePDF_XP 2008-02-16 02:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-15 22:16 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-09 16:35 --------- d-----w C:\Program Files\TomTom HOME 2 2008-02-09 15:35 --------- d-----w C:\Program Files\TomTom HOME 2008-02-09 11:30 --------- d-----w C:\Program Files\Amor Video Joiner 2008-02-05 02:13 --------- d-----w C:\Program Files\vso 2008-02-02 03:37 --------- d-----w C:\Program Files\gs 2008-02-02 03:29 --------- d-----w C:\Program Files\Neuratron PhotoScore 2008-01-31 03:02 --------- d-----w C:\Program Files\Innovatools 2008-01-31 02:47 --------- d-----w C:\Program Files\bb 2008-01-28 01:52 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\AVG7 2008-01-26 02:43 --------- d-----w C:\Program Files\AccurateTime 2008-01-25 03:27 --------- d-----w C:\Program Files\Common Files\Ahead 2008-01-25 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-01-24 01:54 --------- d-----w C:\Program Files\Monkey's Audio 2008-01-24 01:49 --------- d-----w C:\Program Files\Winamp 2007-01-10 21:45 87,608 ----a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.exe 2007-01-10 21:45 47,360 ----a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\pcouffin.sys 2005-08-21 17:20 6,984,582 ------w C:\Documents and Settings\Jim\DarkMessiahscreenshots.zip 2005-06-02 15:24 6,407,716 ------w C:\Documents and Settings\Jim\metroid2.zip 2005-06-02 15:16 442,581 ------w C:\Documents and Settings\Jim\metroidcommercial.zip 2005-04-25 20:08 56,082 ----a-w C:\Documents and Settings\Melody\anim_bear.zip 2007-01-12 02:44 88 --sh--r C:\WINDOWS\system32\1E1866BC88.sys 2005-01-27 13:59 8 --sh--r C:\WINDOWS\system32\62A95D688F.sys 2006-07-23 17:50 56 --sh--r C:\WINDOWS\system32\FA58369351.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648] "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 14:31 118926] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 11:35 98304] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05 344064] "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:56 579072] "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 06:34 360448] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920] "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:39 219136] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-18 00:05:34 1048576] RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-06-18 00:18:40 528384] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaax] fccyaax.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10] R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-06-03 13:40] R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02] R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [2002-09-25 16:02] R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-18 23:11] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18] S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2002-09-25 16:02] . Inhoud van de 'Gedeelde Taken' map "2008-03-18 22:13:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-18 23:10:55 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2008-03-18 23:16:35 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-18 22:16:32 . 2008-03-16 02:02:01 --- E O F --- -------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:17:23, on 19-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\imapi.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\WINDOWS\Dit.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: fccyaax - fccyaax.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12421 bytes
Link naar reactie
  • 0
Hieronder nieuwe Logs: ComboFix is gisterenavond laat gedraaid en uit HijackThis heb ik eerst de opgegeven sleutels verwijderd (de vierde hieruit kon ik niet vinden, wellicht al door Combofix verwijderd...) en vanmorgen kort na opstart een nieuwe HijackThis log gemaakt. ComboFix 08-03-17.1 - Robert H. Vorwald 2008-03-18 23:00:58.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.425 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . TimeOut - progfile.dat (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMb3f5ef97.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\awvvw.dll C:\WINDOWS\system32\dukmtfyc.dll C:\WINDOWS\system32\majhwlqv.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\tuddepbp.dll C:\WINDOWS\system32\wvvwa.ini C:\WINDOWS\system32\wvvwa.ini2 . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))) . 2008-03-17 02:46 . 2008-03-17 02:46 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-17 02:26 . 2008-03-17 02:26 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-17 02:15 . 2008-03-17 02:15 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-17 02:09 . 2008-03-17 02:09 95,296 --a------ C:\WINDOWS\system32\kcivgsur.dll 2008-03-16 11:14 . 2008-03-16 11:14 5 --a------ C:\stgs4.temp 2008-03-16 11:14 . 2008-03-16 11:14 5 --a------ C:\stgs1.temp 2008-03-16 04:22 . 2008-03-16 04:22 <DIR> d-------- C:\Program Files\Windows Defender 2008-03-15 10:12 . 2008-03-15 10:12 <DIR> d-------- C:\Program Files\PowerPoint Viewer 2008-03-14 14:10 . 2008-03-14 14:10 <DIR> d-------- C:\Program Files\Vstplugins 2008-03-14 14:09 . 