Mededeling

Collapse
No announcement yet.

geeft Fout melding van Explorer.exe bij het knippen en plakken zonder programma

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    geeft Fout melding van Explorer.exe bij het knippen en plakken zonder programma

    Hoi allemaal,
    Ik hoop dat ik het in de juiste heb gepost

    Ben al even bezig aan mijn pc hitman pro 2, AVG (virus scanner),ADWare6
    Allemaal programma's die mijn pc zuiver zouden moeten houden. Nu had ik van
    HijackThis gehoord en gelezen en hoopte dat er iemand me echt zou kunnen
    helpen.

    Mijn problemen die ik ken zijn

    Ik krijg een CiD pop up,

    Een Web pagina kan niet worden weer gegeven van Telenet,

    Bij het knippen en plakken van de 1ste hardeschijf naar mijn 2de
    krijg ik een Explorer.exe fout melding mijn taakbalk valt weg en elke map die
    op mijn hardeschijf open stond sluit af ook bij het afsluiten van de pc krijg ik deze foumelding,

    Bij het openen van het configratiescherm krijg ik foutmelding BTCPL ->Unable to load btrez.dll DUTCH
    deze foutmeding komt dan een keer of 14 15 na elkaar om gek van te worden

    Ik download met Mirc en op severs zegt het programma dat ik het Mirc virus heb.

    Ik hoop dat jullie me kunnen helpen.
    Als je nog vragen hebt die je moet weten van mijn pc dan zeg het maar.
    Heb nu HijackThis gedownload en heb een log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:15:56, on 6/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    R:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    F:\HJTS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {3DD8D936-7FB8-4C94-8F36-B5D49AE2447A} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {E9635BC9-0BDC-4765-9B92-B804C3E3FF1B} - (no file)
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "R:\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Policies\Explorer\Run: [COM Service] C:\WINDOWS\msagent\msreco.com
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] R:\Program Files\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] R:\Program Files\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: VLC360.lnk = C:\Program Files\Dun74\VLC360\VLC360.bat
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Corel Network monitor worker - {8BBA5E39-ED64-4298-9685-80F55A87BFFF} - C:\WINDOWS\System32\intlmain.dll (file missing)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8BBA5E39-ED64-4298-9685-80F55A87BFFF} - C:\WINDOWS\System32\intlmain.dll (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Corel Network monitor worker - {8BBA5E39-ED64-4298-9685-80F55A87BFFF} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8BBA5E39-ED64-4298-9685-80F55A87BFFF} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner_nl/ErrorSafeScannerInstallNL.cab
    O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_5_2_2_Silent.cab
    O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_7.cab
    O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
    O21 - SSODL: 44248 - {00000222-1111-1234-4321-0A1B2C3D4E99} - s8743w32.dll (file missing)
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: HFP Service (hfprog) - Unknown owner - C:\WINDOWS\system32\hfp.exe
    O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - R:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - R:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - R:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 8885 bytes

    Pc Informatie:

    Systeem:
    Microsoft Windows XP
    Home Edition
    Versie Pack 2
    AMD Athlon(tm) 64 Processor
    3200+
    Kloksnelheid: 2.00GHz, 1,00GB

    Een Logitech Bluetooth keyboard en muis
    Logitech Cam

    Gebruik mijn pc voor Games, Downloads,Beeldbewerking(Lightwave),Fotobewerking(Photoshop),Tekstverwerking(Exel)
    Alvast heel hartelijk bedankt
    Labels: Geen
    • Citaat
  • #2
    Beetje ongeduldig

    Hoi,
    Is het echt zo druk, hebben zoveel mensen problemen
    of heb ik de discussie niet goed geplaatst.
    Kan er mij niemand helpen, als ik het niet goed gedaan heb of ik moet wachten op een antw kan iemand iets laten weten ? A.U.B
    Heb ik het logje niet goed gemaakt of iets verkeerd beschreven
    Het is mijn eerste keer en weet niet echt hoe het in zijn werk gaat op een forum.
    Een kleine reactie is Welkom

    Greetzz

    Redliner
    • Citaat

    Comment

    • #3
      Hallo,


      Ja druk en een tekort aan QH, maar hier is dan je antwoord.


