Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


Download: RVAXO.exe

• Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
• Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
• Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  
• Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
• Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
• Post de inhoud van de logfile in je volgende bericht.

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

log's

[12/19/2007, 0:07:17] - VirtumundoBeGone v1.5 ( "F:\Documents and Settings\joris\Bureaublad\VirtumundoBeGone.exe" )
[12/19/2007, 0:07:24] - Detected System Information:
[12/19/2007, 0:07:24] - Windows Version: 5.1.2600, Service Pack 2
[12/19/2007, 0:07:24] - Current Username: joris (Admin)
[12/19/2007, 0:07:24] - Windows is in NORMAL mode.
[12/19/2007, 0:07:24] - Searching for Browser Helper Objects:
[12/19/2007, 0:07:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/19/2007, 0:07:24] - BHO 2: {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} ()
[12/19/2007, 0:07:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/19/2007, 0:07:24] - Checking for HKLM\...\Winlogon\Notify\vturppn
[12/19/2007, 0:07:24] - Found: HKLM\...\Winlogon\Notify\vturppn - This is probably Virtumundo.
[12/19/2007, 0:07:24] - Assigning {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} MSEvents Object
[12/19/2007, 0:07:24] - BHO list has been changed! Starting over...
[12/19/2007, 0:07:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/19/2007, 0:07:24] - BHO 2: {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} (MSEvents Object)
[12/19/2007, 0:07:24] - ALERT: Found MSEvents Object!
[12/19/2007, 0:07:24] - BHO 3: {4AD44D3E-7316-4251-B754-9B10EC96AF92} (superiorads)
[12/19/2007, 0:07:24] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[12/19/2007, 0:07:24] - BHO 5: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[12/19/2007, 0:07:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/19/2007, 0:07:24] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[12/19/2007, 0:07:24] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[12/19/2007, 0:07:24] - BHO 6: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[12/19/2007, 0:07:24] - BHO 7: {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} (dcads)
[12/19/2007, 0:07:24] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/19/2007, 0:07:24] - BHO 9: {784A91E0-452C-46C5-A2E6-06B3291CA72F} ()
[12/19/2007, 0:07:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/19/2007, 0:07:24] - Checking for HKLM\...\Winlogon\Notify\mlljj
[12/19/2007, 0:07:24] - Key not found: HKLM\...\Winlogon\Notify\mlljj, continuing.
[12/19/2007, 0:07:24] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/19/2007, 0:07:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/19/2007, 0:07:24] - No filename found. Continuing.
[12/19/2007, 0:07:24] - BHO 11: {8406fbf5-158d-41b5-b779-569bdd4c82f3} ()
[12/19/2007, 0:07:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/19/2007, 0:07:24] - Checking for HKLM\...\Winlogon\Notify\cyoiwlmy
[12/19/2007, 0:07:24] - Key not found: HKLM\...\Winlogon\Notify\cyoiwlmy, continuing.
[12/19/2007, 0:07:24] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/19/2007, 0:07:24] - BHO 13: {bbae7e2b-7313-470c-b56b-51ea622ff1a5} (LiveRadio Toolbar)
[12/19/2007, 0:07:24] - BHO 14: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[12/19/2007, 0:07:24] - Finished Searching Browser Helper Objects
[12/19/2007, 0:07:24] - *** Detected MSEvents Object
[12/19/2007, 0:07:24] - Trying to remove MSEvents Object...
[12/19/2007, 0:07:25] - Terminating Process: IEXPLORE.EXE
[12/19/2007, 0:07:26] - Terminating Process: RUNDLL32.EXE
[12/19/2007, 0:07:26] - Disabling Automatic Shell Restart
[12/19/2007, 0:07:26] - Terminating Process: EXPLORER.EXE
[12/19/2007, 0:07:26] - Suspending the NT Session Manager System Service
[12/19/2007, 0:07:26] - Terminating Windows NT Logon/Logoff Manager
[12/19/2007, 0:07:26] - Re-enabling Automatic Shell Restart
[12/19/2007, 0:07:26] - File to disable: F:\WINDOWS\system32\vturppn.dll
[12/19/2007, 0:07:26] - Renaming F:\WINDOWS\system32\vturppn.dll -> F:\WINDOWS\system32\vturppn.dll.vir
[12/19/2007, 0:07:26] - File successfully renamed!
[12/19/2007, 0:07:26] - Removing HKLM\...\Browser Helper Objects\{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}
[12/19/2007, 0:07:26] - Removing HKCR\CLSID\{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}
[12/19/2007, 0:07:26] - Adding Kill Bit for ActiveX for GUID: {2C80EAD3-74CD-4700-83A4-AA878CD1C03C}
[12/19/2007, 0:07:26] - Deleting ATLEvents/MSEvents Registry entries
[12/19/2007, 0:07:26] - Removing HKLM\...\Winlogon\Notify\vturppn
[12/19/2007, 0:07:26] - Searching for Browser Helper Objects:
[12/19/2007, 0:07:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/19/2007, 0:07:26] - BHO 2: {4AD44D3E-7316-4251-B754-9B10EC96AF92} (superiorads)
[12/19/2007, 0:07:26] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[12/19/2007, 0:07:26] - BHO 4: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[12/19/2007, 0:07:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/19/2007, 0:07:26] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[12/19/2007, 0:07:26] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[12/19/2007, 0:07:26] - BHO 5: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[12/19/2007, 0:07:26] - BHO 6: {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} (dcads)
[12/19/2007, 0:07:26] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/19/2007, 0:07:26] - BHO 8: {784A91E0-452C-46C5-A2E6-06B3291CA72F} ()
[12/19/2007, 0:07:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/19/2007, 0:07:26] - Checking for HKLM\...\Winlogon\Notify\mlljj
[12/19/2007, 0:07:26] - Key not found: HKLM\...\Winlogon\Notify\mlljj, continuing.
[12/19/2007, 0:07:26] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/19/2007, 0:07:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/19/2007, 0:07:26] - No filename found. Continuing.
[12/19/2007, 0:07:26] - BHO 10: {8406fbf5-158d-41b5-b779-569bdd4c82f3} ()
[12/19/2007, 0:07:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/19/2007, 0:07:26] - Checking for HKLM\...\Winlogon\Notify\cyoiwlmy
[12/19/2007, 0:07:26] - Key not found: HKLM\...\Winlogon\Notify\cyoiwlmy, continuing.
[12/19/2007, 0:07:26] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/19/2007, 0:07:26] - BHO 12: {bbae7e2b-7313-470c-b56b-51ea622ff1a5} (LiveRadio Toolbar)
[12/19/2007, 0:07:26] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[12/19/2007, 0:07:26] - Finished Searching Browser Helper Objects
[12/19/2007, 0:07:26] - Finishing up...
[12/19/2007, 0:07:26] - A restart is needed.
[12/19/2007, 0:07:41] - Attempting to Restart via STOP error (Blue Screen!)