2008-03-14 14:11 <DIR> d-------- C:\Program Files\Sony 2008-03-14 12:02 . 2008-03-14 12:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-14 12:02 . 2008-03-14 12:02 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-14 00:16 . 2008-03-14 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir 2008-03-14 00:01 . 2008-03-14 00:02 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-03-13 23:51 . 2008-03-13 23:51 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-03-13 23:35 . 2008-03-13 23:36 <DIR> d-------- C:\Program Files\RegSeeker 2008-03-13 15:37 . 2008-03-13 15:37 <DIR> d-------- C:\Documents and Settings\Robert H. Vorwald\Application Data\Windows Desktop Search 2008-03-13 11:13 . 2008-03-13 15:36 <DIR> d-------- C:\Program Files\Windows Desktop Search 2008-03-13 10:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-03-12 22:39 . 2008-03-12 22:39 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-03-12 15:22 . 2008-03-13 14:51 <DIR> d-------- C:\Program Files\MSBuild 2008-03-12 15:13 . 2008-03-13 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-08 01:53 . 2008-03-08 01:53 <DIR> d-------- C:\Program Files\Samsung ML-1610 Series 2008-03-01 13:09 . 2008-03-01 15:13 <DIR> d-------- C:\Program Files\Belastingdienst 2008-02-29 02:24 . 2008-02-29 02:24 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-02-29 02:24 . 2008-03-18 18:42 <DIR> d-------- C:\Documents and Settings\Robert H. Vorwald\Application Data\skypePM 2008-02-29 02:24 . 2008-02-29 02:24 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-19 22:55 . 2007-09-13 16:07 302,419 --a------ C:\Program Files\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-18 22:12 --------- d-----w C:\Program Files\SPAMfighter 2008-03-18 22:11 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-03-18 21:54 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Skype 2008-03-17 02:32 --------- d-----w C:\Program Files\Nuria 2008-03-16 23:57 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Azureus 2008-03-16 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-16 23:44 --------- d-----w C:\Program Files\Lavasoft 2008-03-16 23:44 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Lavasoft 2008-03-16 23:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-16 00:42 --------- d-----w C:\Program Files\Hitman Pro 2008-03-16 00:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-16 00:35 --------- d-----w C:\Program Files\Spyware Doctor 2008-03-15 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-15 22:26 --------- d-----w C:\Program Files\SpywareBlaster 2008-03-15 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-03-15 19:27 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-15 19:27 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-14 13:33 --------- d-----w C:\Program Files\Sony Setup 2008-03-14 11:30 --------- d-----w C:\Program Files\Sonic Foundry Noise Reduction Plug-In 2008-03-14 09:15 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-14 00:24 --------- d-----w C:\Program Files\eMule 2008-03-13 23:20 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Canon 2008-03-13 13:52 --------- d-----w C:\Program Files\Microsoft Works 2008-03-13 11:35 59,252 ----a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\wklnhst.dat 2008-03-13 02:24 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\OpenOffice.org2 2008-03-12 20:53 --------- d-----w C:\Program Files\MSECache 2008-03-12 12:20 --------- d-----w C:\Program Files\Java 2008-03-11 20:50 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Vso 2008-03-09 22:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-07 21:42 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Corel 2008-03-07 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-03-07 20:22 --------- d-----w C:\Program Files\Common Files\Corel 2008-03-07 20:21 --------- d-----w C:\Program Files\Corel 2008-03-07 09:33 --------- d-----w C:\Program Files\Azureus 2008-03-01 16:53 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Davilex 2008-02-29 01:24 --------- d-----w C:\Program Files\Skype 2008-02-29 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-02-16 02:18 --------- d-----w C:\Program Files\FreePDF_XP 2008-02-16 02:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-15 22:16 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-09 16:35 --------- d-----w C:\Program Files\TomTom HOME 2 2008-02-09 15:35 --------- d-----w C:\Program Files\TomTom HOME 2008-02-09 11:30 --------- d-----w C:\Program Files\Amor Video Joiner 2008-02-05 02:13 --------- d-----w C:\Program Files\vso 2008-02-02 03:37 --------- d-----w C:\Program Files\gs 2008-02-02 03:29 --------- d-----w C:\Program Files\Neuratron PhotoScore 2008-01-31 03:02 --------- d-----w C:\Program Files\Innovatools 2008-01-31 02:47 --------- d-----w C:\Program Files\bb 2008-01-28 01:52 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\AVG7 2008-01-26 02:43 --------- d-----w C:\Program Files\AccurateTime 2008-01-25 03:27 --------- d-----w C:\Program Files\Common Files\Ahead 2008-01-25 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-01-24 01:54 --------- d-----w C:\Program