      Start Hijackthis op en kies voor 'Do a system scan only'
      Selecteer alleen de items die hieronder zijn genoemd:

      R3 - URLSearchHook: (no name) - - (no file)
      O2 - BHO: (no name) - {3DD8D936-7FB8-4C94-8F36-B5D49AE2447A} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O3 - Toolbar: (no name) - {E9635BC9-0BDC-4765-9B92-B804C3E3FF1B} - (no file)
      O9 - Extra button: Corel Network monitor worker - {8BBA5E39-ED64-4298-9685-80F55A87BFFF} - C:\WINDOWS\System32\intlmain.dll (file missing)
      O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8BBA5E39-ED64-4298-9685-80F55A87BFFF} - C:\WINDOWS\System32\intlmain.dll (file missing)
      O9 - Extra button: Corel Network monitor worker - {8BBA5E39-ED64-4298-9685-80F55A87BFFF} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
      O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8BBA5E39-ED64-4298-9685-80F55A87BFFF} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)
      O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...rInstallNL.cab
      O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
      O21 - SSODL: 44248 - {00000222-1111-1234-4321-0A1B2C3D4E99} - s8743w32.dll (file missing)

      Sluit alle vensters behalve Hijackthis
      Klik op 'Fix checked' om de items te verwijderen.





      Download SDFix en klik op "uitvoeren".
      Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

      Herstart de pc in de veilige modus.
      Safe mode for Windows XP
      Herstart de computer
      Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
      Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
      Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter

      Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
      Typ Y en klik enter om het schoonmaakproces te starten.
      Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
      De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
      De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te be?indigen en je bureaubladiconen weer te laden.
      Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
      Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log

      succes

      Windows 10 opstarten in Veilige Modus
      • Citaat

      Comment

      • #4
        Bedankt

        Heel hartelijkbedankt om me verder te helpen, het heeft even geduurt maar nu hopen dat het lukt ik ben nog maar pas op HijachThis uitgekomen dus word nog even zoeken wat ik precies moet doen, maar het moet lukken
        Nog eens bedankt.
        Ik heb nog 1 vraagje, ik heb een meiltje gekregen waarin staat dat ik mijn vraag bij de opgeloste HijackThis zet maar hoe kan je dat doen?

        greetzzz
        Redliner
        Last edited by Redliner; 21-01-08, 09:11.
        • Citaat

        Comment

        • #5
          Dat is een bericht zeker van idefix ? Het is nog niet opgelost want ik heb dat nog niet beoordeeld. Ik wil graag na dat je de fix uitgevoerd heb een nieuw HJT logje zien.

          Windows 10 opstarten in Veilige Modus
          • Citaat

          Comment

          • #6
            het gevraagde HijackThis log en Report SDFix

            Even erbij zeggen toen ik SDFix lade kreeg ik foutmeldingen (X5)

            Toepassing fout ms-dos 16bit

            is dit normaal?
            Hier heb je mijn Report van SDFix:


            SDFix: Version 1.130

            Run by Eigenaar on di 22/01/2008 at 10:09

            Microsoft Windows XP [versie 5.1.2600]

            Running From: C:\SDFix

            Safe Mode:
            Checking Services:

            Name:
            core
            ICF

            Path:
            system32\drivers\core.sys
            C:\WINDOWS\system32\svchost.exe:exe.exe

            core - Deleted
            ICF - Deleted



            Restoring Windows Registry Values
            Restoring Windows Default Hosts File

            Rebooting...


            Normal Mode:
            Checking Files:

            Trojan Files Found:

            C:\WINDOWS\b128.exe - Deleted
            C:\WINDOWS\b136.exe - Deleted
            C:\WINDOWS\system32\~.exe - Deleted
            C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
            C:\WINDOWS\system32\winsys.exe - Deleted
            C:\WINDOWS\wr.txt - Deleted
            C:\WINDOWS\system32\drivers\core.sys - Deleted



            Folder C:\Temp\tn3 - Removed


            Removing Temp Files...

            ADS Check:

            C:\WINDOWS
            No streams found.

            C:\WINDOWS\system32
            No streams found.

            C:\WINDOWS\system32\svchost.exe
            No streams found.

