Mededeling

Collapse
No announcement yet.

Géén windows-update, onmogelijk een virusscanner te installen...

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Géén windows-update, onmogelijk een virusscanner te installen...

    Goeiedag,

    Probleem: zag dat ik geen windows-update meer kon draaien, toen ben ik verder gaan zoeken en bleek zowel mijn AVG als windows-firewall uitgeschakeld te zijn. Toen heb ik AVG geprobeerd te uninstallen, maar dat ik niet volledig gelukt. Als ik bijvoorbeeld Panda Anti-Virus probeer te installeren zegt ie dat ie een confict heeft met AVG, maar daar is nergens meer een enkel spoor van te ontdekken. De Spyware-progjes die ik geinstalleerd heb (4 of 5) schakelen zichzelf ook na een dag of zo, uit ! Bijv. Spyware Doctor werkt een dag en de dag erna kan ik deze niet meer activeren, is dan vanzelf uitgegaan.

    Heb vanalles geprobeerd en in veilige modus opstarten gaat zelfs niet !

    Erg vreemd allemaal, hopende op jullie expertise, bij deze mijn logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:30:08, on 13-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\DU Meter\DUMeterSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\TopDesk\topdesk.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\philips\Media Manager\Philips Media Manager.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Totalcmd\TOTALCMD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Documents and Settings\Ceriel\Local Settings\Temporary Internet Files\Content.IE5\R5OF5ULH\vcleaner[1].exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
    O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
    O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-1844237615-152049171-1801674531-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-1844237615-152049171-1801674531-1004\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (User '?')
    O4 - HKUS\S-1-5-21-1844237615-152049171-1801674531-1004\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
    O4 - HKUS\S-1-5-21-1844237615-152049171-1801674531-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-1844237615-152049171-1801674531-1004 Startup: Philips Media Manager.lnk = C:\Program Files\philips\Media Manager\Philips Media Manager.exe (User '?')
    O4 - Startup: Philips Media Manager.lnk = C:\Program Files\philips\Media Manager\Philips Media Manager.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200067724000
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O20 - Winlogon Notify: ntlanui32 - ntlanui32.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
    O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 11123 bytes


    Alvast bedankt voor jullie tijd

    Met vriendelijke groet,
    Ceriel

  • #2
    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      BIJ DEZE:

      ComboFix 08-01-20.1 - Ceriel 2008-01-21 17:50:40.1 - NTFSx86

      Gestart vanuit: C:\Documents and Settings\Ceriel\Bureaublad\ComboFix.exe

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\msvrc20.dll
      C:\WINDOWS\system32\drivers\srosa.sys
      C:\WINDOWS\system32\FTPx.dll
      C:\WINDOWS\system32\MabryObj.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_SROSA
      -------\srosa


      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))
      .