Files\Monkey's Audio 2008-01-24 01:49 --------- d-----w C:\Program Files\Winamp 2007-01-10 21:45 87,608 ----a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.exe 2007-01-10 21:45 47,360 ----a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\pcouffin.sys 2005-08-21 17:20 6,984,582 ------w C:\Documents and Settings\Jim\DarkMessiahscreenshots.zip 2005-06-02 15:24 6,407,716 ------w C:\Documents and Settings\Jim\metroid2.zip 2005-06-02 15:16 442,581 ------w C:\Documents and Settings\Jim\metroidcommercial.zip 2005-04-25 20:08 56,082 ----a-w C:\Documents and Settings\Melody\anim_bear.zip 2007-01-12 02:44 88 --sh--r C:\WINDOWS\system32\1E1866BC88.sys 2005-01-27 13:59 8 --sh--r C:\WINDOWS\system32\62A95D688F.sys 2006-07-23 17:50 56 --sh--r C:\WINDOWS\system32\FA58369351.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648] "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 14:31 118926] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 11:35 98304] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05 344064] "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:56 579072] "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 06:34 360448] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920] "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:39 219136] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-18 00:05:34 1048576] RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-06-18 00:18:40 528384] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaax] fccyaax.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10] R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-06-03 13:40] R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02] R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [2002-09-25 16:02] R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-18 23:11] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18] S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2002-09-25 16:02] . Inhoud van de 'Gedeelde Taken' map "2008-03-18 22:13:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-18 23:10:55 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2008-03-18 23:16:35 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-18 22:16:32 . 2008-03-16 02:02:01 --- E O F --- -------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:17:23, on 19-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\imapi.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\WINDOWS\Dit.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: fccyaax - fccyaax.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12421 bytes
Link naar reactie
  • 0
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:54c7a57872][b:54c7a57872][color=blue:54c7a57872] File:: C:\WINDOWS\system32\kcivgsur.dll C:\stgs4.temp C:\stgs1.temp Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaax] [/color:54c7a57872][/b:54c7a57872] [/list:u:54c7a57872]Sla dit op op je Bureaublad als [b:54c7a57872]CFScript.txt[/b:54c7a57872]. Sleep [b:54c7a57872]CFScript.txt[/b:54c7a57872] in [b:54c7a57872]ComboFix.exe[/b:54c7a57872] zoals getoond in onderstaand voorbeeld : [img:54c7a57872]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:54c7a57872] Dit zal [b:54c7a57872]ComboFix[/b:54c7a57872] doen herstarten. Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:54c7a57872]Combofix.txt[/b:54c7a57872] in je volgende antwoord.
Link naar reactie
  • 0
ComboFix sloot af met 'log.txt' op een blanco bureaublad (alleen wallpaper). Hierdoor kon de inhoud van die logtekst niet gesaved en/of gekopieërd worden. Een herstart middels de powerknop was nodig om het bureaublad in volle glorie terug te krijgen, maar het bestand ComboFix.txt ontbreekt hierop. ComboFix opnieuw draaien?
Link naar reactie
  • 0
Heb nog niet zoveel ge-internet, maar de tijd dat ik dat gedaan heb zijn er geen popups of ongewenste schermen verschenen. Opstarten gaat weer wat sneller en ook het constante geratel van de HD is stukken minder; zal ik ook nog extra op letten. Ziet er dus optimistisch uit! Hoe kom ik nu van het zwarte keuzescherm af (Windows HE of Windows herstelconsole) dat verschijnt na het rootscherm en voordat Windows opstart? Of moet de herstelconsole d.m.v. deze keuze eerst gedraaid hebben alvorens het te kunnen de-installeren? Komtiedan, de nieuwste HijackThis logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:03:58, on 19-3-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\imapi.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\WINDOWS\Dit.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccmagazine.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121162039578 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12223 bytes
Link naar reactie
  • 0
Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen. Verwijder ComboFix via [b:4476b835cb]Start[/b:4476b835cb] > [b:4476b835cb]Uitvoeren[/b:4476b835cb], kopiëer en plak [b:4476b835cb]Combofix /U[/b:4476b835cb] Klik op OK of toets Enter. Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan. [img:4476b835cb]http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG[/img:4476b835cb] als het goed is is alles nu normaal ?
