Mededeling

Collapse
No announcement yet.

irritante explorer pop-ups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • irritante explorer pop-ups

    Ik gebruik standaard Firefox en om de paar minuten verschijnt er een pop-up. Noemenswaardig hierbij is dat het een Explorer-pop-up betreft (terwijl ik firefox gebruik !!)
    De pop-ups waren inderdaad reclame-pop-ups (partypoker enz enz)
    Nadien heb ik bijvoorbeeld "Spybot Search & Destroy"door mijn computer laten fietsen........Nu krijg ik nog steeds die Explorer-pop-ups.
    Weet iemand hier een oplossing voor ??......ik vind het namelijk knap vervelend steeds die pop-ups !!

    Logfile of HijackThis v1.99.1
    Scan saved at 20:14:58, on 12-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\USBStorage\USBDetector.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\UPC\bin\sprtcmd.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Mari\Bureaublad\Ongebruikte bureaublad-pictogrammen\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnederland.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [UPC] "C:\Program Files\UPC\bin\sprtcmd.exe" /P UPC
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://tappx01.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

  • #2
    Heeft iemand misschien een oplossing voor deze problematiek ??

    Comment


    • #3
      Hoe heten deze popups ??

      * Download Trend Micro Hijack This™
      Dubbelklik HJTInstall.exe om HijackThis te installeren.
      Standaard zal HijackThis in de Program Files\Trendmicro map geïnstalleerd worden en een snelkoppeling zal op je bureaublad komen te staan.
      HijackThis zal openen na het installeren.
      Klik de Scan knop onderaan.
      Dit zal de scan starten en een log openen.
      Kopieer en plak deze log in je volgende post.

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        In ieder geval dank voor je aangeboden hulp !!

        welke pop-ups: "www.mt50.nl" (komt zeer vaak) , "www.be2.nl" & "www2.mobile2match.nl". Ook "partypoker" passeert wel eens.

        Hier mijn logfile:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 23:09:10, on 15-1-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Dell\Media Experience\PCMService.exe
        C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
        C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
        C:\USBStorage\USBDetector.exe
        C:\Program Files\D-Tools\daemon.exe
        C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
        C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
        C:\Program Files\UPC\bin\sprtcmd.exe
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\WINDOWS\vsnpstd2.exe
        C:\Program Files\ESET\ESET Smart Security\egui.exe
        C:\Program Files\A4Tech\Mouse\Amoumain.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\ESET\ESET Smart Security\ekrn.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Skype\Plugin Manager\skypePM.exe
        C:\Program Files\Raxco\PerfectDisk\PDSched.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
        C:\Program Files\Winamp\winamp.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnederland.nl/
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
        O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
        O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
        O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
        O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
        O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
        O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
        O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
        O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
        O4 - HKLM\..\Run: [UPC] "C:\Program Files\UPC\bin\sprtcmd.exe" /P UPC
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
        O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
        O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
        O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
        O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
        O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
        O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
        O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://tappx01.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
        O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
        O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
        O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
        O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
        O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
        O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
        O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

        --
        End of file - 8606 bytes

        Comment


        • #5
          Ik zie niet direct wat het is, dus we gaan even zoeken.

          Download Combofix naar je Bureaublad.
          Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

          OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
          • Dubbelklik op Combofix.exe
            Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
            Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

          Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
          Plaats deze log in je volgende post samen met een nieuw HijackThis log.

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Ok, Hier de resultaten :

            ComboFix 08-01-16.4 - Mari 2008-01-16 17:29:43.2 - NTFSx86
            Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.539 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\Mari\Bureaublad\ComboFix.exe
            * Nieuw herstelpunt werd aangemaakt
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\temp\tn3
            C:\WINDOWS\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden

            .
            (((((((((((((((((((( Bestanden Gemaakt van 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))
            .