      2008-01-21 17:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-18 21:51 . 2008-01-18 23:26 247,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
      2008-01-18 21:51 . 2008-01-18 23:26 12,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
      2008-01-18 21:51 . 2008-01-18 21:51 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
      2008-01-18 21:51 . 2008-01-18 21:51 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
      2008-01-18 21:25 . 2008-01-18 21:26 <DIR> d-------- C:\Program Files\XPRepairPro2006
      2008-01-18 21:09 . 2008-01-18 21:23 <DIR> d-------- C:\Program Files\RegistryFix
      2008-01-18 20:02 . 2008-01-18 20:02 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
      2008-01-18 20:01 . 2007-10-03 09:33 194,888 --a------ C:\WINDOWS\Unwash6.exe
      2008-01-18 19:57 . 2008-01-18 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2008-01-18 19:56 . 2008-01-21 08:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
      2008-01-18 19:56 . 2008-01-18 19:56 <DIR> d-------- C:\Documents and Settings\Ceriel\Application Data\SUPERAntiSpyware.com
      2008-01-18 16:41 . 2002-08-18 18:43 794,624 --a------ C:\WINDOWS\system32\spr32d35.dll
      2008-01-18 16:30 . 2008-01-18 16:43 <DIR> d-------- C:\Program Files\Punch! Home Design - AS4000
      2008-01-18 16:15 . 2008-01-18 16:15 <DIR> d-------- C:\Program Files\IMSI
      2008-01-17 22:25 . 2008-01-17 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
      2008-01-14 18:59 . 2008-01-21 08:03 <DIR> dr-h----- C:\Documents and Settings\Ceriel\Onlangs geopend
      2008-01-13 13:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2008-01-13 13:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2008-01-12 13:53 . 2008-01-15 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-01-12 11:07 . 2008-01-12 11:07 <DIR> d-------- C:\WINDOWS\Internet Logs
      2008-01-12 10:54 . 2008-01-12 10:54 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-12 00:40 . 2008-01-12 00:43 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
      2008-01-12 00:29 . 2008-01-12 00:29 <DIR> d-------- C:\Program Files\CCleaner
      2008-01-12 00:15 . 2008-01-12 00:15 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
      2008-01-12 00:12 . 2008-01-12 00:44 <DIR> d-------- C:\Program Files\McAfee
      2008-01-12 00:11 . 2008-01-12 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
      2008-01-11 23:59 . 2008-01-11 23:59 <DIR> d-------- C:\Program Files\Common Files\Panda Software
      2008-01-11 21:08 . 2008-01-15 22:30 <DIR> d-------- C:\Program Files\Spyware Doctor
      2008-01-11 21:08 . 2008-01-11 21:08 <DIR> d-------- C:\Documents and Settings\Ceriel\Application Data\PC Tools
      2008-01-11 21:08 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-01-11 21:08 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-01-11 21:08 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-01-11 21:08 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-01-11 21:07 . 2008-01-18 20:02 <DIR> d-------- C:\Program Files\Webroot
      2008-01-11 21:07 . 2008-01-11 21:07 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
      2008-01-11 21:07 . 2008-01-18 20:02 <DIR> d-------- C:\Documents and Settings\Ceriel\Application Data\Webroot
      2008-01-11 21:07 . 2008-01-18 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
      2008-01-11 21:07 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
      2008-01-11 21:07 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
      2008-01-11 21:07 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
      2008-01-11 21:07 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
      2008-01-11 17:32 . 2008-01-12 13:08 <DIR> d-------- C:\Program Files\SpywareBlaster
      2008-01-04 18:26 . 2008-01-04 18:26 <DIR> d-------- C:\Documents and Settings\Ceriel\Application Data\OtakuSoftware
      2008-01-04 18:20 . 2008-01-11 21:09 <DIR> d-------- C:\Program Files\DeskSpace
      2008-01-02 12:20 . 2008-01-19 09:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-01-02 12:20 . 2008-01-02 12:20 1,409 --a------ C:\WINDOWS\QTFont.for
      2007-12-31 19:10 . 2008-01-19 12:21 <DIR> d-------- C:\Program Files\OfflineList 0.7.2
      2007-12-30 18:09 . 2007-12-30 18:09 <DIR> d-------- C:\Program Files\Common Files\xing shared
      2007-12-28 15:23 . 2007-03-05 22:23 17,920 --a------ C:\WINDOWS\system32\patch.exe
      2007-12-28 15:22 . 2007-12-28 15:22 <DIR> d-------- C:\Program Files\Astro Gemini Software
      2007-12-28 15:20 . 2007-12-28 15:20 <DIR> d-------- C:\Documents and Settings\Ceriel\Application Data\River Past G4
      2007-12-27 17:07 . 2008-01-18 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\River Past G4
      2007-12-27 17:06 . 2007-12-27 17:06 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
      2007-12-27 15:43 . 2008-01-12 00:40 <DIR> d-------- C:\Documents and Settings\Ceriel\Application Data\URSoft
      2007-12-27 15:43 . 2008-01-21 17:59 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2007-12-23 20:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2007-12-23 20:53 . 2007-12-23 20:53 <DIR> d-------- C:\Program Files\Common Files\Java

