Logje lijkt schoon te zijn.

Doe voor de zekerheid dit eens:

Download: RVAXO.exe

• Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
• Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
• Mogelijk start er ook een uninstaller van een rogue scanner op,
• Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
• Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
• Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.

Ik heb m'n beginpost ook geupdate, hierin staan ook een eerdere rvaxo log


----------------RVAXO.exe first run-------------

Files found:


Uninstallers Rogue scanners:


Folders Found:


Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

Je had niet geschreven dat je RVAXO al gebruikt had

Doe dit nog even:
Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

Combofix had ik al een keer gedraaid, maar is toen vastgelopen zodat ik niet meer in kon bellen op die pc, degene van wie de pc is is er vanavond pas weer. Misschien een beetje riskant om het nog eens te proberen..

Gebruik deze dan maar:
Download Deckard's System Scanner naar je Bureaublad.

• Sluit alle toepassingen en vensters.
• Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
• Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
• Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

Alstu:

Deckard's System Scanner v20071014.68
Run by Vermeulen on 2007-12-21 15:28:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
85: 2007-12-21 14:29:01 UTC - RP503 - Deckard's System Scanner Restore Point
84: 2007-12-21 10:35:33 UTC - RP502 - ComboFix created restore point
83: 2007-12-21 08:46:31 UTC - RP501 - Installed AVG 7.5
82: 2007-12-21 08:23:34 UTC - RP500 - Software Distribution Service 3.0
81: 2007-12-20 20:37:31 UTC - RP499 - Installed SPAMfighter.


-- First Restore Point --
1: 2007-10-09 10:59:17 UTC - RP419 - Controlepunt van systeem


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 3.45 GiB (less than 15%) free.


-- HijackThis (run as Vermeulen.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:51, on 21-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\RaboCommSrv.exe
D:\Software\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
D:\Software\CloneCD\CloneCDTray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Documents and Settings\Vermeulen\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vermeulen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plukdedag.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\De Telefoongids Zoekbalk\PhoneShell.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "D:\Software\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\De Telefoongids Zoekbalk\PhoneShell.dll
O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\De Telefoongids Zoekbalk\PhoneShell.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163511074390
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D9DD48-ACE9-4D96-B1DA-5D912EA18CF8}: NameServer = 194.134.5.55,194.134.5.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX - D:\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\ImapiRox.exe (file missing)
O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Software\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10096 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071221-113321-224 O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\ImapiRox.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 nlem32nt - c:\windows\system32\drivers\nlem32nt.sys
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
R3 WB6692 (%WB6692.DeviceDesc%) - c:\windows\system32\drivers\wb692pci.sys

S3 catchme - c:\docume~1\vermeu~1\locals~1\temp\catchme.sys (file missing)
S3 ezplay (VSO Software ezplay) - c:\windows\system32\drivers\ezplay.sys <Not Verified; VSO Software; ezplay driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Srv_RaboComm (Rabo Comm Server) - "c:\windows\system32\rabocommsrv.exe" <Not Verified; Rabobank Nederland; RaboCommSrv>
R2 WinVNC4 (VNC Server Version 4) - "c:\program files\realvnc\vnc4\winvnc4.exe" -service <Not Verified; RealVNC Ltd.; VNC Server 4.0>

S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - d:\common\database\bin\fbserver.exe <Not Verified; MAGIX; Firebird SQL Server - MAGIX Edition>
S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapirox.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-21 13:16:45 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-14 21:25:07 570 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan - Vermeulen.job


-- Files created between 2007-11-21 and 2007-12-21 -----------------------------

2007-12-21 13:13:43 0 d-------- C:\RVAXO
2007-12-21 13:11:28 555344 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-21 13:11:28 69632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-21 11:29:37 0 d-------- C:\Program Files\Trend Micro
2007-12-21 10:54:29 0 dr-h----- C:\$VAULT$.AVG
2007-12-21 09:47:24 0 d-------- C:\Documents and Settings\Vermeulen\Application Data\AVG7
2007-12-21 09:47:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-21 09:46:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-21 09:46:31 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-21 09:34:17 0 d-------- C:\Documents and Settings\Vermeulen\Application Data\TeamViewer
2007-12-21 09:34:16 0 d-------- C:\Documents and Settings\Vermeulen\temp
2007-12-20 21:38:38 0 d-------- C:\Documents and Settings\Vermeulen\Application Data\SPAMfighter
2007-12-20 21:38:14 0 d-------- C:\Program Files\Common Files\Ankiro
2007-12-20 21:37:46 0 d-------- C:\Program Files\Common Files\Application
2007-12-20 21:37:37 0 d-------- C:\Program Files\SPAMfighter
2007-12-09 14:43:31 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-12-09 14:39:12 96256 --a------ C:\WINDOWS\system32\drivers\sptd7789.sys
2007-12-09 14:39:12 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-03 16:21:17 40448 --a------ C:\WINDOWS\system32\regobj.dll
2007-11-21 16:02:34 0 d-------- C:\Program Files\BBC Multimedia


