Doe dit maar eens:
Download Dr.Web CureIt en sla het op je bureaublad op.

• Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
  Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
• De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
• Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
• Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
  • Adware: Verplaats
  • Dialers: Verplaats
  • Jokes: Rapportage
  • Riskware: Rapportage
  • Hacktools: Verplaats
  • Haal dan het vinkje weg bij 'Prompt bij actie'.
• Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
  Druk vervolgens op Toepassen gevolgd door OK.
• Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
  Druk daarna op het groene pijltje (start knop) om de scan te starten.
• Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
• Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
  Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
• Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
• Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

Post ook een nieuw logje van Hijackthis

hallo Smeenk.

Ik heb hem gescand, maar er kwam geen virus uit.
Sorry Smeenk.

Op zich natuurlijk positief

Maar als je die problemen nog steeds hebt?

Zullen we verder moeten zoeken:
Download Combofix (mirror) naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

Hallo...

Hier is hij dan.

ComboFix 08-01-09.2 - rob van beek 2008-01-09 20:08:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.157 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\rob van beek\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\rob van beek\Application Data\inst.exe
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\wsnpoem

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent


(((((((((((((((((((( Bestanden Gemaakt van 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))
.

2008-01-09 20:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 22:24 . 2008-01-09 19:58 <DIR> dr-h----- C:\Documents and Settings\rob van beek\Onlangs geopend
2008-01-06 22:50 . 2008-01-06 22:50 <DIR> d-------- C:\Documents and Settings\rob van beek\Application Data\Styler
2008-01-06 22:22 . 2008-01-06 22:22 <DIR> d-------- C:\Program Files\VisualTooltip
2008-01-06 22:22 . 2008-01-06 23:19 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-01-06 22:22 . 2008-01-06 22:51 <DIR> d-------- C:\Program Files\Styler
2008-01-06 22:22 . 2008-01-06 22:22 <DIR> d-------- C:\Program Files\Blaero Start Orb
2008-01-06 22:22 . 2008-01-06 22:22 <DIR> d-------- C:\Documents and Settings\rob van beek\Application Data\Stardock
2008-01-06 22:22 . 2006-12-11 01:29 7,287,808 --a------ C:\WINDOWS\system32\vistaui.exe
2008-01-06 22:21 . 2008-01-06 22:21 <DIR> d-------- C:\Program Files\LClock
2008-01-06 22:21 . 2006-12-26 03:25 414,223 --a------ C:\WINDOWS\system32\vimc.exe
2008-01-06 22:21 . 2004-09-04 06:45 172,032 --a------ C:\WINDOWS\system32\LClock.cpl
2008-01-06 22:13 . 2008-01-06 22:22 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-01-06 22:13 . 2008-01-06 22:13 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-01-06 22:11 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-01-06 22:11 . 2006-12-03 17:10 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2008-01-06 22:11 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-01-06 22:11 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-01-06 22:10 . 2008-01-06 22:44 <DIR> d-------- C:\VTPFiles
2008-01-06 22:08 . 2004-09-03 23:43 199 --a------ C:\WINDOWS\system32\paypal.url
2008-01-06 22:08 . 2006-05-26 22:54 83 --a------ C:\WINDOWS\system32\winx.url
2008-01-06 13:35 . 2007-11-26 13:38 245,112 --a------ C:\WINDOWS\system32\iimds.dll
2008-01-06 13:35 . 2007-11-26 13:39 232,824 --a------ C:\WINDOWS\system32\IMImage.dll
2008-01-06 13:35 . 2007-11-26 13:38 56,696 --a------ C:\WINDOWS\system32\imsys.dll
2008-01-05 22:39 . 2008-01-09 15:19 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-01-04 18:20 . 2008-01-04 18:26 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-01-04 11:13 . 2008-01-09 16:16 <DIR> d-------- C:\Documents and Settings\rob van beek\Application Data\skypePM
2008-01-04 11:13 . 2008-01-04 11:13 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-04 11:10 . 2008-01-04 11:10 <DIR> d-------- C:\Program Files\Skype
2008-01-04 11:10 . 2008-01-04 11:10 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-04 11:10 . 2008-01-09 20:18 <DIR> d-------- C:\Documents and Settings\rob van beek\Application Data\Skype
2008-01-04 11:10 . 2008-01-04 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-31 11:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-31 11:08 . 2007-12-31 11:08 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-29 14:05 . 2007-12-29 14:05 <DIR> d-------- C:\Program Files\Pure Networks
2007-12-29 14:04 . 2007-12-29 14:04 <DIR> d-------- C:\Program Files\DIFX
2007-12-29 14:04 . 2007-12-29 14:04 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2007-12-29 14:04 . 2007-09-20 10:16 24,888 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2007-12-29 14:04 . 2007-09-20 10:16 23,864 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2007-12-29 14:02 . 2007-12-29 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-12-27 16:25 . 2008-01-09 20:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 16:25 . 2008-01-09 20:17 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-27 16:19 . 2007-12-27 16:19 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-27 16:16 . 2007-12-27 16:16 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-27 16:10 . 2007-12-27 16:10 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-27 16:07 . 2007-12-27 16:07 <DIR> dr-h----- C:\MSOCache
2007-12-23 21:08 . 2007-12-23 21:08 4,706 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2007-12-23 20:17 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-12-23 18:26 . 2007-12-30 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-19 16:31 . 2007-12-23 21:28 1,244 --a------ C:\WINDOWS\win.tmp