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-21 15:59 --------- d-----w C:\Program Files\eMule
      2008-01-19 11:42 --------- d-----w C:\Program Files\Totalcmd
      2008-01-19 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
      2008-01-19 10:06 --------- d-----w C:\Program Files\Winamp
      2008-01-18 22:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-15 21:11 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2008-01-14 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-13 17:24 --------- d-----w C:\Program Files\Belastingdienst
      2008-01-12 12:53 --------- d-----w C:\Program Files\Lavasoft
      2008-01-12 11:14 --------- d-----w C:\Program Files\Hitman Pro
      2008-01-11 22:29 --------- d-----w C:\Program Files\SightSpeed
      2008-01-10 17:26 --------- d-----w C:\Documents and Settings\Ceriel\Application Data\Corel
      2008-01-02 11:58 --------- d-----w C:\Program Files\SBSH
      2007-12-30 17:09 --------- d-----w C:\Program Files\Common Files\Real
      2007-12-29 16:34 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
      2007-12-23 19:54 --------- d-----w C:\Program Files\Java
      2007-12-18 16:01 --------- d-----w C:\Program Files\Nero
      2007-12-18 16:00 --------- d-----w C:\Program Files\Common Files\Nero
      2007-12-18 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
      2007-12-18 15:52 --------- d-----w C:\Program Files\Atomic Alarm Clock
      2007-12-17 22:28 37,270 ----a-w C:\WINDOWS\system32\OggDSUninst.exe
      2007-12-16 16:05 3,600 ----a-w C:\WINDOWS\ssconf2.bin
      2007-12-15 20:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-15 20:50 --------- d-----w C:\Program Files\Rail Simulator
      2007-12-15 16:15 --------- d-----w C:\Program Files\dvdSanta
      2007-12-15 16:15 --------- d-----w C:\Program Files\DivX
      2007-12-15 15:14 --------- d-----w C:\Program Files\AviSynth 2.5
      2007-12-12 09:49 --------- d-----w C:\Program Files\Windows Media Components
      2007-12-12 09:31 --------- d-----w C:\Program Files\Haali
      2007-12-10 19:54 --------- d-----w C:\Program Files\M&T Paris
      2007-12-07 22:02 --------- d-----w C:\Program Files\Microsoft ActiveSync
      2007-12-07 20:11 --------- d-----w C:\Program Files\Sudoku - Tied Up & Bound
      2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
      2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\QT-DX331.dll
      2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
      2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
      2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2007-11-25 16:06 --------- d-----w C:\Program Files\Common Files\Adobe
      2007-11-24 10:14 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
      2007-11-24 10:14 --------- d--h--r C:\Documents and Settings\Ceriel\Application Data\SecuROM
      2007-04-22 10:58 88 --sh--r C:\WINDOWS\system32\D27975C176.sys
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]
      "SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-11-04 17:29 514048]
      "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2007-10-15 15:19 2582288]
      "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29 220544]
      "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 22:52 476702]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
      "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42 585728]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
      "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-05 10:51 491520]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 19:51 176128]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]
      "TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-02-05 21:00 195584]
      "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34 213936]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
      "RegistryMechanic"=""
      "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

      C:\Documents and Settings\Ceriel\Menu Start\Programma's\Opstarten\
      Philips Media Manager.lnk - C:\Program Files\philips\Media Manager\Philips Media Manager.exe [2007-09-14 22:11:37 136704]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-23 23:45:18 671744]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoResolveSearch"= 1 (0x1)

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ntlanui32]
      ntlanui32.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=wbsys.dll

      SafeBoot register sleutel dient gerepareerd. Deze PC kan niet opstarten in Veilige Modus.

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
      @="Driver Group"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
      @="DiskDrive"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
      @="Hdc"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
      @="Keyboard"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
      @="Mouse"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
      @="System"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
      @="Volume"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
      "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      "HPHUPD05"=c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      "Advanced WindowsCare V2 Pro"="C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
      "RemoteControl"=C:\WINDOWS\system32\rmctrl.exe


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77da8bc4-e45a-11db-811c-0013d49b2d3b}]
      \Shell\AutoRun\command - G:\setup.exe

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-18 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
      - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
      "2008-01-18 16:15:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
      - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
      "2008-01-16 15:44:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-01-21 13:57:01 C:\WINDOWS\Tasks\HP Usg Daily.job"
      - c:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-21 17:59:31
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\DUMeterSvc]
      "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
      -> C:\Program Files\TopDesk\topdesk.dll
      -> C:\Program Files\Atomic Alarm Clock\Clock.dll
      -> C:\Program Files\Unlocker\UnlockerHook.dll
      .
      Voltooingstijd: 2008-01-21 18:03:02 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-01-21 17:02:47
      .
      2007-09-12 15:47:15 --- E O F ---

      Comment


      • #4
        Download dit bestand: SafeBoot.zip
        Unzip het en dubbelklik op SafeBoot.reg
        Geef toestemming om de wijzigingen aan het register toe te voegen.