            C:\WINDOWS\system32\ntoskrnl.exe
            No streams found.



            Final Check:

            catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-01-22 10:16:06
            Windows 5.1.2600 Service Pack 2 NTFS

            scanning hidden processes ...

            scanning hidden services & system hive ...

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011957d6ffa]
            "001df637eca7"=hex:60,4f,99,fc,6b,b2,76,84,90,43,90,3b,1d,0d,62,71
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
            "s0"=dword:8f468eea
            "s1"=dword:e3d5ed6b
            "s2"=dword:4992045f
            "h0"=dword:00000001

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
            "p0"="R:\Program Files\DAEMON Tools\"
            "h0"=dword:00000000
            "khjeh"=hex:f2,b0,5f,9c,d9,bb,f3,a6,68,0c,5b,0c,24,ca,3d,8d,21,62,36,63,bb,..

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
            "a0"=hex:20,01,00,00,6f,3b,4a,92,44,0d,e6,c5,93,e9,ab,c0,11,b5,2b,be,f1,..
            "khjeh"=hex:b0,cf,e3,2e,c8,6d,6d,e7,cc,30,41,3e,50,bb,c4,a2,a9,cd,91,80,57,..

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
            "khjeh"=hex:ad,65,85,a7,a7,ea,15,c8,b6,85,a5,13,05,5f,c2,7a,bb,a0,5d,19,6b,..

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf41]
            "khjeh"=hex:ac,31,5c,2c,84,90,50,5e,d2,86,f3,3c,14,aa,b9,a0,3b,f2,c6,08,27,..

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf42]
            "khjeh"=hex:cc,33,45,88,86,94,97,05,1e,97,81,ea,08,e3,18,18,10,64,00,86,4f,..

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf43]
            "khjeh"=hex:2e,e5,85,f4,52,fd,64,4e,79,c8,91,a9,1e,1e,ff,52,0e,47,7f,32,9e,..
            [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0011957d6ffa]
            "001df637eca7"=hex:60,4f,99,fc,6b,b2,76,84,90,43,90,3b,1d,0d,62,71
            [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
            "p0"="R:\Program Files\DAEMON Tools\"
            "h0"=dword:00000000
            "khjeh"=hex:f2,b0,5f,9c,d9,bb,f3,a6,68,0c,5b,0c,24,ca,3d,8d,21,62,36,63,bb,..

            [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
            "a0"=hex:20,01,00,00,6f,3b,4a,92,44,0d,e6,c5,93,e9,ab,c0,11,b5,2b,be,f1,..
            "khjeh"=hex:b0,cf,e3,2e,c8,6d,6d,e7,cc,30,41,3e,50,bb,c4,a2,a9,cd,91,80,57,..

            [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
            "khjeh"=hex:ad,65,85,a7,a7,ea,15,c8,b6,85,a5,13,05,5f,c2,7a,bb,a0,5d,19,6b,..

            [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf41]
            "khjeh"=hex:ac,31,5c,2c,84,90,50,5e,d2,86,f3,3c,14,aa,b9,a0,3b,f2,c6,08,27,..

            [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf42]
            "khjeh"=hex:cc,33,45,88,86,94,97,05,1e,97,81,ea,08,e3,18,18,10,64,00,86,4f,..

            [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf43]
            "khjeh"=hex:2e,e5,85,f4,52,fd,64,4e,79,c8,91,a9,1e,1e,ff,52,0e,47,7f,32,9e,..

            scanning hidden registry entries ...

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
            "DisplayName"="Alcohol 120% (Trial Version)"

            scanning hidden files ...

            scan completed successfully
            hidden processes: 0
            hidden services: 0
            hidden files: 0


            Remaining Services:
            ------------------



            Authorized Application Key Export:

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
            "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
            "R:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"="R:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe:*:Enabled:iView Multimedia"
            "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
            "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
            "R:\\Program Files\\LASR\\LASR.exe"="R:\\Program Files\\LASR\\LASR.exe:*:Enabled:LASR"
            "R:\\Program Files\\mIRC\\mirc.exe"="R:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
            "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
            "R:\\Program Files\\LightWave 3D 9\\Programs\\hub.exe"="R:\\Program Files\\LightWave 3D 9\\Programs\\hub.exe:*:Enabled:hub"
            "R:\\Program Files\\LightWave 3D 9\\Programs\\lightwav.exe"="R:\\Program Files\\LightWave 3D 9\\Programs\\lightwav.exe:*:Enabled:lightwav"
            "R:\\Program Files\\LightWave 3D 9\\Programs\\modeler.exe"="R:\\Program Files\\LightWave 3D 9\\Programs\\modeler.exe:*:Enabled:modeler"
            "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
            "R:\\Morpheus\\Morpheus.exe"="R:\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
            "F:\\My Downloads\\LimeWire Plus\\LimeWire.exe"="F:\\My Downloads\\LimeWire Plus\\LimeWire.exe:*:Enabled:LimeWire"
            "R:\\BitLord\\BitLord.exe"="R:\\BitLord\\BitLord.exe:*:Enabled:BitLord"

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
            "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
            "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
            "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

            Remaining Files:
            ---------------

            File Backups: - C:\SDFix\backups\backups.zip

            Files with Hidden Attributes:

            Mon 17 May 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
            Sun 31 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
            Mon 2 Feb 2004 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
            Wed 21 Jan 2004 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg_old.reg"
            Wed 21 Jan 2004 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient_old.reg"
            Mon 2 Feb 2004 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
            Thu 20 Sep 2007 4,521 ...HR --- "C:\Documents and Settings\Eigenaar\Application Data\SecuROM\UserData\securom_v7_01.bak"

            Finished!

            En hier is het gevraagde HijackThis logfile na ik SDFix heb gebruikt.
            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 10:22:51, on 22/01/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16574)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Ahead\InCD\InCDsrv.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\wltrysvc.exe
            C:\WINDOWS\System32\bcmwltry.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
            C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            R:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
            C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
            C:\WINDOWS\system32\RUNDLL32.EXE
            C:\WINDOWS\system32\rundll32.exe
            C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Windows Media Player\WMPNSCFG.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Dun74\VLC360\vlc.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            F:\HJTS\HijackThis.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080/
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
            O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
            O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
            O4 - HKLM\..\Run: [QuickTime Task] "R:\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
            O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe"
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
            O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
            O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
            O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] R:\Program Files\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] R:\Program Files\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
            O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
            O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
            O4 - Global Startup: VLC360.lnk = C:\Program Files\Dun74\VLC360\VLC360.bat
            O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
            O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
            O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
            O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
            O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_5_2_2_Silent.cab
            O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_7.cab
            O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
            O23 - Service: HFP Service (hfprog) - Unknown owner - C:\WINDOWS\system32\hfp.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - R:\Program Files\Spyware Doctor\svcntaux.exe
            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - R:\Program Files\Spyware Doctor\swdsvc.exe
            O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
            O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - R:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
            O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

            --
            End of file - 7676 bytes



            Nog een keer vriendelijk bedankt

            Greetzz
            Redliner
            • Citaat

            Comment

            • #7
              Hallo, op zich ziet het er goed uit maar ik ben niet overtuigd dat het goed weg is.

              Wil je voor de zekerheid dit eens doen aub.

              Download Combofix naar je Bureaublad.
              Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

              OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
              • Dubbelklik op Combofix.exe
                Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
                Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

              Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
              Plaats dit log in je volgende post samen met een nieuw HijackThis log.