            2008-01-16 17:36 . 2008-01-16 17:36 <DIR> d-------- C:\Temp\tn3
            2008-01-16 17:36 . 2008-01-16 17:36 932 --------- C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
            2008-01-15 23:08 . 2008-01-15 23:08 <DIR> d-------- C:\Program Files\Trend Micro
            2008-01-15 12:16 . 2008-01-15 12:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
            2008-01-15 12:16 . 2008-01-15 12:16 1,409 --a------ C:\WINDOWS\QTFont.for
            2008-01-12 23:47 . 2008-01-12 23:47 <DIR> d-------- C:\Program Files\A4Tech
            2008-01-12 23:47 . 2007-03-13 16:20 14,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\FNM131C.tmp
            2008-01-12 23:47 . 2007-02-10 02:04 14,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Amps2prt.sys
            2008-01-12 23:47 . 2007-01-24 17:46 8,704 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\FNM131D.tmp
            2008-01-12 17:26 . 2008-01-12 17:26 <DIR> d-------- C:\Documents and Settings\Mari\DoctorWeb
            2008-01-12 17:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
            2008-01-11 23:17 . 2008-01-11 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
            2008-01-11 23:11 . 2008-01-11 23:11 <DIR> d-------- C:\Documents and Settings\Mari\Application Data\ESET
            2008-01-11 23:07 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
            2008-01-11 22:53 . 2008-01-16 17:09 <DIR> dr-h----- C:\Documents and Settings\Mari\Onlangs geopend
            2008-01-11 21:28 . 2008-01-11 21:32 <DIR> d-------- C:\Program Files\RegScrubXP
            2008-01-11 19:53 . 2008-01-11 19:53 86,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SE27whh.sys
            2008-01-11 18:51 . 2008-01-11 18:51 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
            2008-01-11 17:56 . 2008-01-11 17:56 <DIR> d-------- C:\Program Files\Alwil Software
            2008-01-08 11:31 . 2008-01-11 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
            2007-12-21 08:21 . 2007-12-21 08:21 71,176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\epfw.sys
            2007-12-21 08:21 . 2007-12-21 08:21 53,768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdi.sys
            2007-12-21 08:21 . 2007-12-21 08:21 30,728 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\epfwndis.sys
            2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\easdrv.sys
            2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-01-16 16:40 --------- d-----w C:\Documents and Settings\Mari\Application Data\Skype
            2008-01-15 21:12 --------- d-----w C:\Program Files\SwiftSwitch
            2008-01-12 23:00 24,575 ----a-w C:\WINDOWS\SYSTEM32\Usengwinsyspios.dll
            2008-01-12 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2008-01-12 18:57 --------- d-----w C:\Program Files\Clean It 2
            2008-01-12 16:09 --------- d-----w C:\Documents and Settings\Mari\Application Data\Azureus
            2008-01-12 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2008-01-12 12:41 --------- d-----w C:\Program Files\Soulseek
            2008-01-12 10:09 --------- d-----w C:\Program Files\Spyware Doctor
            2008-01-12 10:07 --------- d-----w C:\Program Files\Hitman Pro
            2008-01-11 23:51 --------- d-----w C:\Program Files\SpywareBlaster
            2008-01-11 23:47 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
            2008-01-11 23:47 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
            2008-01-11 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
            2008-01-11 21:49 --------- d-----w C:\Program Files\CCleaner
            2007-12-31 13:42 --------- d-----w C:\Program Files\Azureus
            2007-12-23 11:47 --------- d-----w C:\Program Files\TVAnts
            2007-12-09 13:24 --------- d-----w C:\Program Files\SopCast
            2007-12-08 21:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SurfRight
            2007-12-08 08:54 --------- d-----w C:\Documents and Settings\Mari\Application Data\Lavasoft
            2007-12-08 08:34 --------- d-----w C:\Documents and Settings\Mari\Application Data\PC Tools
            2007-12-08 08:33 164 ----a-w C:\install.dat
            2007-12-08 08:33 --------- d-----w C:\Program Files\Webroot
            2007-12-08 08:33 --------- d-----w C:\Documents and Settings\Mari\Application Data\Webroot
            2007-12-08 08:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
            2007-12-08 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
            2007-12-08 08:24 --------- d-----w C:\Program Files\Lavasoft
            2007-12-08 08:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
            2007-12-08 08:18 --------- d-----w C:\Program Files\SurfRight
            2007-12-08 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\SurfRight
            2007-11-27 20:30 --------- d-----w C:\Program Files\Risk
            2007-11-26 18:14 --------- d-----w C:\Program Files\Pando Networks
            2007-11-14 07:29 450,560 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
            2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
            2007-11-07 09:30 727,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
            2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
            2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
            2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
            2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
            2007-10-25 16:57 8,501,760 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
            2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
            2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
            2005-12-03 18:10 10,856 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
            .