        Maak een nieuw logje met Combofix en post dat, vertel ook of er nog problemen zijn

        Comment


        • #5
          Allereerst, bedankt voor je expertise !

          Er is iets gequarantained en sindsdien kan ik AVG weer installeren !
          Ook de anti-spyware software scant nu tot het einde en verwijderd de gevonden opjecten. Alleen kreeg ik bij AVG wel nog een of andere serialmelding op het einde van de installatie, maar de virusscanner werkt gewoon. Ook werken een of twee ad/spyware apps niet meer, maar die zal ik eens opnieuw installeren...

          Ik denk dat je het al heel snel opgelost hebt en hoop dan ook dan je niet meer te veel crap in dit logje vind...

          Nogmaals bedankt !

          Ceriel


          ComboFix 08-01-20.1 - Ceriel 2008-01-21 18:29:01.2 - NTFSx86

          Gestart vanuit: C:\Documents and Settings\Ceriel\Bureaublad\ComboFix.exe

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))
          .

          2008-01-21 17:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-18 21:51 . 2008-01-18 23:26 247,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
          2008-01-18 21:51 . 2008-01-18 23:26 12,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
          2008-01-18 21:51 . 2008-01-18 21:51 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
          2008-01-18 21:51 . 2008-01-18 21:51 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
          2008-01-18 21:25 . 2008-01-18 21:26 <DIR> d-------- C:\Program Files\XPRepairPro2006
          2008-01-18 21:09 . 2008-01-18 21:23 <DIR> d-------- C:\Program Files\RegistryFix
          2008-01-18 20:02 . 2008-01-18 20:02 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
          2008-01-18 20:01 . 2007-10-03 09:33 194,888 --a------ C:\WINDOWS\Unwash6.exe
          2008-01-18 19:57 . 2008-01-18 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
          2008-01-18 19:56 . 2008-01-21 08:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
          2008-01-18 19:56 . 2008-01-18 19:56 <DIR> d-------- C:\Documents and Settings\Ceriel\Application Data\SUPERAntiSpyware.com
          2008-01-18 16:41 . 2002-08-18 18:43 794,624 --a------ C:\WINDOWS\system32\spr32d35.dll
          2008-01-18 16:30 . 2008-01-18 16:43 <DIR> d-------- C:\Program Files\Punch! Home Design - AS4000
          2008-01-18 16:15 . 2008-01-18 16:15 <DIR> d-------- C:\Program Files\IMSI
          2008-01-17 22:25 . 2008-01-17 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
          2008-01-14 18:59 . 2008-01-21 18:27 <DIR> dr-h----- C:\Documents and Settings\Ceriel\Onlangs geopend
          2008-01-13 13:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
          2008-01-13 13:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
          2008-01-12 13:53 . 2008-01-15 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-01-12 11:07 . 2008-01-12 11:07 <DIR> d-------- C:\WINDOWS\Internet Logs
          2008-01-12 10:54 . 2008-01-12 10:54 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-12 00:40 . 2008-01-12 00:43 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
          2008-01-12 00:29 . 2008-01-12 00:29 <DIR> d-------- C:\Program Files\CCleaner