2007-12-19 16:31 . 2007-10-20 09:39 201 --a------ C:\WINDOWS\system.tmp
2007-12-17 17:07 . 1999-06-11 03:07 271,872 --a------ C:\WINDOWS\system32\Ucs32p.dll
2007-12-17 17:07 . 1999-05-19 01:00 133,120 --a------ C:\WINDOWS\Sifbp2.dll
2007-12-17 17:07 . 1999-06-11 03:07 96,256 --a------ C:\WINDOWS\system32\Csp2osu.dll
2007-12-17 17:07 . 1999-05-21 01:00 63,488 --a------ C:\WINDOWS\ScFBPPM2.DLL
2007-12-17 17:07 . 1999-06-11 03:07 16,896 --a------ C:\WINDOWS\system32\Csp2utl.dll
2007-12-17 17:07 . 1999-05-21 01:00 15,488 --a------ C:\WINDOWS\system32\drivers\ScFBPNT2.sys
2007-12-13 23:18 . 2007-12-13 23:18 <DIR> d--hs---- C:\found.000
2007-12-10 19:24 . 2007-12-10 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 16:49 --------- d-----w C:\Program Files\eMule
2008-01-09 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\HDD Thermometer
2008-01-06 12:35 --------- d-----w C:\Program Files\iMacros
2008-01-05 16:15 --------- d-----w C:\Documents and Settings\rob van beek\Application Data\MailWasherPro
2008-01-05 10:59 --------- d-----w C:\Program Files\Macromedia
2007-12-31 10:09 --------- d-----w C:\Program Files\Java
2007-12-30 15:29 --------- d-----w C:\Documents and Settings\rob van beek\Application Data\Kazaap
2007-12-30 09:59 --------- d-----w C:\Program Files\SpywareGuard
2007-12-27 15:19 --------- d-----w C:\Program Files\MSBuild
2007-12-24 11:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 09:37 --------- d-----w C:\Program Files\Trojan Remover
2007-12-21 11:59 --------- d-----w C:\Program Files\Google
2007-12-17 22:14 --------- d-----w C:\Program Files\Picasa2
2007-12-17 16:08 --------- d-----w C:\Program Files\Canon
2007-12-13 23:16 --------- d-----w C:\Documents and Settings\rob van beek\Application Data\Azureus
2007-12-07 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 15:37 --------- d-----w C:\Program Files\FireTrust
2007-12-02 09:46 --------- d-----w C:\Program Files\CyberLink
2007-11-26 21:28 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-26 21:23 --------- d-----w C:\Program Files\NoAds
2007-11-26 21:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-26 21:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-26 21:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-26 21:01 --------- d-----w C:\Program Files\MSN Messenger
2007-11-26 21:00 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}
2007-11-26 21:00 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-26 21:00 --------- d-----w C:\Program Files\RocketDock
2007-11-26 21:00 --------- d-----w C:\Program Files\NewsLeecher
2007-11-26 21:00 --------- d-----w C:\Program Files\Casema
2007-11-26 19:54 --------- d-----w C:\Program Files\Windows Live
2007-11-26 17:50 --------- d-----w C:\Program Files\TABLET
2007-11-25 21:21 --------- d-----w C:\Documents and Settings\rob van beek\Application Data\com.codeode
2007-11-25 21:02 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-25 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 20:02 --------- d-----w C:\Program Files\UnderCoverXP
2007-11-25 18:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2007-11-20 18:02 --------- d-----w C:\Program Files\LSoft Technologies
2007-11-19 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\dupe exit mags audio
2007-11-19 16:58 --------- d-----w C:\Program Files\ACD Systems
2007-11-18 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-15 21:47 --------- d-----w C:\Documents and Settings\rob van beek\Application Data\Qlikworld
2007-11-14 15:51 --------- d-----w C:\Program Files\Hasbro Interactive
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2007-11-11 18:54 50,632 -c--a-w C:\Documents and Settings\rob van beek\Application Data\GDIPFONTCACHEV1.DAT
2007-11-09 06:01 --------- d-----w C:\Program Files\The FilmMachine
2007-11-09 05:59 --------- d-----w C:\Documents and Settings\rob van beek\Application Data\Earthsim
2007-10-31 20:22 127,034 ----a-w C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-10-20 21:06 47,360 -c--a-w C:\Documents and Settings\rob van beek\Application Data\pcouffin.sys
2007-10-10 19:34 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-17 11:36 81,920 -c--a-w C:\Documents and Settings\rob van beek\Application Data\ezpinst.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
"RSD_HDDThermo"="C:\Program Files\HDD Thermometer\HDD Thermometer.exe" [2004-05-30 14:25 213504]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 16:53 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"eMuleAutoStart"="C:\Program Files\eMule\eMule.exe" [2007-11-25 14:13 5750784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-05 17:35 180269]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-05 14:15 949376]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52 3770024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 16:43 252704]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 00:03 144384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-25 12:05 77824]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"WService"="WService.EXE" [2002-09-07 11:23 28672 C:\WINDOWS\system32\WService.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2007-10-01 20:08 451896]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-10-29 22:04 451896]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-30 10:31 1838592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2006-12-25 08:14 6083072]
"VisualTooltip"="C:\Program Files\VisualTooltip\VisualToolTip.exe" [2006-10-06 09:21 942080]
"Blaero Start Orb"="C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe" [2006-07-30 19:32 575488]
"Styler"="C:\Program Files\Styler\Styler.exe" [2006-05-03 10:48 307200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