            ((((((((((((((((((((((((((((( [email protected]_17.17.33.04 )))))))))))))))))))))))))))))))))))))))))
            .
            - 2008-01-12 16:06:42 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
            + 2008-01-16 16:29:22 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
            - 2008-01-12 16:06:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
            + 2008-01-16 16:29:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
            - 2008-01-12 16:06:42 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
            + 2008-01-16 16:29:22 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
            - 2008-01-12 16:06:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
            + 2008-01-16 16:29:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
            - 2008-01-12 16:06:42 12,836,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
            + 2008-01-16 16:29:23 12,881,920 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
            - 2008-01-12 16:06:42 266,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
            + 2008-01-16 16:29:23 266,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
            + 2006-03-16 07:00:36 8,704 ----a-r C:\WINDOWS\SYSTEM32\ReinstallBackups\0019\DriverFiles\Amfilter.sys
            + 2006-03-16 07:03:08 13,312 ----a-r C:\WINDOWS\SYSTEM32\ReinstallBackups\0019\DriverFiles\Amusbprt.sys
            + 2006-03-16 07:00:36 8,704 ----a-r C:\WINDOWS\SYSTEM32\ReinstallBackups\0021\DriverFiles\Amfilter.sys
            + 2006-03-16 07:03:08 13,312 ----a-r C:\WINDOWS\SYSTEM32\ReinstallBackups\0021\DriverFiles\Amusbprt.sys
            .
            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 16:00 1937408]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
            "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
            "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248]
            "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 20:05 344064]
            "AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2004-08-20 14:02 684032]
            "USBDetector"="C:\USBStorage\USBDetector.exe" [2003-03-31 19:33 53248]
            "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
            "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
            "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
            "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03 221184]
            "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
            "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-14 15:42 155648]
            "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
            "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
            "UPC"="C:\Program Files\UPC\bin\sprtcmd.exe" [2005-08-16 07:12 192512]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
            "SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 17:34 40960]
            "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
            "WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2007-03-13 17:42 204800]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
            Notification Packages REG_MULTI_SZ scecli scecli scecli scecli

            R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2005-06-28 09:17]
            R1 SE27whh;SE27whh;C:\WINDOWS\system32\drivers\SE27whh.sys [2008-01-11 19:53]
            R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2005-06-28 09:17]
            R2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2005-06-28 13:07]
            R2 SOFTLOK;SOFTLOK;C:\WINDOWS\system32\drivers\SOFTLOK.sys [2000-03-17 08:07]
            R3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 20:31]
            S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys

            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-01-16 17:38:33
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2008-01-16 17:43:35 - machine was rebooted
            ComboFix-quarantined-files.txt 2008-01-16 16:43:31
            ComboFix2.txt 2008-01-12 16:17:56
            .
            2008-01-12 10:18:27 --- E O F ---



            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 17:45:33, on 16-1-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\ESET\ESET Smart Security\ekrn.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\Program Files\Dell\Media Experience\PCMService.exe
            C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
            C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
            C:\USBStorage\USBDetector.exe
            C:\Program Files\D-Tools\daemon.exe
            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
            C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
            C:\Program Files\UPC\bin\sprtcmd.exe
            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
            C:\WINDOWS\vsnpstd2.exe
            C:\Program Files\ESET\ESET Smart Security\egui.exe
            C:\Program Files\A4Tech\Mouse\Amoumain.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Skype\Phone\Skype.exe
            C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
            C:\Program Files\Raxco\PerfectDisk\PDSched.exe
            C:\Program Files\Skype\Plugin Manager\skypePM.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnederland.nl/
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
            O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
            O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
            O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
            O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
            O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
            O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
            O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
            O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
            O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
            O4 - HKLM\..\Run: [UPC] "C:\Program Files\UPC\bin\sprtcmd.exe" /P UPC
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
            O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
            O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
            O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
            O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
            O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
            O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
            O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
            O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
            O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
            O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
            O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://tappx01.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
            O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
            O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
            O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
            O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
            O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
            O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
            O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

            --
            End of file - 8494 bytes

            Comment


            • #7
              Download: RVAXO.exe
              Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
              Je kunt het programma laten uitpakken naar je bureaublad.
              Open nu de map RVAXO op je bureaublad en dubbelklik RVAXO.cmd
              Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
              Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze zijn werk doen.

              Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
              Laat deze lopen en wacht tot er een logfile opent.
              Deze is eventueel ook hier te vinden: C:\RVAXO-results.log
              Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

              Herstart je PC niet?

              Laat RVAXO nog een keer lopen en post dan het nieuwe logje: C:\rvaxo-results.log

              plaats even ook een nieuw HJT logje

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Rvaxo ---> is uitgevoerd, hier "the results" :

                ---RVAXO.exe Updated: 2008-01-16---first run---
                Files found:
                C:\WINDOWS\system32\drivers\core.cache.dsk

                Uninstallers Rogue scanners:


                Folders Found:

                C:\Temp\tn3

                Hosts-file was reset, If you use a custom hosts file please replace it...

                --------------RVAXO.exe last run---------------

                Files found:

                C:\WINDOWS\system32\drivers\core.cache.dsk
                Folders Found:

                --------------RVAXO.exe finished----------------

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 23:52:03, on 16-1-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\Explorer.EXE
                C:\Program Files\ESET\ESET Smart Security\ekrn.exe
                C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                C:\Program Files\Raxco\PerfectDisk\PDSched.exe
                C:\Program Files\Dell\Media Experience\PCMService.exe
                C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
                C:\USBStorage\USBDetector.exe
                C:\Program Files\D-Tools\daemon.exe
                C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
                C:\Program Files\UPC\bin\sprtcmd.exe
                C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                C:\WINDOWS\vsnpstd2.exe
                C:\Program Files\ESET\ESET Smart Security\egui.exe
                C:\Program Files\A4Tech\Mouse\Amoumain.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Skype\Phone\Skype.exe
                C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                C:\Program Files\Skype\Plugin Manager\skypePM.exe
                C:\Program Files\Mozilla Firefox\firefox.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnederland.nl/
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
                O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
                O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
                O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
                O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
                O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
                O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
                O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
                O4 - HKLM\..\Run: [UPC] "C:\Program Files\UPC\bin\sprtcmd.exe" /P UPC
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
                O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
                O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
                O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
                O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
                O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
                O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
                O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
                O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://tappx01.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
                O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
                O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
                O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
                O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
                O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
                O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

                --
                End of file - 8551 bytes

                Comment


                • #9
                  Zo dat is weg, hoe gaat het nu ??

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Aanvullend.

                    Open Kladblok, kopieer en plak het volgende (vetgedrukte, tekst) in een leeg venster:
                    • Code:
                       
                      File::
                       C:\WINDOWS\SYSTEM32\DRIVERS\SE27whh.sys
                      
                      Folder::
                      C:\temp\tn3
                      
                      Driver::
                      SE27whh

                    Sla dit op op je Bureaublad als CFScript.txt.

                    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                    Dit zal ComboFix doen herstarten.

                    Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

                    vertel gelijk even hoe het nu gaat aub.

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      ComboFix 08-01-16.4 - Mari 2008-01-17 16:01:04.3 - NTFSx86
                      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.592 [GMT 1:00]
                      Gestart vanuit: C:\Documents and Settings\Mari\Bureaublad\ComboFix.exe
                      Command switches used :: C:\Documents and Settings\Mari\Bureaublad\CFScript.txt
                      * Nieuw herstelpunt werd aangemaakt

                      FILE
                      C:\WINDOWS\SYSTEM32\DRIVERS\SE27whh.sys
                      .

                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      C:\temp\tn3
                      C:\WINDOWS\system32\drivers\core.cache.dsk
                      C:\WINDOWS\SYSTEM32\DRIVERS\SE27whh.sys

                      .
                      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

                      .
                      -------\LEGACY_SE27WHH
                      -------\SE27whh


                      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))
                      .