              Windows 10 opstarten in Veilige Modus
              • Citaat

              Comment

              • #8
                A.U.B Juisterr de gevraagde logfile

                De HijackThis file

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 12:09, on 2008-01-24
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Ahead\InCD\InCDsrv.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\wltrysvc.exe
                C:\WINDOWS\System32\bcmwltry.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                R:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe
                C:\Program Files\Windows Media Player\WMPNSCFG.exe
                C:\Program Files\Dun74\VLC360\vlc.exe
                C:\PROGRA~1\Grisoft\AVG7\avgw.exe
                C:\Program Files\MSN Messenger\usnsvc.exe
                C:\WINDOWS\explorer.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\WINDOWS\system32\ctfmon.exe
                F:\HJTS\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080/
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
                O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                O4 - HKLM\..\Run: [QuickTime Task] "R:\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
                O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe"
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
                O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] R:\Program Files\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] R:\Program Files\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
                O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
                O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                O4 - Global Startup: VLC360.lnk = C:\Program Files\Dun74\VLC360\VLC360.bat
                O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
                O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_5_2_2_Silent.cab
                O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_7.cab
                O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                O23 - Service: HFP Service (hfprog) - Unknown owner - C:\WINDOWS\system32\hfp.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
                O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - R:\Program Files\Spyware Doctor\svcntaux.exe
                O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - R:\Program Files\Spyware Doctor\swdsvc.exe
                O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - R:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

                --
                End of file - 7373 bytes


                En de ComboFix file


                ComboFix 08-01-23.2 - Eigenaar 2008-01-24 11:42:44.1 - NTFSx86
                Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.442 [GMT 1:00]
                Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\Downloads\ComboFix.exe
                * Nieuw herstelpunt werd aangemaakt

                WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                .

                (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                .

                C:\Documents and Settings\Eigenaar\Application Data\inst.exe
                C:\Documents and Settings\Eigenaar\Application Data\macromedia\Flash Player\#SharedObjects\LVZ4G6XB\iforex.com
                C:\Documents and Settings\Eigenaar\Application Data\macromedia\Flash Player\#SharedObjects\LVZ4G6XB\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
                C:\Documents and Settings\Eigenaar\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
                C:\Documents and Settings\Eigenaar\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
                C:\Documents and Settings\Eigenaar\Application Data\PPATCH~1
                C:\Program Files\Common Files\smbols~1
                C:\Program Files\download plugin
                C:\Program Files\icroso~1.net
                C:\WINDOWS\Downloaded Program Files\DlPlugin-MSIE_1.5.0.0
                C:\WINDOWS\system32\wnsapiicomsv.exe
                I:\Autorun.inf
                R:\Autorun.inf

                .
                (((((((((((((((((((( Bestanden Gemaakt van 2007-12-24 to 2008-01-24 ))))))))))))))))))))))))))))))
                .

                2008-01-24 11:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
                2008-01-22 10:05 . 2008-01-22 10:05 <DIR> d-------- C:\WINDOWS\ERUNT
                2007-12-27 22:19 . 2006-03-11 04:56 438,272 --a------ C:\WINDOWS\system32\Mpeg2DecFilter.ax
                2007-12-27 22:19 . 2005-11-25 21:46 421,888 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
                2007-12-27 22:19 . 2004-01-11 15:47 327,680 --a------ C:\WINDOWS\system32\MatroskaSplitter.ax
                2007-12-27 22:19 . 2005-11-25 23:13 266,240 --a------ C:\WINDOWS\system32\cddareader.ax
                2007-12-27 22:19 . 2006-11-06 15:30 262,144 --a------ C:\WINDOWS\system32\lame_enc.dll
                2007-12-27 22:19 . 2005-05-16 16:27 53,248 --a------ C:\WINDOWS\system32\AloFrame.ocx

                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
                2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
                2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
                2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
                2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
                2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
                2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
                2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
                2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
                2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
                2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
                2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
                2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
                2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
                2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
                2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
                2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
                2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
                2007-11-09 06:10 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
                2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
                2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                .

                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                REGEDIT4
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "System Mechanic Popup Stopper"="C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe" [2005-02-17 13:35 617984]
                "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
                "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
                "PMCRemote"=""
                "PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-07-26 11:28 105544]
                "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 15:06 406016]
                "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 08:02 579072]
                "QuickTime Task"="R:\qttask.exe" [2006-09-06 16:17 282624]
                "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-02 14:44 8470528]
                "nwiz"="nwiz.exe" [2007-08-02 14:44 1626112 C:\WINDOWS\system32\nwiz.exe]
                "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-02 14:44 81920]
                "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]

                [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                "Nokia.PCSync"="R:\Program Files\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
                "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 12:58 219136]

                C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\
                Registration-InstantCopy.lnk - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 13:18:00 245760]

                C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-06-04 19:48:23 113664]
                VLC360.lnk - C:\Program Files\Dun74\VLC360\VLC360.bat [2006-03-27 14:39:06 76]