C:\Documents and Settings\rob van beek\Menu Start\Programma's\Opstarten\
BoostKit.lnk - C:\Program Files\BoostKit\bk.exe [2004-07-23 17:29:41]
SpywareBlaster (2).lnk - C:\Program Files\SpywareBlaster\spywareblaster.exe [2007-09-04 17:42:36]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 18:05:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=2 (0x2)
"xmlprov"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"SysmonLog"=3 (0x3)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"mnmsrvc"=3 (0x3)
"aspnet_state"=3 (0x3)
"WZCSVC"=2 (0x2)
"wscsvc"=2 (0x2)
"WebClient"=2 (0x2)
"TermService"=3 (0x3)
"seclogon"=2 (0x2)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"ScreenPrint32"=C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44d9b9ca-d9ee-11db-90bb-000d61c11377}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-04 21:11:20 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 20:22:31
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-09 20:30:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 19:30:20
.
2007-12-30 11:05:30 --- E O F ---




Groeten Bor

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

Hier is hij dan.


ComboFix 08-01-09.2 - rob van beek 2008-01-10 17:40:03.2 - NTFSx86
Gestart vanuit: C:\Documents and Settings\rob van beek\Bureaublad\FIX\ComboFix.exe
Command switches used :: C:\Documents and Settings\rob van beek\Bureaublad\FIX\cfscript.txt
* Nieuw herstelpunt werd aangemaakt

FILE
C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
C:\WINDOWS\system.tmp
C:\WINDOWS\system32\closeapp.exe
C:\WINDOWS\system32\modifype.exe
C:\WINDOWS\system32\reico.exe
C:\WINDOWS\system32\Uharc.exe
C:\WINDOWS\system32\WService.exe
C:\WINDOWS\win.tmp
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\dupe exit mags audio
C:\Documents and Settings\All Users\Application Data\dupe exit mags audio\atombenddraw
C:\found.000
C:\found.000\file0000.chk
C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
C:\WINDOWS\system32\closeapp.exe
C:\WINDOWS\system32\modifype.exe
C:\WINDOWS\system32\reico.exe
C:\WINDOWS\system32\Uharc.exe
C:\WINDOWS\system32\WService.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))
.