Link naar reactie
  • 0
Heb toch het laatste CombixFix-log nog gevonden. Wellicht wilde je dit nog inzien. ---------------------------------------------------------- ComboFix 08-03-17.1 - Robert H. Vorwald 2008-03-19 13:00:05.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.360 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE :: C:\stgs1.temp C:\stgs4.temp C:\WINDOWS\system32\kcivgsur.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.log C:\stgs1.temp C:\stgs4.temp C:\WINDOWS\system32\kcivgsur.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))) . 2008-03-19 00:06 . 2008-03-19 00:06 <DIR> d-------- C:\Program Files\Sun 2008-03-17 02:46 . 2008-03-17 02:46 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-17 02:26 . 2008-03-17 02:26 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-17 02:15 . 2008-03-17 02:15 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-16 04:22 . 2008-03-16 04:22 <DIR> d-------- C:\Program Files\Windows Defender 2008-03-15 10:12 . 2008-03-15 10:12 <DIR> d-------- C:\Program Files\PowerPoint Viewer 2008-03-14 14:10 . 2008-03-14 14:10 <DIR> d-------- C:\Program Files\Vstplugins 2008-03-14 14:09 . 2008-03-14 14:11 <DIR> d-------- C:\Program Files\Sony 2008-03-14 12:02 . 2008-03-14 12:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-14 12:02 . 2008-03-14 12:02 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-14 00:16 . 2008-03-14 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir 2008-03-14 00:01 . 2008-03-14 00:02 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-03-13 23:51 . 2008-03-13 23:51 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-03-13 23:35 . 2008-03-13 23:36 <DIR> d-------- C:\Program Files\RegSeeker 2008-03-13 15:37 . 2008-03-13 15:37 <DIR> d-------- C:\Documents and Settings\Robert H. Vorwald\Application Data\Windows Desktop Search 2008-03-13 11:13 . 2008-03-13 15:36 <DIR> d-------- C:\Program Files\Windows Desktop Search 2008-03-13 10:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-03-12 22:39 . 2008-03-12 22:39 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-03-12 15:22 . 2008-03-13 14:51 <DIR> d-------- C:\Program Files\MSBuild 2008-03-12 15:13 . 2008-03-13 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-08 01:53 . 2008-03-08 01:53 <DIR> d-------- C:\Program Files\Samsung ML-1610 Series 2008-03-01 13:09 . 2008-03-01 15:13 <DIR> d-------- C:\Program Files\Belastingdienst 2008-02-29 02:24 . 2008-02-29 02:24 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-02-29 02:24 . 2008-03-19 10:40 <DIR> d-------- C:\Documents and Settings\Robert H. Vorwald\Application Data\skypePM 2008-02-29 02:24 . 2008-02-29 02:24 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-19 22:55 . 2007-09-13 16:07 302,419 --a------ C:\Program Files\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 11:58 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Skype 2008-03-19 11:20 59,288 ----a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\wklnhst.dat 2008-03-19 10:00 --------- d-----w C:\Program Files\SPAMfighter 2008-03-19 09:57 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-03-18 23:06 --------- d-----w C:\Program Files\Java 2008-03-17 02:32 --------- d-----w C:\Program Files\Nuria 2008-03-16 23:57 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Azureus 2008-03-16 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-16 23:44 --------- d-----w C:\Program Files\Lavasoft 2008-03-16 23:44 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Lavasoft 2008-03-16 23:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-16 00:42 --------- d-----w C:\Program Files\Hitman Pro 2008-03-16 00:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-16 00:35 --------- d-----w C:\Program Files\Spyware Doctor 2008-03-15 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-15 22:26 --------- d-----w C:\Program Files\SpywareBlaster 2008-03-15 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-03-15 19:27 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-15 19:27 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-14 13:33 --------- d-----w C:\Program Files\Sony Setup 2008-03-14 11:30 --------- d-----w C:\Program Files\Sonic Foundry Noise Reduction Plug-In 2008-03-14 11:03 10,332 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-03-14 09:15 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-14 00:24 --------- d-----w C:\Program Files\eMule 2008-03-13 23:20 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Canon 2008-03-13 13:52 --------- d-----w C:\Program Files\Microsoft Works 2008-03-13 02:24 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\OpenOffice.org2 2008-03-12 20:53 --------- d-----w C:\Program Files\MSECache 2008-03-11 20:50 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Vso 2008-03-09 22:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-07 21:55 3,082 ----a-w C:\WINDOWS\system32\affv9553p4now.sys 2008-03-07 21:42 