----------------RVAXO.exe first run-------------

Files found:

F:\WINDOWS\system32\vturppn.dll.vir
F:\WINDOWS\system32\jjllm.ini2
F:\WINDOWS\system32\dcads-remove.exe
F:\WINDOWS\system32\superiorads-uninst.exe
F:\WINDOWS\system32\sprt_ads.dll

Uninstallers Rogue scanners:


Folders Found:


Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

F:\WINDOWS\system32\sprt_ads.dll
F:\WINDOWS\system32\dcads-remove.exe
F:\WINDOWS\system32\superiorads-uninst.exe
Folders Found:

--------------RVAXO.exe finished----------------




ComboFix 07-12-19.3 - joris 2007-12-19 0:20:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.571 [GMT 1:00]
Gestart vanuit: F:\Documents and Settings\joris\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Documents and Settings\joris\Application Data\macromedia\Flash Player\#SharedObjects\9VR84SVZ\iforex.com
F:\Documents and Settings\joris\Application Data\macromedia\Flash Player\#SharedObjects\9VR84SVZ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
F:\Documents and Settings\joris\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
F:\Documents and Settings\joris\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
F:\WINDOWS\system32\cyoiwlmy.dll
F:\WINDOWS\system32\jjllm.ini
F:\WINDOWS\system32\jjllm.ini2
F:\WINDOWS\system32\mlljj.dll
F:\WINDOWS\system32\nsl92.dll
F:\WINDOWS\system32\sprt_ads.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))
.