          2008-01-12 00:15 . 2008-01-12 00:15 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
          2008-01-12 00:12 . 2008-01-12 00:44 <DIR> d-------- C:\Program Files\McAfee
          2008-01-12 00:11 . 2008-01-12 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
          2008-01-11 23:59 . 2008-01-11 23:59 <DIR> d-------- C:\Program Files\Common Files\Panda Software
          2008-01-11 21:08 . 2008-01-15 22:30 <DIR> d-------- C:\Program Files\Spyware Doctor
          2008-01-11 21:08 . 2008-01-11 21:08 <DIR> d-------- C:\Documents and Settings\Ceriel\Application Data\PC Tools
          2008-01-11 21:08 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
          2008-01-11 21:08 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
          2008-01-11 21:08 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
          2008-01-11 21:08 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
          2008-01-11 21:07 . 2008-01-18 20:02 <DIR> d-------- C:\Program Files\Webroot
          2008-01-11 21:07 . 2008-01-11 21:07 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
          2008-01-11 21:07 . 2008-01-18 20:02 <DIR> d-------- C:\Documents and Settings\Ceriel\Application Data\Webroot
          2008-01-11 21:07 . 2008-01-18 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
          2008-01-11 21:07 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
          2008-01-11 21:07 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
          2008-01-11 21:07 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
          2008-01-11 21:07 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
          2008-01-11 17:32 . 2008-01-12 13:08 <DIR> d-------- C:\Program Files\SpywareBlaster
          2008-01-04 18:26 . 2008-01-04 18:26 <DIR> d-------- C:\Documents and Settings\Ceriel\Application Data\OtakuSoftware
          2008-01-04 18:20 . 2008-01-11 21:09 <DIR> d-------- C:\Program Files\DeskSpace
          2008-01-02 12:20 . 2008-01-19 09:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
          2008-01-02 12:20 . 2008-01-02 12:20 1,409 --a------ C:\WINDOWS\QTFont.for
          2007-12-31 19:10 . 2008-01-19 12:21 <DIR> d-------- C:\Program Files\OfflineList 0.7.2
          2007-12-30 18:09 . 2007-12-30 18:09 <DIR> d-------- C:\Program Files\Common Files\xing shared
          2007-12-28 15:23 . 2007-03-05 22:23 17,920 --a------ C:\WINDOWS\system32\patch.exe
          2007-12-28 15:22 . 2007-12-28 15:22 <DIR> d-------- C:\Program Files\Astro Gemini Software
          2007-12-28 15:20 . 2007-12-28 15:20 <DIR> d-------- C:\Documents and Settings\Ceriel\Application Data\River Past G4
          2007-12-27 17:07 . 2008-01-18 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\River Past G4
          2007-12-27 17:06 . 2007-12-27 17:06 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
          2007-12-27 15:43 . 2008-01-12 00:40 <DIR> d-------- C:\Documents and Settings\Ceriel\Application Data\URSoft
          2007-12-27 15:43 . 2008-01-21 17:59 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
          2007-12-23 20:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
          2007-12-23 20:53 . 2007-12-23 20:53 <DIR> d-------- C:\Program Files\Common Files\Java