                [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
                "{93994DE8-8239-4655-B1D1-5F4E91300429}"= R:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 14:18 49152]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTServ]
                C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll 2003-10-09 01:02 1064960 C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.dll

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
                backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
                backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GStartup.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\GStartup.lnk
                backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare software.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare software.lnk
                backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak software updater.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Kodak software updater.lnk
                backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech SetPoint.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech SetPoint.lnk
                backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
                backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PCSuiteForNokia6600 Detect.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PCSuiteForNokia6600 Detect.lnk
                backup=C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PCSuiteForNokia6600 TS.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PCSuiteForNokia6600 TS.lnk
                backup=C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Telenet EasyCare.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Telenet EasyCare.lnk
                backup=C:\WINDOWS\pss\Telenet EasyCare.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Registration-InstantCopy.lnk]
                path=C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\Registration-InstantCopy.lnk
                backup=C:\WINDOWS\pss\Registration-InstantCopy.lnkStartup

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\<°ÜZJÝYMÝlY«Q°aüžõgFC:]

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\<°ÜZJÝYMÝlY«Q°aüžõgFC:\Program Files]

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\<°ÜZJÝYMÝlY«Q°aüžõgFC:\Program Files\ISTsvc]

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\<°ÜZJÝYMÝlY«Q°aüžõgFC:\Program Files\ISTsvc\istsvc.exe]
                C:\WINDOWS\sfwwv.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
                c:\program files\altnet\points manager\points manager.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
                R:\AnyDVD\AnyDVD.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
                R:\Program Files\Babylon\Babylon.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
                R:\Program Files\BlazeDVD 4 Professional\MediaDetector.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
                --a------ 2004-08-04 09:03 33792 C:\WINDOWS\system32\rundll32.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
                C:\WINDOWS\system32\WLTRAY

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
                C:\Program Files\Common Files\Symantec Shared\ccApp.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
                R:\CloneCD\CloneCDTray.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
                --a--c--- 2004-08-04 09:03 15360 C:\WINDOWS\system32\ctfmon.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
                --a------ 2005-11-08 23:00 128920 R:\Program Files\DAEMON Tools\daemon.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
                R:\Program Files\daemon.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
                -----c--- 2004-02-10 13:21 1261672 C:\Program Files\Ahead\InCD\InCD.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
                C:\Program Files\Internet Optimizer\optimize.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
                C:\Program Files\ISTsvc\istsvc.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
                R:\iTunesHelper.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jydrte]
                C:\Program Files\Gyyiugv\Uaso.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
                --a--c--- 2003-09-19 13:17 25088 C:\WINDOWS\KHALMNPR.Exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Phone Suite]
                C:\Program Files\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
                C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
                --a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                --a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
                C:\PROGRA~1\NEWDOT~1\NEWDOT~4.DLL

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
                --a------ 2007-08-02 14:44 81920 C:\WINDOWS\system32\NvMcTray.dll

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
                --a------ 2007-08-02 14:44 1626112 C:\WINDOWS\system32\nwiz.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
                C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
                --a------ 2007-06-18 14:10 271360 R:\Program Files\Nokia PC Suite 6\LaunchApplication.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
                --------- 2003-11-10 15:06 406016 C:\WINDOWS\System32\PSDrvCheck.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
                C:\Program Files\Power Scan\powerscan.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                --a------ 2006-09-06 16:17 282624 R:\qttask.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rb32 ml755e]
                C:\Program Files\RapidBlaster\rb32.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
                C:\Program Files\RegistrySmart\RegistrySmart.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
                --a------ 2008-01-05 20:04 1058304 R:\Program Files\Spyware Doctor\SDTrayApp.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seek obj fast wave]
                C:\Documents and Settings\All Users\Application Data\Two Idol Wave Flag\Dead Long 01.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight]
                C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
                --a--c--- 2004-01-09 02:54 65536 C:\WINDOWS\SOUNDMAN.EXE