2007-12-19 00:13 . 2007-12-18 20:53 546,872 --a------ F:\WINDOWS\system32\RVAXO.bat
2007-12-19 00:13 . 2007-07-04 20:32 16,384 --a------ F:\WINDOWS\system32\Restart.exe
2007-12-18 22:12 . 2007-12-18 22:12 <DIR> d-------- F:\Program Files\Trend Micro
2007-12-18 22:06 . 2007-12-18 22:06 <DIR> d-------- F:\Program Files\support.com
2007-12-18 22:06 . 2007-12-18 22:06 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Support.com
2007-12-18 19:21 . 2007-12-18 20:20 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-16 22:32 . 2007-12-16 22:32 <DIR> d-------- F:\Documents and Settings\joris\Application Data\vlc
2007-12-16 22:28 . 2007-12-16 22:28 <DIR> d-------- F:\Program Files\VideoLAN
2007-12-16 21:32 . 2004-08-04 01:03 424,448 --a--c--- F:\WINDOWS\system32\dllcache\licdll.dll
2007-12-16 20:25 . 2007-12-16 20:25 <DIR> d-------- F:\Nieuwe map
2007-12-16 19:33 . 2007-12-18 18:27 40,734 --a------ F:\WINDOWS\system32\superiorads-uninst.exe
2007-12-16 19:32 . 2007-12-18 18:35 80,097 --a------ F:\WINDOWS\system32\dcads-remove.exe
2007-12-16 18:14 . 2007-12-19 00:27 54,156 --ah----- F:\WINDOWS\QTFont.qfn
2007-12-16 18:14 . 2007-12-16 18:14 1,409 --a------ F:\WINDOWS\QTFont.for
2007-12-16 16:28 . 2007-12-16 16:28 <DIR> d-------- F:\Documents and Settings\joris\Application Data\.BitTornado
2007-12-16 16:23 . 2007-12-18 21:31 <DIR> d-------- F:\Documents and Settings\joris\Application Data\Azureus
2007-12-16 16:23 . 2007-12-16 16:23 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Azureus
2007-12-16 16:22 . 2007-12-16 16:23 <DIR> d-------- F:\Program Files\Azureus
2007-12-16 14:21 . 2007-12-16 14:21 <DIR> d-------- F:\Program Files\Mio DigiWalker
2007-12-16 14:15 . 2005-06-14 11:05 63,596 -ra------ F:\WINDOWS\system32\drivers\WCEUSBSH.INF
2007-12-16 14:13 . 2006-03-09 09:17 37,768 -ra------ F:\WINDOWS\system32\drivers\OLD33.tmp
2007-12-16 14:13 . 2004-08-04 08:56 32,000 --a------ F:\WINDOWS\system32\drivers\wceusbsh.sys
2007-12-16 14:13 . 2004-08-04 08:56 32,000 --a--c--- F:\WINDOWS\system32\dllcache\wceusbsh.sys
2007-12-15 18:09 . 2007-12-15 18:09 <DIR> d-------- F:\Program Files\Windows Sidebar
2007-12-15 18:08 . 2007-12-15 18:10 <DIR> d-------- F:\Program Files\Norton Internet Security
2007-12-15 18:05 . 2007-12-17 18:37 123,952 --a------ F:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-15 18:05 . 2007-12-17 18:37 60,800 --a------ F:\WINDOWS\system32\S32EVNT1.DLL
2007-12-15 18:05 . 2007-12-17 18:37 10,740 --a------ F:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-15 18:05 . 2007-12-17 18:37 805 --a------ F:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-15 02:24 . 2007-12-15 02:24 <DIR> d-------- F:\Program Files\BitTorrent
2007-12-12 19:25 . 2007-12-12 19:25 <DIR> d-------- F:\Program Files\Shareaza
2007-12-12 19:25 . 2007-12-12 19:25 <DIR> d-------- F:\Documents and Settings\joris\Application Data\Shareaza
2007-12-12 18:40 . 2007-12-12 18:40 <DIR> d-------- F:\My Shared Folder
2007-12-12 18:30 . 2007-12-12 18:30 <DIR> d-------- F:\Documents and Settings\joris\Application Data\Kazaa Lite
2007-12-10 23:00 . 2007-12-16 18:11 <DIR> d-------- F:\Documents and Settings\joris\Application Data\BitTorrent
2007-12-10 18:33 . 2007-12-10 18:33 <DIR> d-------- F:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-10 18:31 . 2007-12-10 18:31 <DIR> d-------- F:\Documents and Settings\LocalService\Bureaublad
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ F:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ F:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ F:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ F:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ F:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ F:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ F:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ F:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ F:\WINDOWS\system32\drivers\srtsp.inf
2007-11-24 17:18 . 2007-12-09 12:00 <DIR> d-------- F:\Program Files\LiveRadio