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-21 17:28 --------- d-----w C:\Program Files\eMule
          2008-01-19 11:42 --------- d-----w C:\Program Files\Totalcmd
          2008-01-19 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
          2008-01-19 10:06 --------- d-----w C:\Program Files\Winamp
          2008-01-18 22:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
          2008-01-15 21:11 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
          2008-01-14 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-13 17:24 --------- d-----w C:\Program Files\Belastingdienst
          2008-01-12 12:53 --------- d-----w C:\Program Files\Lavasoft
          2008-01-12 11:14 --------- d-----w C:\Program Files\Hitman Pro
          2008-01-11 22:29 --------- d-----w C:\Program Files\SightSpeed
          2008-01-10 17:26 --------- d-----w C:\Documents and Settings\Ceriel\Application Data\Corel
          2008-01-02 11:58 --------- d-----w C:\Program Files\SBSH
          2007-12-30 17:09 --------- d-----w C:\Program Files\Common Files\Real
          2007-12-29 16:34 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
          2007-12-23 19:54 --------- d-----w C:\Program Files\Java
          2007-12-18 16:01 --------- d-----w C:\Program Files\Nero
          2007-12-18 16:00 --------- d-----w C:\Program Files\Common Files\Nero
          2007-12-18 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
          2007-12-18 15:52 --------- d-----w C:\Program Files\Atomic Alarm Clock
          2007-12-17 22:28 37,270 ----a-w C:\WINDOWS\system32\OggDSUninst.exe
          2007-12-16 16:05 3,600 ----a-w C:\WINDOWS\ssconf2.bin
          2007-12-15 20:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-15 20:50 --------- d-----w C:\Program Files\Rail Simulator
          2007-12-15 16:15 --------- d-----w C:\Program Files\dvdSanta
          2007-12-15 16:15 --------- d-----w C:\Program Files\DivX
          2007-12-15 15:14 --------- d-----w C:\Program Files\AviSynth 2.5
          2007-12-12 09:49 --------- d-----w C:\Program Files\Windows Media Components
          2007-12-12 09:31 --------- d-----w C:\Program Files\Haali
          2007-12-10 19:54 --------- d-----w C:\Program Files\M&T Paris
          2007-12-07 22:02 --------- d-----w C:\Program Files\Microsoft ActiveSync
          2007-12-07 20:11 --------- d-----w C:\Program Files\Sudoku - Tied Up & Bound
          2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
          2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
          2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
          2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
          2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
          2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\QT-DX331.dll
          2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
          2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
          2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
          2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
          2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
          2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
          2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
          2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
          2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
          2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
          2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
          2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
          2007-11-25 16:06 --------- d-----w C:\Program Files\Common Files\Adobe
          2007-11-24 10:14 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
          2007-11-24 10:14 --------- d--h--r C:\Documents and Settings\Ceriel\Application Data\SecuROM
          2007-04-22 10:58 88 --sh--r C:\WINDOWS\system32\D27975C176.sys
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
          "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]
          "SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-11-04 17:29 514048]
          "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2007-10-15 15:19 2582288]
          "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29 220544]
          "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 22:52 476702]
          "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
          "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42 585728]
          "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
          "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-05 10:51 491520]
          "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 19:51 176128]
          "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]
          "TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-02-05 21:00 195584]
          "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34 213936]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
          "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
          "RegistryMechanic"=""
          "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

          C:\Documents and Settings\Ceriel\Menu Start\Programma's\Opstarten\
          Philips Media Manager.lnk - C:\Program Files\philips\Media Manager\Philips Media Manager.exe [2007-09-14 22:11:37 136704]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-23 23:45:18 671744]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "EnableLUA"= 0 (0x0)

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
          "NoResolveSearch"= 1 (0x1)

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ntlanui32]
          ntlanui32.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
          "AppInit_DLLs"=wbsys.dll

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
          "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
          "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
          "HPHUPD05"=c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          "Advanced WindowsCare V2 Pro"="C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
          "RemoteControl"=C:\WINDOWS\system32\rmctrl.exe


          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77da8bc4-e45a-11db-811c-0013d49b2d3b}]
          \Shell\AutoRun\command - G:\setup.exe

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-18 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
          - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
          "2008-01-18 16:15:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
          - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
          "2008-01-16 15:44:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-01-21 13:57:01 C:\WINDOWS\Tasks\HP Usg Daily.job"
          - c:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-21 18:32:38
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************

          [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\DUMeterSvc]
          "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
          -> C:\Program Files\Unlocker\UnlockerHook.dll
          -> C:\Program Files\TopDesk\topdesk.dll
          -> C:\Program Files\Atomic Alarm Clock\Clock.dll
          .
          Voltooingstijd: 2008-01-21 18:34:21
          ComboFix-quarantined-files.txt 2008-01-21 17:34:00
          ComboFix2.txt 2008-01-21 17:03:03
          .
          2007-09-12 15:47:15 --- E O F ---

          Comment


          • #6
            Logje ziet er goed uit

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Als je geen problemen meer ondervindt dan denk ik dat we klaar zijn

            Comment


            • #7
              Wederom

              Heb alles gedaan zoals beschreven, alleen werkte het uninstallen van de Combofix niet, maar ik moet nog ns proberen om daar de goeie directory bij te vermelden, aangezien ik deze op het bureaublad had gezet.

              Verder zal dit hopelijk wel betekenen dat ik weer "clean" ben, of beter, mijn pc dan....

              Nogmaals bedankt en hopelijk niet tot later in een soortgelijk geval

              Comment


              • #8
                Graag gedaan hoor, fijn te horen dat alles weer OK is

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X