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Corel 2008-03-07 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-03-07 20:22 --------- d-----w C:\Program Files\Common Files\Corel 2008-03-07 20:21 --------- d-----w C:\Program Files\Corel 2008-03-07 09:33 --------- d-----w C:\Program Files\Azureus 2008-03-01 16:53 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Davilex 2008-02-29 01:24 --------- d-----w C:\Program Files\Skype 2008-02-29 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-02-16 02:18 --------- d-----w C:\Program Files\FreePDF_XP 2008-02-16 02:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-15 22:16 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-09 16:35 --------- d-----w C:\Program Files\TomTom HOME 2 2008-02-09 15:35 --------- d-----w C:\Program Files\TomTom HOME 2008-02-09 11:30 --------- d-----w C:\Program Files\Amor Video Joiner 2008-02-05 02:13 --------- d-----w C:\Program Files\vso 2008-02-02 03:37 --------- d-----w C:\Program Files\gs 2008-02-02 03:29 --------- d-----w C:\Program Files\Neuratron PhotoScore 2008-01-31 03:02 --------- d-----w C:\Program Files\Innovatools 2008-01-31 02:47 --------- d-----w C:\Program Files\bb 2008-01-28 01:52 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\AVG7 2008-01-26 02:43 --------- d-----w C:\Program Files\AccurateTime 2008-01-25 03:27 --------- d-----w C:\Program Files\Common Files\Ahead 2008-01-25 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-01-24 01:54 --------- d-----w C:\Program Files\Monkey's Audio 2008-01-24 01:49 --------- d-----w C:\Program Files\Winamp 2007-01-10 21:45 87,608 ----a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.exe 2007-01-10 21:45 47,360 ----a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\pcouffin.sys 2005-08-21 17:20 6,984,582 ------w C:\Documents and Settings\Jim\DarkMessiahscreenshots.zip 2005-06-02 15:24 6,407,716 ------w C:\Documents and Settings\Jim\metroid2.zip 2005-06-02 15:16 442,581 ------w C:\Documents and Settings\Jim\metroidcommercial.zip 2005-04-25 20:08 56,082 ----a-w C:\Documents and Settings\Melody\anim_bear.zip 2007-01-12 02:44 88 --sh--r C:\WINDOWS\system32\1E1866BC88.sys 2005-01-27 13:59 8 --sh--r C:\WINDOWS\system32\62A95D688F.sys 2006-07-23 17:50 56 --sh--r C:\WINDOWS\system32\FA58369351.sys . ((((((((((((((((((((((((((((( snapshot@2008-03-18_23.16.20.14 ))))))))))))))))))))))))))))))))))))))))) . - 2007-09-24 20:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2007-09-24 20:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2007-09-24 21:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-03-19 09:57:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648] "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 14:31 118926] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 11:35 98304] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05 344064] "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:56 579072] "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 06:34 360448] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920] "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:39 219136] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-18 00:05:34 1048576] RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-06-18 00:18:40 528384] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10] R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-06-03 13:40] R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02] R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [2002-09-25 16:02] R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-19 10:57] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18] S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2002-09-25 16:02] . Inhoud van de 'Gedeelde Taken' map "2008-03-19 10:00:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 13:04:26 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-19 13:05:13 ComboFix-quarantined-files.txt 2008-03-19 12:04:59 ComboFix2.txt 2008-03-18 22:16:36 . 2008-03-19 10:03:07 --- E O F ---
Link naar reactie
  • 0
Heb toch het laatste CombixFix-log nog gevonden. Wellicht wilde je dit nog inzien. ---------------------------------------------------------- ComboFix 08-03-17.1 - Robert H. Vorwald 2008-03-19 13:00:05.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.360 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Robert H. Vorwald\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE :: C:\stgs1.temp C:\stgs4.temp C:\WINDOWS\system32\kcivgsur.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.log C:\stgs1.temp C:\stgs4.temp C:\WINDOWS\system32\kcivgsur.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))) . 2008-03-19 00:06 . 2008-03-19 00:06 <DIR> d-------- C:\Program Files\Sun 2008-03-17 02:46 . 2008-03-17 02:46 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-17 02:26 . 2008-03-17 02:26 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-17 02:15 . 