2007-11-18 18:07 . 2007-11-25 11:12 <DIR> d-------- F:\Program Files\HAM
2007-11-18 18:07 . 2007-11-18 18:07 152,008 --a------ F:\WINDOWS\HAM Uninstaller.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 23:17 --------- d-----w F:\Documents and Settings\All Users\Application Data\Symantec
2007-12-18 23:02 --------- d-----w F:\Program Files\Common Files\Symantec Shared
2007-12-17 17:37 --------- d-----w F:\Program Files\Symantec
2007-12-16 15:28 --------- d-----w F:\Documents and Settings\joris\Application Data\.BitTornado
2007-12-16 13:21 --------- d--h--w F:\Program Files\InstallShield Installation Information
2007-12-12 17:34 --------- d-----w F:\Program Files\Kazaa
2007-11-14 22:08 --------- d-----w F:\Program Files\iTunes
2007-11-14 22:07 --------- d-----w F:\Program Files\iPod
2007-11-14 22:06 --------- d-----w F:\Program Files\QuickTime
2007-11-13 10:25 20,480 ----a-w F:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 22:46 --------- d-----w F:\Program Files\HT Ratings
2007-11-08 23:14 --------- d-----w F:\Program Files\Add-in Express
2007-11-06 15:52 --------- d-----w F:\Program Files\MSECache
2007-11-04 19:31 --------- d-----w F:\Program Files\Your Company Name
2007-11-04 19:31 --------- d-----w F:\Program Files\Digon
2007-11-03 18:18 --------- d-----w F:\Program Files\EasyFactuur
2007-11-03 18:18 --------- d-----w F:\Program Files\Common Files\Borland Shared
2007-11-03 17:37 --------- d-----w F:\Documents and Settings\joris\Application Data\24U
2007-11-03 17:37 --------- d-----w F:\Documents and Settings\All Users\Application Data\24U
2007-11-03 17:30 --------- d-----w F:\Documents and Settings\joris\Application Data\Burggraaf it
2007-11-02 17:06 --------- d-----w F:\Program Files\Microsoft ActiveSync
2007-11-02 17:04 --------- d-----w F:\Program Files\Common Files\L&H
2007-10-29 22:45 1,291,776 ----a-w F:\WINDOWS\system32\quartz.dll
2007-10-25 21:12 --------- d-----w F:\Program Files\SecondLife
2007-10-25 08:28 222,720 ----a-w F:\WINDOWS\system32\wmasf.dll
2007-10-21 22:23 --------- d-----w F:\Program Files\Java
2007-10-17 17:23 10,752 ----a-w F:\WINDOWS\system32\WhoisCL.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-15 18:09 116088 --a------ F:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA6FFA8B-AA9D-47E7-95D8-EEC439A5065B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bbae7e2b-7313-470c-b56b-51ea622ff1a5}]
2007-12-09 12:00 1502232 --a------ F:\Program Files\LiveRadio\tbLiv1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{BBAE7E2B-7313-470C-B56B-51EA622FF1A5}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CLASSES_ROOT\clsid\{bbae7e2b-7313-470c-b56b-51ea622ff1a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
"{BBAE7E2B-7313-470C-B56B-51EA622FF1A5}"= F:\Program Files\LiveRadio\tbLiv1.dll [2007-12-09 12:00 1502232]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CLASSES_ROOT\clsid\{bbae7e2b-7313-470c-b56b-51ea622ff1a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"OM_Monitor"="F:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51]
"SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 21:10]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"EPSON Stylus Photo R240 Series"="F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00]
"ISUSPM Startup"="F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03]
"ISUSScheduler"="F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SoundMan"="SOUNDMAN.EXE" [2007-01-17 18:34 F:\WINDOWS\soundman.exe]
"OM_Monitor"="F:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50]
"snpstd3"="F:\WINDOWS\vsnpstd3.exe" [2004-07-30 17:50]
"snp2std"="F:\WINDOWS\vsnp2std.exe" [2005-11-16 15:14]
"PhilipsDM"="F:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 08:43]
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Automatisch EPSON Stylus Photo R240 Series op KINDEREN"="F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00]
"ccApp"="F:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07]
"osCheck"="F:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]

F:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
AudioDeck.lnk - F:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2006-11-01 02:24:15]
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

R2 LiveUpdate Notice;LiveUpdate Notice;"F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
R2 NameSpaceServer;NameSpaceServer;F:\Program Files\OMRON\FinsServerNT\bin\NsServer.exe [2000-06-19 10:49]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;F:\WINDOWS\system32\DRIVERS\getnd5b.sys [2003-09-02 11:22]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);F:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 17:29]
R3 SymIMMP;SymIMMP;F:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 WinDriver6;WinDriver6;F:\WINDOWS\system32\drivers\windrvr6.sys [2007-01-24 04:51]
S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;F:\facturatieprogramma's\Relation Manager\data\firebird\bin\fbserver.exe -s
S3 CLK_UNIT0;CLK_UNIT0;F:\Program Files\OMRON\FinsServerNT\bin\clkunit.exe [2000-03-14 21:25]
S3 CLKPCI_UNIT0;CLKPCI_UNIT0;F:\Program Files\OMRON\FinsServerNT\bin\clkpciunit00.exe [2001-02-07 15:16]
S3 COH_Mon;COH_Mon;F:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 Controller Link;Controller Link;F:\WINDOWS\system32\Drivers\ntclk.sys [2001-02-05 16:13]
S3 CPU_UNIT;CPU_UNIT;F:\Program Files\OMRON\FinsServerNT\bin\CpuUnit.exe [2001-12-21 18:23]
S3 CS1BUS_UNIT0;CS1BUS_UNIT0;F:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit0.exe [2001-03-23 19:24]
S3 CS1BUS_UNIT1;CS1BUS_UNIT1;F:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit1.exe [2001-03-23 19:24]
S3 CS1BUS_UNIT2;CS1BUS_UNIT2;F:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit2.exe [2001-03-23 19:24]
S3 CS1BUS_UNIT3;CS1BUS_UNIT3;F:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit3.exe [2001-03-23 19:24]
S3 cs1sys;cs1sys;F:\WINDOWS\system32\Drivers\cs1sys.sys [2001-06-29 10:39]
S3 CS1SYS_UNIT0;CS1SYS_UNIT0;F:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit0.exe [2001-04-25 16:00]
S3 CS1SYS_UNIT1;CS1SYS_UNIT1;F:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit1.exe [2001-04-25 16:00]
S3 CS1SYS_UNIT2;CS1SYS_UNIT2;F:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit2.exe [2001-04-25 16:00]
S3 CS1SYS_UNIT3;CS1SYS_UNIT3;F:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit3.exe [2001-04-25 16:00]
S3 FgwSocketProxy;FgwSocketProxy;F:\Program Files\OMRON\FinsServerNT\bin\FgwSocketProxy.exe [2000-06-28 22:03]
S3 MapAgent;MapAgent;F:\Program Files\OMRON\FinsServerNT\bin\MapAgent.exe [2000-06-16 12:15]
S3 ntcs1pci;ntcs1pci;F:\WINDOWS\system32\Drivers\ntcs1pci.sys [2001-07-18 12:01]
S3 SLKPCI_UNIT0;SLKPCI_UNIT0;F:\Program Files\OMRON\FinsServerNT\bin\slkpciunit00.exe [2001-02-27 19:45]
S3 SymIM;Symantec Network Security Intermediate Filter Service;F:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S3 SysmacBoard Unit;SysmacBoard Unit;F:\Program Files\OMRON\FinsServerNT\bin\SmapUnit.exe [1999-10-06 22:39]
S3 SysmacBoard;SysmacBoard;F:\WINDOWS\system32\Drivers\SmapNT.sys [1999-09-24 13:21]
S3 SysmacLink Unit;SysmacLink Unit;F:\Program Files\OMRON\FinsServerNT\bin\slkcons.exe [2000-10-03 21:29]
S3 SysmacLink;SysmacLink;F:\WINDOWS\system32\Drivers\ntslk.sys [1999-03-03 14:55]
S3 Vsp;Vsp;F:\WINDOWS\System32\drivers\Vsp.sys [2003-05-27 16:45]

*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-15 17:11:04 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- F:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-17 19:12:34 F:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - joris.job"
- F:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 00:27:34
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-19 0:28:30 - machine was rebooted
.
2007-12-12 16:42:48 --- E O F ---

Open de map RVAXO op je bureaublad en dubbelklik op Uninstall.cmd

Verwijder de volgende bestanden:
F:\WINDOWS\system32\dcads-remove.exe
F:\WINDOWS\system32\superiorads-uninst.exe

Verwijder de volgende map:
C:\Qoobox\

Maak dan je prullenbak leeg.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix de&#239;nstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Vertel of er nog problemen zijn

ok

het lijkt op 't eerste zicht in orde te zijn....

behalve, soms als ik internet explorer wil openen blokkeert soms mijn bureaublad helemaal en dit gedurende zo'n 20 seconden....

heeft dit nog een speciale reden of is er nog iets niet in orde?

btw, C:\Qoobox\ heb ik niet kunnen vinden...

nog steeds problemen

mijn scherm bevriest regelmatig...kan ik niets meer doen en dit gedurende een hele tijd

ook heb ik in taakbeheer gemerkt dat er soms wel meer dan 10x "iexplore.exe" open staat...
dit terwijl ik enkel hier bezig ben...

vreemd...

Download Combofix opnieuw, maak hier een nieuw logje mee en post dat in je volgende bericht

wanneer ik op de link naar dit blad druk in mijn mailbox, blokkeert alles steeds weer.
ik moet via taakbeheer mijn mailbox sluiten, en na 4x proberen is het eindelijk gelukt.

hieronder mijn logverslag


ComboFix 07-12-19.7 - joris 2007-12-19 23:59:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.295 [GMT 1:00]
Gestart vanuit: F:\Documents and Settings\joris\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))
.