-- Find3M Report ---------------------------------------------------------------

2007-12-21 15:30:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-21 11:18:32 0 d-------- C:\Program Files\Google
2007-12-20 21:38:14 0 d-------- C:\Program Files\Common Files
2007-12-20 20:42:00 0 d-------- C:\Program Files\Symantec
2007-12-19 21:02:49 0 d-------- C:\Program Files\Rabotwin
2007-12-19 20:59:21 0 d-------- C:\Program Files\OfficeNet Extra
2007-12-17 12:19:05 0 d-------- C:\Program Files\EmpirePokerMaster
2007-12-12 20:40:01 0 d-------- C:\Program Files\Kwekerij
2007-12-12 16:33:37 0 d-------- C:\Documents and Settings\Vermeulen\Application Data\Adobe
2007-12-12 10:39:31 0 d-------- C:\Documents and Settings\Vermeulen\Application Data\Help
2007-12-09 14:02:59 0 d-------- C:\Documents and Settings\Vermeulen\Application Data\Vso
2007-12-09 14:02:58 94208 --a------ C:\Documents and Settings\Vermeulen\Application Data\ezplay.sys <Not Verified; VSO Software; ezplay driver>
2007-12-09 14:02:58 33 --a------ C:\Documents and Settings\Vermeulen\Application Data\ezplay.log
2007-12-09 14:02:58 7861 --a------ C:\Documents and Settings\Vermeulen\Application Data\ezplay.cat
2007-12-09 14:02:57 1104 --a------ C:\Documents and Settings\Vermeulen\Application Data\ezplay.inf
2007-12-03 16:21:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-22 09:37:31 0 d-------- C:\Program Files\Norton Internet Security
2007-11-21 16:03:21 0 d-------- C:\Program Files\QuickTime
2007-11-01 14:30:22 0 d-------- C:\Program Files\SlySoft
2007-10-28 19:23:50 465612 --a------ C:\WINDOWS\system32\perfh013.dat
2007-10-28 19:23:50 81146 --a------ C:\WINDOWS\system32\perfc013.dat
2007-10-13 10:54:00 72872 --ah----- C:\WINDOWS\system32\mlfcache.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [05-05-2003 08:57]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03-11-2006 18:20]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 11:50]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [02-11-2004 20:24]
"NWEReboot"=""
"gemstrmw"="C:\WINDOWS\system32\gemstrmw.exe" [10-12-2002 09:44]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [03-07-1998 12:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 00:11]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09-01-2007 21:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [05-09-2006 18:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12-03-2007 09:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [21-11-2007 16:03]
"CloneCDTray"="D:\Software\CloneCD\CloneCDTray.exe" [28-09-2006 20:21]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [14-12-2007 09:55]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21-12-2007 09:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 12:00]
"ares"="C:\Program Files\Ares\Ares.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=D:\Software\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17-2-1999 19:05:56]
Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [16-11-2006 20:50:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cdec06e-59f1-11dc-90e2-00112f21b32e}]
AutoRun\command- E:\LaunchU3.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-12-21 15:31:12 ------------

Logje ziet er schoon uit hoor

ik zag dit:Ik weet niet of er meerdere schijven/partities zijn, maar als een schijf te vol wordt kan je problemen krijgen met defragmenteren e.d.
Als er fotomateriaal/filmmateriaal op staat, zou je dat beter naar een andere schijf/partitie kunnen verplaatsen om het systeem wat beter te laten lopen

Blij dat het er schoon uit ziet.

Van die schijf heb ik meteen ook even vermeld ja.

Mag ik trouwens vragen waar je net op hebt gelet bij de vorige log?
bepaalde files? extensies?
we leveren hier wel service met verwijderen van virus/spyware maar er is mij gevraagd om eens goed die hijackthis logs te bestuderen zodat ik ze zelf uit kan lezen.

Ik ga de rest van het forum morgen wel even doorlezen

Die Deckard's System Scanner laat veel meer zien dan alleen een Hijackthis logje.

Het vereist enige oefening, maar de meeste malwareproblemen kan je er in opsporen