2008-03-17 02:15 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-16 04:22 . 2008-03-16 04:22 <DIR> d-------- C:\Program Files\Windows Defender 2008-03-15 10:12 . 2008-03-15 10:12 <DIR> d-------- C:\Program Files\PowerPoint Viewer 2008-03-14 14:10 . 2008-03-14 14:10 <DIR> d-------- C:\Program Files\Vstplugins 2008-03-14 14:09 . 2008-03-14 14:11 <DIR> d-------- C:\Program Files\Sony 2008-03-14 12:02 . 2008-03-14 12:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-14 12:02 . 2008-03-14 12:02 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-14 00:16 . 2008-03-14 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir 2008-03-14 00:01 . 2008-03-14 00:02 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-03-13 23:51 . 2008-03-13 23:51 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-03-13 23:35 . 2008-03-13 23:36 <DIR> d-------- C:\Program Files\RegSeeker 2008-03-13 15:37 . 2008-03-13 15:37 <DIR> d-------- C:\Documents and Settings\Robert H. Vorwald\Application Data\Windows Desktop Search 2008-03-13 11:13 . 2008-03-13 15:36 <DIR> d-------- C:\Program Files\Windows Desktop Search 2008-03-13 10:39 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-03-12 22:39 . 2008-03-12 22:39 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-03-12 15:22 . 2008-03-13 14:51 <DIR> d-------- C:\Program Files\MSBuild 2008-03-12 15:13 . 2008-03-13 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-08 01:53 . 2008-03-08 01:53 <DIR> d-------- C:\Program Files\Samsung ML-1610 Series 2008-03-01 13:09 . 2008-03-01 15:13 <DIR> d-------- C:\Program Files\Belastingdienst 2008-02-29 02:24 . 2008-02-29 02:24 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-02-29 02:24 . 2008-03-19 10:40 <DIR> d-------- C:\Documents and Settings\Robert H. Vorwald\Application Data\skypePM 2008-02-29 02:24 . 2008-02-29 02:24 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-19 22:55 . 2007-09-13 16:07 302,419 --a------ C:\Program Files\All.Fengtao.Software.Universal.Patch.1.01-ICU.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 11:58 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Skype 2008-03-19 11:20 59,288 ----a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\wklnhst.dat 2008-03-19 10:00 --------- d-----w C:\Program Files\SPAMfighter 2008-03-19 09:57 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-03-18 23:06 --------- d-----w C:\Program Files\Java 2008-03-17 02:32 --------- d-----w C:\Program Files\Nuria 2008-03-16 23:57 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Azureus 2008-03-16 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-16 23:44 --------- d-----w C:\Program Files\Lavasoft 2008-03-16 23:44 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Lavasoft 2008-03-16 23:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-16 00:42 --------- d-----w C:\Program Files\Hitman Pro 2008-03-16 00:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-16 00:35 --------- d-----w C:\Program Files\Spyware Doctor 2008-03-15 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-15 22:26 --------- d-----w C:\Program Files\SpywareBlaster 2008-03-15 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-03-15 19:27 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-15 19:27 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-14 13:33 --------- d-----w C:\Program Files\Sony Setup 2008-03-14 11:30 --------- d-----w C:\Program Files\Sonic Foundry Noise Reduction Plug-In 2008-03-14 11:03 10,332 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-03-14 09:15 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-14 00:24 --------- d-----w C:\Program Files\eMule 2008-03-13 23:20 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Canon 2008-03-13 13:52 --------- d-----w C:\Program Files\Microsoft Works 2008-03-13 02:24 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\OpenOffice.org2 2008-03-12 20:53 --------- d-----w C:\Program Files\MSECache 2008-03-11 20:50 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Vso 2008-03-09 22:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-07 21:55 3,082 ----a-w C:\WINDOWS\system32\affv9553p4now.sys 2008-03-07 21:42 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Corel 2008-03-07 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-03-07 20:22 --------- d-----w C:\Program Files\Common Files\Corel 2008-03-07 20:21 --------- d-----w C:\Program Files\Corel 2008-03-07 09:33 --------- d-----w C:\Program Files\Azureus 2008-03-01 16:53 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\Davilex 2008-02-29 01:24 --------- d-----w C:\Program Files\Skype 2008-02-29 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-02-16 02:18 --------- d-----w C:\Program Files\FreePDF_XP 2008-02-16 02:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-15 22:16 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-09 16:35 --------- d-----w C:\Program Files\TomTom HOME 2 2008-02-09 15:35 --------- d-----w C:\Program Files\TomTom HOME 2008-02-09 11:30 --------- d-----w C:\Program Files\Amor Video Joiner 2008-02-05 02:13 --------- d-----w C:\Program Files\vso 2008-02-02 03:37 --------- d-----w C:\Program Files\gs 2008-02-02 03:29 --------- d-----w C:\Program Files\Neuratron PhotoScore 2008-01-31 03:02 --------- d-----w C:\Program Files\Innovatools 2008-01-31 02:47 --------- d-----w C:\Program Files\bb 2008-01-28 01:52 --------- d-----w C:\Documents and Settings\Robert H. Vorwald\Application Data\AVG7 2008-01-26 02:43 --------- d-----w C:\Program Files\AccurateTime 2008-01-25 03:27 --------- d-----w C:\Program Files\Common Files\Ahead 2008-01-25 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-01-24 01:54 --------- d-----w C:\Program Files\Monkey's Audio 2008-01-24 01:49 --------- d-----w C:\Program Files\Winamp 2007-01-10 21:45 87,608 ----a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\ezpinst.exe 2007-01-10 21:45 47,360 ----a-w C:\Documents and Settings\Robert H. Vorwald\Application Data\pcouffin.sys 2005-08-21 17:20 6,984,582 ------w C:\Documents and Settings\Jim\DarkMessiahscreenshots.zip 2005-06-02 15:24 6,407,716 ------w C:\Documents and Settings\Jim\metroid2.zip 2005-06-02 15:16 442,581 ------w C:\Documents and Settings\Jim\metroidcommercial.zip 2005-04-25 20:08 56,082 ----a-w C:\Documents and Settings\Melody\anim_bear.zip 2007-01-12 02:44 88 --sh--r C:\WINDOWS\system32\1E1866BC88.sys 2005-01-27 13:59 8 --sh--r C:\WINDOWS\system32\62A95D688F.sys 2006-07-23 17:50 56 --sh--r C:\WINDOWS\system32\FA58369351.sys . ((((((((((((((((((((((((((((( snapshot@2008-03-18_23.16.20.14 ))))))))))))))))))))))))))))))))))))))))) . - 2007-09-24 20:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2007-09-24 20:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2007-09-24 21:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-03-19 09:57:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34 1289000] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Keyboard Status"="C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 11:03 411648] "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-03-08 14:31 118926] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 11:35 98304] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05 344064] "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:56 579072] "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 06:34 360448] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 17:18 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920] "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:39 219136] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-18 00:05:34 1048576] RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-06-18 00:18:40 528384] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10] R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-06-03 13:40] R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02] R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [2002-09-25 16:02] R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-19 10:57] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18] S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2002-09-25 16:02] . Inhoud van de 'Gedeelde Taken' map "2008-03-19 10:00:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 13:04:26 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-19 13:05:13 ComboFix-quarantined-files.txt 2008-03-19 12:04:59 ComboFix2.txt 2008-03-18 22:16:36 . 2008-03-19 10:03:07 --- E O F ---
Link naar reactie
  • 0
Sorry, vergissing mijnerzijds. Ik vond dit bestand op mijn C:/-schijf en dacht dat dit het bestand was dat bij de laatste ComboFix-actie niet was gesaved. Het surfen gaat weer als vanouds; geen popups en ongewenste schermen meer en IE gaat weer sneller. Kleine maar irritante bijwerkingen zoals b.v. een 'stokkende' en vooral trage Outlook Express lijken ook tot het verleden te behoren. Ook het geratel van de HD is stukken minder geworden. Pfff... weer een hele opluchting!... dank zij jouw! Ik denk dat ik nog wat residente progjes die ik net zo goed via het startmenu kan openen moet verwijderen, dan start hopelijk ook mijn systeem weer wat vlotter op, want dat gaat nog erg traag, althans trager dan voorheen... Waar ik nog wel vanaf wil is het zwarte besturingssysteemkeuzescherm voordat Windows opstart. Ik heb op mijn HD de map C:/cmdcons gevonden van het prog Windows Herstelconsole. Kan ik deze gewoon verwijderen? Dit kan niet via windows software, want het prog wordt niet in de lijst vermeld. De boot.ini ziet er als volgt uit: [boot loader] timeout=10 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows XP Herstelconsole" /cmdcons Ik heb hierin de timeout al van 30 naar 10 sec. teruggebracht maar heb het (nog) niet aangedurfd (de) verwijzing(en) weg te halen, gewoon omdat ik niet weet welke (nadelige) effecten dat kan hebben. Zie je reactie met belangstelling tegemoet.