2007-12-19 18:34 . 2007-12-19 18:43 54,156 --ah----- F:\WINDOWS\QTFont.qfn
2007-12-19 18:34 . 2007-12-19 18:34 1,409 --a------ F:\WINDOWS\QTFont.for
2007-12-19 18:22 . 2007-12-13 15:44 898 --a------ F:\WINDOWS\system32\RVAXO-uninstaller.bat
2007-12-19 00:13 . 2007-12-18 20:53 546,872 --a------ F:\WINDOWS\system32\RVAXO.bat
2007-12-19 00:13 . 2007-07-04 20:32 16,384 --a------ F:\WINDOWS\system32\Restart.exe
2007-12-18 22:12 . 2007-12-18 22:12 <DIR> d-------- F:\Program Files\Trend Micro
2007-12-18 22:06 . 2007-12-18 22:06 <DIR> d-------- F:\Program Files\support.com
2007-12-18 22:06 . 2007-12-18 22:06 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Support.com
2007-12-18 19:21 . 2007-12-18 20:20 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-16 22:32 . 2007-12-16 22:32 <DIR> d-------- F:\Documents and Settings\joris\Application Data\vlc
2007-12-16 22:28 . 2007-12-16 22:28 <DIR> d-------- F:\Program Files\VideoLAN
2007-12-16 21:32 . 2004-08-04 01:03 424,448 --a--c--- F:\WINDOWS\system32\dllcache\licdll.dll
2007-12-16 20:25 . 2007-12-16 20:25 <DIR> d-------- F:\Nieuwe map
2007-12-16 16:28 . 2007-12-16 16:28 <DIR> d-------- F:\Documents and Settings\joris\Application Data\.BitTornado
2007-12-16 16:23 . 2007-12-20 00:02 <DIR> d-------- F:\Documents and Settings\joris\Application Data\Azureus
2007-12-16 16:23 . 2007-12-16 16:23 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Azureus
2007-12-16 16:22 . 2007-12-16 16:23 <DIR> d-------- F:\Program Files\Azureus
2007-12-16 14:21 . 2007-12-16 14:21 <DIR> d-------- F:\Program Files\Mio DigiWalker
2007-12-16 14:15 . 2005-06-14 11:05 63,596 -ra------ F:\WINDOWS\system32\drivers\WCEUSBSH.INF
2007-12-16 14:13 . 2006-03-09 09:17 37,768 -ra------ F:\WINDOWS\system32\drivers\OLD33.tmp
2007-12-16 14:13 . 2004-08-04 08:56 32,000 --a------ F:\WINDOWS\system32\drivers\wceusbsh.sys
2007-12-16 14:13 . 2004-08-04 08:56 32,000 --a--c--- F:\WINDOWS\system32\dllcache\wceusbsh.sys
2007-12-15 18:09 . 2007-12-15 18:09 <DIR> d-------- F:\Program Files\Windows Sidebar
2007-12-15 18:08 . 2007-12-15 18:10 <DIR> d-------- F:\Program Files\Norton Internet Security
2007-12-15 18:05 . 2007-12-17 18:37 123,952 --a------ F:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-15 18:05 . 2007-12-17 18:37 60,800 --a------ F:\WINDOWS\system32\S32EVNT1.DLL
2007-12-15 18:05 . 2007-12-17 18:37 10,740 --a------ F:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-15 18:05 . 2007-12-17 18:37 805 --a------ F:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-15 02:24 . 2007-12-15 02:24 <DIR> d-------- F:\Program Files\BitTorrent
2007-12-12 19:25 . 2007-12-12 19:25 <DIR> d-------- F:\Program Files\Shareaza
2007-12-12 19:25 . 2007-12-12 19:25 <DIR> d-------- F:\Documents and Settings\joris\Application Data\Shareaza
2007-12-12 18:40 . 2007-12-12 18:40 <DIR> d-------- F:\My Shared Folder
2007-12-12 18:30 . 2007-12-12 18:30 <DIR> d-------- F:\Documents and Settings\joris\Application Data\Kazaa Lite
2007-12-10 23:00 . 2007-12-16 18:11 <DIR> d-------- F:\Documents and Settings\joris\Application Data\BitTorrent
2007-12-10 18:33 . 2007-12-10 18:33 <DIR> d-------- F:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-10 18:31 . 2007-12-10 18:31 <DIR> d-------- F:\Documents and Settings\LocalService\Bureaublad
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ F:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ F:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ F:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ F:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ F:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ F:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ F:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ F:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ F:\WINDOWS\system32\drivers\srtsp.inf
2007-11-24 17:18 . 2007-12-09 12:00 <DIR> d-------- F:\Program Files\LiveRadio