2008-01-09 20:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 22:24 . 2008-01-10 17:35 <DIR> dr-h----- C:\Documents and Settings\rob van beek\Onlangs geopend
2008-01-06 22:50 . 2008-01-06 22:50 <DIR> d-------- C:\Documents and Settings\rob van beek\Application Data\Styler
2008-01-06 22:22 . 2008-01-06 22:22 <DIR> d-------- C:\Program Files\VisualTooltip
2008-01-06 22:22 . 2008-01-06 23:19 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-01-06 22:22 . 2008-01-06 22:51 <DIR> d-------- C:\Program Files\Styler
2008-01-06 22:22 . 2008-01-06 22:22 <DIR> d-------- C:\Program Files\Blaero Start Orb
2008-01-06 22:22 . 2008-01-06 22:22 <DIR> d-------- C:\Documents and Settings\rob van beek\Application Data\Stardock
2008-01-06 22:22 . 2006-12-11 01:29 7,287,808 --a------ C:\WINDOWS\system32\vistaui.exe
2008-01-06 22:21 . 2008-01-06 22:21 <DIR> d-------- C:\Program Files\LClock
2008-01-06 22:21 . 2006-12-26 03:25 414,223 --a------ C:\WINDOWS\system32\vimc.exe
2008-01-06 22:21 . 2004-09-04 06:45 172,032 --a------ C:\WINDOWS\system32\LClock.cpl
2008-01-06 22:13 . 2008-01-06 22:22 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-01-06 22:13 . 2008-01-06 22:13 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-01-06 22:10 . 2008-01-06 22:44 <DIR> d-------- C:\VTPFiles
2008-01-06 22:08 . 2004-09-03 23:43 199 --a------ C:\WINDOWS\system32\paypal.url
2008-01-06 22:08 . 2006-05-26 22:54 83 --a------ C:\WINDOWS\system32\winx.url
2008-01-06 13:35 . 2007-11-26 13:38 245,112 --a------ C:\WINDOWS\system32\iimds.dll
2008-01-06 13:35 . 2007-11-26 13:39 232,824 --a------ C:\WINDOWS\system32\IMImage.dll
2008-01-06 13:35 . 2007-11-26 13:38 56,696 --a------ C:\WINDOWS\system32\imsys.dll
2008-01-05 22:39 . 2008-01-09 15:19 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-01-04 18:20 . 2008-01-04 18:26 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-01-04 11:13 . 2008-01-10 16:01 <DIR> d-------- C:\Documents and Settings\rob van beek\Application Data\skypePM
2008-01-04 11:13 . 2008-01-04 11:13 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-04 11:10 . 2008-01-04 11:10 <DIR> d-------- C:\Program Files\Skype
2008-01-04 11:10 . 2008-01-04 11:10 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-04 11:10 . 2008-01-10 17:46 <DIR> d-------- C:\Documents and Settings\rob van beek\Application Data\Skype
2008-01-04 11:10 . 2008-01-04 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-31 11:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-31 11:08 . 2007-12-31 11:08 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-29 14:05 . 2007-12-29 14:05 <DIR> d-------- C:\Program Files\Pure Networks
2007-12-29 14:04 . 2007-12-29 14:04 <DIR> d-------- C:\Program Files\DIFX
2007-12-29 14:04 . 2007-12-29 14:04 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2007-12-29 14:04 . 2007-09-20 10:16 24,888 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2007-12-29 14:04 . 2007-09-20 10:16 23,864 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2007-12-29 14:02 . 2007-12-29 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-12-27 16:25 . 2008-01-10 15:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 16:25 . 2008-01-09 20:17 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-27 16:19 . 2007-12-27 16:19 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-27 16:16 . 2007-12-27 16:16 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-27 16:10 . 2007-12-27 16:10 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-27 16:07 . 2007-12-27 16:07 <DIR> dr-h----- C:\MSOCache
2007-12-23 21:08 . 2007-12-23 21:08 4,706 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2007-12-23 20:17 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-12-23 18:26 . 2007-12-30 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-17 17:07 . 1999-06-11 03:07 271,872 --a------ C:\WINDOWS\system32\Ucs32p.dll