                      2008-01-16 23:43 . 2008-01-16 23:43 <DIR> d-------- C:\RVAXO
                      2008-01-16 23:41 . 2008-01-17 00:36 609,484 --a------ C:\WINDOWS\SYSTEM32\RVAXO.bat
                      2008-01-16 23:41 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\SYSTEM32\remove.exe
                      2008-01-15 23:08 . 2008-01-15 23:08 <DIR> d-------- C:\Program Files\Trend Micro
                      2008-01-15 12:16 . 2008-01-15 12:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                      2008-01-15 12:16 . 2008-01-15 12:16 1,409 --a------ C:\WINDOWS\QTFont.for
                      2008-01-12 23:47 . 2008-01-12 23:47 <DIR> d-------- C:\Program Files\A4Tech
                      2008-01-12 23:47 . 2007-03-13 16:20 14,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\FNM131C.tmp
                      2008-01-12 23:47 . 2007-02-10 02:04 14,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Amps2prt.sys
                      2008-01-12 23:47 . 2007-01-24 17:46 8,704 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\FNM131D.tmp
                      2008-01-12 17:26 . 2008-01-12 17:26 <DIR> d-------- C:\Documents and Settings\Mari\DoctorWeb
                      2008-01-12 17:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                      2008-01-11 23:17 . 2008-01-11 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
                      2008-01-11 23:11 . 2008-01-11 23:11 <DIR> d-------- C:\Documents and Settings\Mari\Application Data\ESET
                      2008-01-11 23:07 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
                      2008-01-11 22:53 . 2008-01-17 15:59 <DIR> dr-h----- C:\Documents and Settings\Mari\Onlangs geopend
                      2008-01-11 21:28 . 2008-01-11 21:32 <DIR> d-------- C:\Program Files\RegScrubXP
                      2008-01-11 18:51 . 2008-01-11 18:51 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
                      2008-01-11 17:56 . 2008-01-11 17:56 <DIR> d-------- C:\Program Files\Alwil Software
                      2008-01-08 11:31 . 2008-01-11 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
                      2007-12-21 08:21 . 2007-12-21 08:21 71,176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\epfw.sys
                      2007-12-21 08:21 . 2007-12-21 08:21 53,768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdi.sys
                      2007-12-21 08:21 . 2007-12-21 08:21 30,728 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\epfwndis.sys
                      2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\easdrv.sys
                      2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-01-17 15:04 --------- d-----w C:\Documents and Settings\Mari\Application Data\Skype
                      2008-01-17 07:50 --------- d-----w C:\Program Files\SwiftSwitch
                      2008-01-12 23:00 24,575 ----a-w C:\WINDOWS\SYSTEM32\Usengwinsyspios.dll
                      2008-01-12 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
                      2008-01-12 18:57 --------- d-----w C:\Program Files\Clean It 2
                      2008-01-12 16:09 --------- d-----w C:\Documents and Settings\Mari\Application Data\Azureus
                      2008-01-12 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                      2008-01-12 12:41 --------- d-----w C:\Program Files\Soulseek
                      2008-01-12 10:09 --------- d-----w C:\Program Files\Spyware Doctor
                      2008-01-12 10:07 --------- d-----w C:\Program Files\Hitman Pro
                      2008-01-11 23:51 --------- d-----w C:\Program Files\SpywareBlaster
                      2008-01-11 23:47 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
                      2008-01-11 23:47 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
                      2008-01-11 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
                      2008-01-11 21:49 --------- d-----w C:\Program Files\CCleaner
                      2007-12-31 13:42 --------- d-----w C:\Program Files\Azureus
                      2007-12-23 11:47 --------- d-----w C:\Program Files\TVAnts
                      2007-12-09 13:24 --------- d-----w C:\Program Files\SopCast
                      2007-12-08 21:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SurfRight
                      2007-12-08 08:54 --------- d-----w C:\Documents and Settings\Mari\Application Data\Lavasoft
                      2007-12-08 08:34 --------- d-----w C:\Documents and Settings\Mari\Application Data\PC Tools
                      2007-12-08 08:33 164 ----a-w C:\install.dat
                      2007-12-08 08:33 --------- d-----w C:\Program Files\Webroot
                      2007-12-08 08:33 --------- d-----w C:\Documents and Settings\Mari\Application Data\Webroot
                      2007-12-08 08:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
                      2007-12-08 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
                      2007-12-08 08:24 --------- d-----w C:\Program Files\Lavasoft
                      2007-12-08 08:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
                      2007-12-08 08:18 --------- d-----w C:\Program Files\SurfRight
                      2007-12-08 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\SurfRight
                      2007-11-27 20:30 --------- d-----w C:\Program Files\Risk
                      2007-11-26 18:14 --------- d-----w C:\Program Files\Pando Networks
                      2007-11-14 07:29 450,560 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
                      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
                      2007-11-07 09:30 727,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
                      2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
                      2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
                      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
                      2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
                      2007-10-25 16:57 8,501,760 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
                      2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
                      2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
                      2005-12-03 18:10 10,856 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
                      .