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 22:56 --------- d-----w F:\Documents and Settings\All Users\Application Data\Symantec
2007-12-19 21:55 --------- d-----w F:\Program Files\Common Files\Symantec Shared
2007-12-17 17:37 --------- d-----w F:\Program Files\Symantec
2007-12-16 15:28 --------- d-----w F:\Documents and Settings\joris\Application Data\.BitTornado
2007-12-16 13:21 --------- d--h--w F:\Program Files\InstallShield Installation Information
2007-12-12 17:34 --------- d-----w F:\Program Files\Kazaa
2007-11-25 10:12 --------- d-----w F:\Program Files\HAM
2007-11-18 17:07 152,008 ----a-w F:\WINDOWS\HAM Uninstaller.exe
2007-11-14 22:08 --------- d-----w F:\Program Files\iTunes
2007-11-14 22:07 --------- d-----w F:\Program Files\iPod
2007-11-14 22:06 --------- d-----w F:\Program Files\QuickTime
2007-11-13 10:25 20,480 ----a-w F:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 22:46 --------- d-----w F:\Program Files\HT Ratings
2007-11-08 23:14 --------- d-----w F:\Program Files\Add-in Express
2007-11-06 15:52 --------- d-----w F:\Program Files\MSECache
2007-11-04 19:31 --------- d-----w F:\Program Files\Your Company Name
2007-11-04 19:31 --------- d-----w F:\Program Files\Digon
2007-11-03 18:18 --------- d-----w F:\Program Files\EasyFactuur
2007-11-03 18:18 --------- d-----w F:\Program Files\Common Files\Borland Shared
2007-11-03 17:37 --------- d-----w F:\Documents and Settings\joris\Application Data\24U
2007-11-03 17:37 --------- d-----w F:\Documents and Settings\All Users\Application Data\24U
2007-11-03 17:30 --------- d-----w F:\Documents and Settings\joris\Application Data\Burggraaf it
2007-11-02 17:06 --------- d-----w F:\Program Files\Microsoft ActiveSync
2007-11-02 17:04 --------- d-----w F:\Program Files\Common Files\L&H
2007-10-29 22:45 1,291,776 ----a-w F:\WINDOWS\system32\quartz.dll
2007-10-25 21:12 --------- d-----w F:\Program Files\SecondLife
2007-10-25 08:28 222,720 ----a-w F:\WINDOWS\system32\wmasf.dll
2007-10-21 22:23 --------- d-----w F:\Program Files\Java
2007-10-17 17:23 10,752 ----a-w F:\WINDOWS\system32\WhoisCL.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-15 18:09 116088 --a------ F:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bbae7e2b-7313-470c-b56b-51ea622ff1a5}]
2007-12-09 12:00 1502232 --a------ F:\Program Files\LiveRadio\tbLiv1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{BBAE7E2B-7313-470C-B56B-51EA622FF1A5}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CLASSES_ROOT\clsid\{bbae7e2b-7313-470c-b56b-51ea622ff1a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
"{BBAE7E2B-7313-470C-B56B-51EA622FF1A5}"= F:\Program Files\LiveRadio\tbLiv1.dll [2007-12-09 12:00 1502232]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CLASSES_ROOT\clsid\{bbae7e2b-7313-470c-b56b-51ea622ff1a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"OM_Monitor"="F:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51]
"SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 21:10]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"EPSON Stylus Photo R240 Series"="F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00]
"ISUSPM Startup"="F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03]
"ISUSScheduler"="F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SoundMan"="SOUNDMAN.EXE" [2007-01-17 18:34 F:\WINDOWS\soundman.exe]
"OM_Monitor"="F:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50]
"snpstd3"="F:\WINDOWS\vsnpstd3.exe" [2004-07-30 17:50]
"snp2std"="F:\WINDOWS\vsnp2std.exe" [2005-11-16 15:14]
"PhilipsDM"="F:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 08:43]
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Automatisch EPSON Stylus Photo R240 Series op KINDEREN"="F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00]
"ccApp"="F:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07]
"osCheck"="F:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]

F:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
AudioDeck.lnk - F:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2006-11-01 02:24:15]
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