2007-12-17 17:07 . 1999-05-19 01:00 133,120 --a------ C:\WINDOWS\Sifbp2.dll
2007-12-17 17:07 . 1999-06-11 03:07 96,256 --a------ C:\WINDOWS\system32\Csp2osu.dll
2007-12-17 17:07 . 1999-05-21 01:00 63,488 --a------ C:\WINDOWS\ScFBPPM2.DLL
2007-12-17 17:07 . 1999-06-11 03:07 16,896 --a------ C:\WINDOWS\system32\Csp2utl.dll
2007-12-17 17:07 . 1999-05-21 01:00 15,488 --a------ C:\WINDOWS\system32\drivers\ScFBPNT2.sys
2007-12-10 19:24 . 2007-12-10 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 16:46 --------- d-----w C:\Program Files\Thoosje Sidebar V2.0
2008-01-10 16:21 --------- d-----w C:\Program Files\eMule
2008-01-10 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\HDD Thermometer
2008-01-09 22:36 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-09 22:30 --------- d-----w C:\Program Files\SpywareGuard
2008-01-06 12:35 --------- d-----w C:\Program Files\iMacros
2008-01-05 16:15 --------- d-----w C:\Documents and Settings\rob van beek\Application Data\MailWasherPro
2008-01-05 10:59 --------- d-----w C:\Program Files\Macromedia
2007-12-31 10:09 --------- d-----w C:\Program Files\Java
2007-12-30 15:29 --------- d-----w C:\Documents and Settings\rob van beek\Application Data\Kazaap
2007-12-27 15:19 --------- d-----w C:\Program Files\MSBuild
2007-12-24 11:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 09:37 --------- d-----w C:\Program Files\Trojan Remover
2007-12-21 11:59 --------- d-----w C:\Program Files\Google
2007-12-17 22:14 --------- d-----w C:\Program Files\Picasa2
2007-12-17 16:08 --------- d-----w C:\Program Files\Canon
2007-12-13 23:16 --------- d-----w C:\Documents and Settings\rob van beek\Application Data\Azureus
2007-12-07 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 15:37 --------- d-----w C:\Program Files\FireTrust
2007-12-02 09:46 --------- d-----w C:\Program Files\CyberLink
2007-11-26 21:23 --------- d-----w C:\Program Files\NoAds
2007-11-26 21:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-26 21:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-26 21:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-26 21:01 --------- d-----w C:\Program Files\MSN Messenger
2007-11-26 21:00 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}
2007-11-26 21:00 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-26 21:00 --------- d-----w C:\Program Files\RocketDock
2007-11-26 21:00 --------- d-----w C:\Program Files\NewsLeecher
2007-11-26 21:00 --------- d-----w C:\Program Files\Casema
2007-11-26 19:54 --------- d-----w C:\Program Files\Windows Live
2007-11-26 17:50 --------- d-----w C:\Program Files\TABLET
2007-11-25 21:21 --------- d-----w C:\Documents and Settings\rob van beek\Application Data\com.codeode
2007-11-25 21:02 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-25 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 20:02 --------- d-----w C:\Program Files\UnderCoverXP
2007-11-25 18:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2007-11-20 18:02 --------- d-----w C:\Program Files\LSoft Technologies
2007-11-19 16:58 --------- d-----w C:\Program Files\ACD Systems
2007-11-18 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-15 21:47 --------- d-----w C:\Documents and Settings\rob van beek\Application Data\Qlikworld
2007-11-14 15:51 --------- d-----w C:\Program Files\Hasbro Interactive
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2007-11-11 18:54 50,632 -c--a-w C:\Documents and Settings\rob van beek\Application Data\GDIPFONTCACHEV1.DAT
2007-10-31 20:22 127,034 ----a-w C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 21:06 47,360 -c--a-w C:\Documents and Settings\rob van beek\Application Data\pcouffin.sys
2007-10-10 19:34 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-17 11:36 81,920 -c--a-w C:\Documents and Settings\rob van beek\Application Data\ezpinst.exe
.