                      ((((((((((((((((((((((((((((( [email protected]_17.17.33.04 )))))))))))))))))))))))))))))))))))))))))
                      .
                      - 2008-01-12 16:06:42 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
                      + 2008-01-17 15:00:43 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
                      - 2008-01-12 16:06:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
                      + 2008-01-17 15:00:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
                      - 2008-01-12 16:06:42 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
                      + 2008-01-17 15:00:43 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
                      - 2008-01-12 16:06:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
                      + 2008-01-17 15:00:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
                      - 2008-01-12 16:06:42 12,836,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
                      + 2008-01-17 15:00:43 12,886,016 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
                      - 2008-01-12 16:06:42 266,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
                      + 2008-01-17 15:00:43 266,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
                      + 2006-03-16 07:00:36 8,704 ----a-r C:\WINDOWS\SYSTEM32\ReinstallBackups\0019\DriverFiles\Amfilter.sys
                      + 2006-03-16 07:03:08 13,312 ----a-r C:\WINDOWS\SYSTEM32\ReinstallBackups\0019\DriverFiles\Amusbprt.sys
                      + 2006-03-16 07:00:36 8,704 ----a-r C:\WINDOWS\SYSTEM32\ReinstallBackups\0021\DriverFiles\Amfilter.sys
                      + 2006-03-16 07:03:08 13,312 ----a-r C:\WINDOWS\SYSTEM32\ReinstallBackups\0021\DriverFiles\Amusbprt.sys
                      - 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\SYSTEM32\VFind.exe
                      + 2008-01-03 18:47:58 49,152 ----a-w C:\WINDOWS\SYSTEM32\VFind.exe
                      .
                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 16:00 1937408]
                      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
                      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
                      "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248]
                      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 20:05 344064]
                      "AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2004-08-20 14:02 684032]
                      "USBDetector"="C:\USBStorage\USBDetector.exe" [2003-03-31 19:33 53248]
                      "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
                      "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
                      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
                      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03 221184]
                      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
                      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-14 15:42 155648]
                      "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
                      "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
                      "UPC"="C:\Program Files\UPC\bin\sprtcmd.exe" [2005-08-16 07:12 192512]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
                      "SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 17:34 40960]
                      "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
                      "WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2007-03-13 17:42 204800]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
                      Notification Packages REG_MULTI_SZ scecli scecli scecli scecli

                      R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2005-06-28 09:17]
                      R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2005-06-28 09:17]
                      R2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2005-06-28 13:07]
                      R2 SOFTLOK;SOFTLOK;C:\WINDOWS\system32\drivers\SOFTLOK.sys [2000-03-17 08:07]
                      R3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 20:31]
                      S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys

                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-01-17 16:10:10
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      Voltooingstijd: 2008-01-17 16:14:46 - machine was rebooted
                      ComboFix-quarantined-files.txt 2008-01-17 15:14:43
                      ComboFix2.txt 2008-01-16 16:43:35
                      ComboFix3.txt 2008-01-12 16:17:56
                      .
                      2008-01-12 10:18:27 --- E O F ---


                      Vóór de laatste actie met combofix waren de pop-ups nog wel volop aanwezig, maar na deze laatste combofix-actie lijken de pop-ups inderdaad verdwenen te zijn. Ook lijkt het dat de computer inmiddels een stuk sneller werkt weer !!
                      Al met al complimenten en dank aan "Juisterr" voor het verhelpen van deze vervelende pop-ups !!

                      Comment


                      • #12
                        Geen dank, ik had een tip van Smeenk (collega helper) gekregen.

                        We zijn al blij dat het geholpen heeft.

                        Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

                        Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klil op OK of toets Enter.
                        Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.


                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Nogmaals dank........ook aan Smeenk !!

                          Comment


                          • #14
                            Geen probleem, graag gedaan.

                            Windows 10 opstarten in Veilige Modus

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X