R2 LiveUpdate Notice;LiveUpdate Notice;"F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
R2 NameSpaceServer;NameSpaceServer;F:\Program Files\OMRON\FinsServerNT\bin\NsServer.exe [2000-06-19 10:49]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;F:\WINDOWS\system32\DRIVERS\getnd5b.sys [2003-09-02 11:22]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);F:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 17:29]
R3 SymIMMP;SymIMMP;F:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 WinDriver6;WinDriver6;F:\WINDOWS\system32\drivers\windrvr6.sys [2007-01-24 04:51]
S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;F:\facturatieprogramma's\Relation Manager\data\firebird\bin\fbserver.exe -s
S3 CLK_UNIT0;CLK_UNIT0;F:\Program Files\OMRON\FinsServerNT\bin\clkunit.exe [2000-03-14 21:25]
S3 CLKPCI_UNIT0;CLKPCI_UNIT0;F:\Program Files\OMRON\FinsServerNT\bin\clkpciunit00.exe [2001-02-07 15:16]
S3 COH_Mon;COH_Mon;F:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 Controller Link;Controller Link;F:\WINDOWS\system32\Drivers\ntclk.sys [2001-02-05 16:13]
S3 CPU_UNIT;CPU_UNIT;F:\Program Files\OMRON\FinsServerNT\bin\CpuUnit.exe [2001-12-21 18:23]
S3 CS1BUS_UNIT0;CS1BUS_UNIT0;F:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit0.exe [2001-03-23 19:24]
S3 CS1BUS_UNIT1;CS1BUS_UNIT1;F:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit1.exe [2001-03-23 19:24]
S3 CS1BUS_UNIT2;CS1BUS_UNIT2;F:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit2.exe [2001-03-23 19:24]
S3 CS1BUS_UNIT3;CS1BUS_UNIT3;F:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit3.exe [2001-03-23 19:24]
S3 cs1sys;cs1sys;F:\WINDOWS\system32\Drivers\cs1sys.sys [2001-06-29 10:39]
S3 CS1SYS_UNIT0;CS1SYS_UNIT0;F:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit0.exe [2001-04-25 16:00]
S3 CS1SYS_UNIT1;CS1SYS_UNIT1;F:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit1.exe [2001-04-25 16:00]
S3 CS1SYS_UNIT2;CS1SYS_UNIT2;F:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit2.exe [2001-04-25 16:00]
S3 CS1SYS_UNIT3;CS1SYS_UNIT3;F:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit3.exe [2001-04-25 16:00]
S3 FgwSocketProxy;FgwSocketProxy;F:\Program Files\OMRON\FinsServerNT\bin\FgwSocketProxy.exe [2000-06-28 22:03]
S3 MapAgent;MapAgent;F:\Program Files\OMRON\FinsServerNT\bin\MapAgent.exe [2000-06-16 12:15]
S3 ntcs1pci;ntcs1pci;F:\WINDOWS\system32\Drivers\ntcs1pci.sys [2001-07-18 12:01]
S3 SLKPCI_UNIT0;SLKPCI_UNIT0;F:\Program Files\OMRON\FinsServerNT\bin\slkpciunit00.exe [2001-02-27 19:45]
S3 SymIM;Symantec Network Security Intermediate Filter Service;F:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S3 SysmacBoard Unit;SysmacBoard Unit;F:\Program Files\OMRON\FinsServerNT\bin\SmapUnit.exe [1999-10-06 22:39]
S3 SysmacBoard;SysmacBoard;F:\WINDOWS\system32\Drivers\SmapNT.sys [1999-09-24 13:21]
S3 SysmacLink Unit;SysmacLink Unit;F:\Program Files\OMRON\FinsServerNT\bin\slkcons.exe [2000-10-03 21:29]
S3 SysmacLink;SysmacLink;F:\WINDOWS\system32\Drivers\ntslk.sys [1999-03-03 14:55]
S3 Vsp;Vsp;F:\WINDOWS\System32\drivers\Vsp.sys [2003-05-27 16:45]

*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-15 17:11:04 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- F:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-17 19:12:34 F:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - joris.job"
- F:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 00:02:51
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: F:\WINDOWS\explorer.exe [6.00.2900.3156]
-> F:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
.
Voltooingstijd: 2007-12-20 0:03:41
F:\ComboFix2.txt ... 2007-12-19 00:28
.
2007-12-12 16:42:48 --- E O F ---

Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.

• In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
  In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
  Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
  Sluit dit venster na afloop door onderaan op "Exit" te klikken.

Meld of dat verbetering geeft.

het lijkt nog niet opgelost te zijn...

wanneer dial a fix bezig was, blokkeerde alles en kreeg ik eerst een venstertje met de melding dat explorer moest afgesloten worden en daarna nog eens een venstertje dat er nog iets moest afgesloten worden.

dial a fix nadien herbegonnen, dan is wel heel het programma doorlopen

Ik klikte dan op de link in mijn mailbox naar dit bericht en opnieuw 'bevroor' mijn scherm gedurende een 15-tal seconden

popup's heb ik niet meer...

kan het programma spybot voor problemen zorgen? die vraagt me wel soms een toelating om een wijziging toe te laten als er een programma, dat ik hier voor dit forum geïnstalleerd heb, bezig is met taken uit te voeren...

Lijkt me meer iets van Norton, deze staat er immers om bekend dat hij je systeem behoorijk vertragen kan.

het lijkt me precies dat mijn browser soms niet wil opstarten...
ik zoek er nog wat verder op.

alvast héél erg bedankt voor de geboden hulp.

en... prettige feesten

Graag gedaan hoor

Je zou deze tool trouwens ook nog kunnen proberen: http://windowsxp.mvps.org/IEFIX.htm

Groeten smeenk