Link naar reactie
  • 0
Hartelijk bedankt voor je support en adviezen. De boel draait weer stabiel!! Wederom was ik er zelf niet uitgekomen. Wel heb ik weer geleerd dat iedere virus of spywareinfectie op zichzelf staat en er geen uniforme methode is aan te wenden om dat kwaad uit te roeien. Het lijkt of 'ze' me om de zoveel maanden moeten hebben. Dat is natuurlijk onzin maar het is wel opmerkelijk en verdacht dat de problemen zich periodiek voordoen. Toch maar weer beter oppassen wat ik binnenhaal of waar ik naar toe surf alhoewel ik niet echt een intensieve surfer ben. Ik ga voorzichtig te werk, heb de computer helemaal dichtgepijkerd met antivirus, spyware en antispam-programma's en weet niet meer wat ik er verder aan moet doen buiten het draaien van scanners enz. Kennelijk weten 'ze' er toch weer doorheen te komen... het is net als ongedierte in je huis... kiertjes en gaatjes dichtgesmeerd, maar toch verschijnen ze weer... De link naar de opstartprogjes/procedures heb ik in mijn IE-favorieten gezet en ga ik nader bestuderen. Juisterr, nogmaals hartelijk bedankt voor je deskundigheid, inspanningen en hulp. Prettige Paasdagen en een hartelijke groet, Robert Vorwald.
Link naar reactie
  • 0
Geen dank graag gedaan. Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen. - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel". - Zet een vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Windows vraagt of je dat zeker weet. - Klik "Ja". - Klik "OK". - Start de pc opnieuw op. - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?" - Klik "Ja". - Verwijder het vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Klik "OK". - Start de pc opnieuw op - Er is nu een nieuw schoon herstel punt aangemaakt Hier nog wat tips. [url=http://www.jawwi.nl/tips/beveiligen.html]Beveiligings Tips[/url] [url=http://users.telenet.be/bluepatchy/miekiemoes/tragecomputer.html]nog meer tips[/url] [url=http://www.antispywareoffensief.nl/forum/showthread.php?t=114] Overbodige opstartitems verwijderen[/url] Nog een paar tips om problemen te voorkomen in de toekomst: Installeer alvast volgende GRATIS programmaatjes indien je ze nog niet hebt: [url=http://www.javacoolsoftware.com/spywareblaster.html] Spywareblaster[/url] [url=http://www.majorgeeks.com/download506.html] Adaware se[/url] [url=http://www.safer-networking.org/en/index.html]Spybot s&d [/url] Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt. En kies eventueel een alternatieve browser zoals Opera [url=http://www.opera.com/]Opera[/url] of Firefox. [url=http://www.mozilla.com/en-US/firefox/]Firefox[/url] En ik raad je ook aan om af en toe een online virusscan uit te voeren. [url=http://housecall.trendmicro.com/]housecall[/url]. Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!! En... geregeld eens een bezoekje brengen aan: [url=http://windowsupdate.microsoft.com/]windowsupdate[/url]
Link naar reactie
  • 0
Nog bedankt voor de tips, ik zal ze bestuderen/uitvoeren. Ik zit nog met een probleempje, kennelijk ontstaan tijdens de laatste procedure. De discs-drives starten niet meer automatisch op. Het schermpje met de keuzemogelijkheden verschijnt niet meer. Dat vind ik voor de externe HD weliswaar niet zo'n probleem, maar voor de CD/DVD-drives is dat toch wel een gemis. Het gaat om zowel de herkenning van CD, DVD als opstartmenu's van programmadiscs. Ik heb getracht dit via de eigenschappen van de drives en/of TweakUI opnieuw in te stellen, maar die staan er reeds op ingesteld. Volgens apparaatbeheer functioneren de apparaten correct. Kun je me nog aangeven hoe ik die functionaliteit weer bij het oude krijg? Bijvoorbaat dank.
Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Gast
Antwoord op deze vraag...

×   Geplakt als verrijkte tekst.   Herstel opmaak

  Er zijn maximaal 75 emoji toegestaan.

×   Je link werd automatisch ingevoegd.   Tonen als normale link

×   Je vorige inhoud werd hersteld.   Leeg de tekstverwerker

×   Je kunt afbeeldingen niet direct plakken. Upload of voeg afbeeldingen vanaf een URL in

×
×
  • Nieuwe aanmaken...