((((((((((((((((((((((((((((( [email protected]_20.29.44.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-09 19:07:08 1,232,896 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-10 16:39:21 1,232,896 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-09 19:07:08 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-10 16:39:21 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-09 19:07:09 1,232,896 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-10 16:39:21 1,232,896 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-09 19:07:09 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-10 16:39:22 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-09 19:07:10 11,444,224 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-10 16:39:22 11,460,608 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-09 19:07:10 229,376 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-10 16:39:22 229,376 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
"RSD_HDDThermo"="C:\Program Files\HDD Thermometer\HDD Thermometer.exe" [2004-05-30 14:25 213504]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 16:53 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-11-25 14:13 5750784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-05 17:35 180269]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-05 14:15 949376]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52 3770024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 16:43 252704]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 00:03 144384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-25 12:05 77824]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"WService"="WService.EXE"
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2007-10-01 20:08 451896]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-10-29 22:04 451896]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-30 10:31 1838592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2006-12-25 08:14 6083072]
"VisualTooltip"="C:\Program Files\VisualTooltip\VisualToolTip.exe" [2006-10-06 09:21 942080]
"Blaero Start Orb"="C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe" [2006-07-30 19:32 575488]
"Styler"="C:\Program Files\Styler\Styler.exe" [2006-05-03 10:48 307200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

C:\Documents and Settings\rob van beek\Menu Start\Programma's\Opstarten\
BoostKit.lnk - C:\Program Files\BoostKit\bk.exe [2004-07-23 17:29:41]
SpywareBlaster (2).lnk - C:\Program Files\SpywareBlaster\spywareblaster.exe [2007-09-04 17:42:36]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 18:05:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=2 (0x2)
"xmlprov"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"SysmonLog"=3 (0x3)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"mnmsrvc"=3 (0x3)
"aspnet_state"=3 (0x3)
"WZCSVC"=2 (0x2)
"wscsvc"=2 (0x2)
"WebClient"=2 (0x2)
"TermService"=3 (0x3)
"seclogon"=2 (0x2)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"ScreenPrint32"=C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44d9b9ca-d9ee-11db-90bb-000d61c11377}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-04 21:11:20 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 17:46:41
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-10 17:48:18
ComboFix-quarantined-files.txt 2008-01-10 16:48:01
ComboFix2.txt 2008-01-09 19:30:26
.
2007-12-30 11:05:30 --- E O F ---


Groeten

Verwijder de volgende map:
C:\Qoobox

Maak dan je prullenbak leeg.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Vertel of er nog problemen zijn

Hallo smeenk.

Ik heb gedaan wat je zij, maar tijdens het opstarten blijf je het muziekje horen.
Hier weer mijn log.

Groeten Bor.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32, on 2008-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Styler\Styler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
I:\download\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoostKit.lnk = C:\Program Files\BoostKit\bk.exe
O4 - Startup: SpywareBlaster (2).lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DU Meter Service (DUMeterSvc) - DT Soft Ltd. - (no file)
O23 - Service: eMule MorphXT as a service (eMule) - DT Soft Ltd. - (no file)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SNMP-service (SNMP) - Sygate Technologies, Inc. - (no file)
O23 - Service: SNMP Trap-service (SNMPTRAP) - Sygate Technologies, Inc. - (no file)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
O24 - Desktop Component 0: (no name) - http://images.google.nl/images?q=tbn:QDFYUh47XIMJ:upload.wikimedia.org/wikipedia/fr/thumb/7/7d/Emule.jpg/150px-Emule.jpg

--
End of file - 13149 bytes

Beste Smeenk.

Ik probleem is opgelost, want ik hoor hem niet meer.
En ik hoop dat het zo blijft.

Bedankt voor de goede zorgen.

GR Bor

Graag gedaan hoor, fijn dat het opgelost lijkt