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stupid Data Dart Wave]
                C:\Documents and Settings\All Users\Application Data\flag ace stupid data\bows cash.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
                --a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
                --a--c--- 2005-05-02 08:43 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon]
                C:\Program Files\TBONBin\tbon.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
                --a------ 2006-05-20 09:31 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tMP0Wun3]

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
                --a------ 2007-03-14 15:52 3770024 R:\Program Files\TomTomHOME.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
                R:\Program Files\RegistryBooster 2\RegistryBooster.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
                C:\Program Files\Common files\updater\wupdater.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
                C:\Program Files\WinPop\winpop.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
                --------- 2006-11-02 22:53 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# *Lh'þ9Óœð3rÅWC:]

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# *Lh'þ9Óœð3rÅWC:\Program Files]

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# *Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc]

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# *Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe]
                C:\WINDOWS\sfwwv.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                "SNDSrvc"=2 (0x2)
                "KodakCCS"=2 (0x2)
                "C-DillaSrv"=2 (0x2)

                R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 11:22]
                R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-07-01 18:02]
                R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-22 08:53]
                R3 LHidPPKE;Logitech SetPoint HID Function Driver;C:\WINDOWS\system32\DRIVERS\LHidPPKE.Sys [2003-10-07 16:51]
                R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-12-10 10:53]
                S2 hfprog;HFP Service;C:\WINDOWS\system32\hfp.exe [2004-02-27 14:56]
                S2 s133967.sys;s133967.sys;C:\WINDOWS\system32\s133967.sys
                S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2002-06-14 14:32]
                S3 Sysapla;Sysapla;C:\WINDOWS\System32\drivers\tdpipe.sys [2004-08-04 09:03]
                S3 VGAUTI;VGAUTI;C:\WINDOWS\System32\DRIVERS\VGAUTI.sys [2003-10-22 10:37]

                [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
                \Shell\AutoRun\command - G:\setup.exe

                [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\R]
                \Shell\AutoRun\command - R:\setupSNK.exe

                [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c7103d1-380c-11dc-9b61-000c766bfe01}]
                \Shell\AutoRun\command - G:\InstallTomTomHOME.exe

                *Newly Created Service* - PROCEXP90

                [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
                C:\WINDOWS\system32\msvies.com
                .
                Inhoud van de 'Gedeelde Taken' map
                "2007-10-15 13:38:50 C:\WINDOWS\Tasks\PMCS_Wakeup633280595300468750.job"
                - C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
                "2008-01-06 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
                - R:\Program Files\RegistrySmart\RegistrySmart.ex
                - R:\Program Files\RegistrySmart
                "2008-01-24 10:46:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
                - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
                .
                **************************************************************************

                catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2008-01-24 11:47:11
                Windows 5.1.2600 Service Pack 2 NTFS

                scannen van verborgen processen ...

                scannen van verborgen autostart items ...

                scannen van verborgen bestanden ...

                **************************************************************************
                .
                Bedankt alvast Juisterr
                • Citaat

                Comment

                • #9
                  Toch nog een klusje voor je.


                  Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


                  • Fille::
                    C:\WINDOWS\sfwwv.exe

                    Registry::

                    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\<°ÜZJÝYMÝlY«Q°aüžõgFC:]

                    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\<°ÜZJÝYMÝlY«Q°aüžõgFC:\Program Files]

                    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\<°ÜZJÝYMÝlY«Q°aüžõgFC:\Program Files\ISTsvc]

                    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\<°ÜZJÝYMÝlY«Q°aüžõgFC:\Program Files\ISTsvc\istsvc.exe]

                    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á ³#
                    *Lh'þ9Óœð3rÅ WC:]

                    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á ³#
                    *Lh'þ9Óœð3rÅ WC:\Program Files]

                    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á ³#
                    *Lh'þ9Óœð3rÅ WC:\Program Files\ISTsvc]

                    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á ³#
                    *Lh'þ9Óœð3rÅ WC:\Program Files\ISTsvc\istsvc.exe]


                  Sla dit op op je Bureaublad als CFScript.txt.

                  Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                  Dit zal ComboFix doen herstarten.

                  Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

                  Windows 10 opstarten in Veilige Modus
                  • Citaat

                  Comment

                  Vorige template Volgende
                  Sorry, you are not authorized to view this page
                  Working...
                  X