Schopje.

Download Combofix naar je bureaublad

Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.

Dit is een logje nadat ik hier de HJT-log had gepost, ik was een beetje ongeduldig

ComboFix 08-01-18.3 - Steven 2008-01-18 18:32:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1582 [GMT 1:00]
Running from: C:\Documents and Settings\Steven\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\jhfshkqn.ini
C:\WINDOWS\system32\jkkihif.dll
C:\WINDOWS\system32\kxwadtwm.dll
C:\WINDOWS\system32\nqkhsfhj.dll
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini2

.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-18 15:39 . 2008-01-18 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-18 02:28 . 2008-01-18 02:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-18 01:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 01:14 . 2008-01-18 01:16 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-01-18 01:13 . 2008-01-18 01:16 <DIR> d-------- C:\Program Files\d2mp
2008-01-18 01:00 . 2008-01-18 01:00 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys
2008-01-15 20:09 . 2008-01-15 20:09 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-15 14:45 . 2008-01-15 14:45 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\InstallShield Installation Information
2008-01-15 14:29 . 2008-01-15 14:29 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-01-15 14:29 . 2008-01-15 14:29 <DIR> d-------- C:\Program Files\Unreal Tournament 3
2008-01-15 14:29 . 2008-01-15 14:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-15 14:29 . 2008-01-15 14:29 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-01-14 16:42 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-01-14 16:32 . 2008-01-14 19:04 <DIR> d-------- C:\Program Files\The Witcher
2008-01-12 02:29 . 2008-01-13 19:30 <DIR> d-------- C:\Program Files\The Witcher Demo
2008-01-11 14:37 . 2008-01-11 14:37 <DIR> d-------- C:\Program Files\LucasArts
2008-01-11 14:36 . 2008-01-18 01:13 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-09 23:49 . 2008-01-10 17:55 23 --a------ C:\WINDOWS\popcinfot.dat
2008-01-09 17:39 . 2008-01-09 17:39 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-08 21:38 . 2008-01-08 21:38 <DIR> d---s---- C:\Documents and Settings\Steven\UserData
2008-01-07 23:20 . 2008-01-07 23:20 <DIR> d-------- C:\Program Files\CCleaner
2008-01-07 15:04 . 2008-01-07 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-01-07 14:48 . 2008-01-07 14:48 <DIR> d-------- C:\Program Files\Ubisoft
2008-01-06 20:16 . 2008-01-06 23:02 <DIR> d-------- C:\Program Files\HL2 ep
2008-01-05 17:41 . 2008-01-08 21:52 <DIR> d-------- C:\Program Files\SEGA
2008-01-05 15:23 . 2008-01-05 16:05 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-05 15:23 . 2008-01-05 16:05 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-05 14:14 . 2008-01-05 14:14 <DIR> d--h----- C:\Program Files\Creative Installation Information
2008-01-05 01:40 . 2008-01-05 01:40 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\TransRender
2008-01-05 01:40 . 2008-01-07 20:26 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\Temporary
2008-01-05 01:40 . 2008-01-05 01:40 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\Samsung
2008-01-05 01:40 . 2008-01-07 20:28 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\ConvertTemp
2008-01-05 01:21 . 2008-01-05 01:21 <DIR> d-------- C:\Program Files\Samsung
2008-01-05 01:08 . 2008-01-05 01:08 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\AVSMedia
2008-01-05 01:08 . 2008-01-05 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-01-05 01:07 . 2008-01-18 01:16 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-01-05 01:07 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-01-05 00:46 . 2008-01-05 00:55 <DIR> d-------- C:\Program Files\My Video Converter
2008-01-05 00:46 . 2008-01-05 00:50 67 --a------ C:\WINDOWS\My Video Converter.INI
2008-01-04 15:17 . 2008-01-04 15:18 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-03 01:25 . 2007-03-21 07:49 16,126,464 -ra------ C:\WINDOWS\Rthdcpl.exe.xpize
2008-01-03 01:25 . 2005-09-21 03:25 299,008 -ra------ C:\WINDOWS\system32\Alsndmgr.cpl.xpize
2008-01-03 01:25 . 2006-08-17 23:58 282,624 -ra------ C:\WINDOWS\system32\Rtsndmgr.cpl.xpize
2008-01-03 01:25 . 2006-07-21 09:14 86,016 -ra------ C:\WINDOWS\Soundman.exe.xpize
2008-01-03 01:23 . 2004-08-04 13:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-01-02 16:51 . 2008-01-05 16:02 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-02 16:51 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-02 16:49 . 2008-01-05 16:20 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2007-12-27 14:58 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-27 14:58 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-22 11:56 . 2007-12-22 11:56 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\DivX
2007-12-22 02:08 . 2007-12-22 02:08 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-22 02:08 . 2007-12-22 02:08 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\vlc
2007-12-21 15:17 . 2007-12-21 15:17 <DIR> d-------- C:\Program Files\DivX
2007-12-21 14:36 . 2008-01-06 18:03 23 --a------ C:\WINDOWS\BlendSettings.ini
2007-12-20 16:58 . 2007-12-20 16:58 <DIR> d-------- C:\Program Files\THQ
2007-12-18 17:46 . 2007-12-18 17:46 <DIR> d-------- C:\Program Files\Atari
2007-12-18 17:45 . 2007-12-18 18:23 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\DAEMON Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 14:45 --------- d-----w C:\Program Files\Steam
2008-01-18 00:36 --------- d-----w C:\Program Files\RivaTuner v2.06
2008-01-14 15:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 15:11 --------- d-----w C:\Program Files\Creative
2007-12-21 13:27 --------- d-----w C:\Program Files\Bethesda Softworks
2007-12-18 17:26 --------- d-----w C:\Documents and Settings\Steven\Application Data\Bioshock
2007-12-18 16:41 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-17 16:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-17 16:10 22,328 ----a-w C:\Documents and Settings\Steven\Application Data\PnkBstrK.sys
2007-12-17 15:45 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-12-15 20:36 --------- d-----w C:\Program Files\SpeedFan
2007-12-15 15:03 --------- d-----w C:\Program Files\Java
2007-12-15 15:03 --------- d-----w C:\Documents and Settings\Steven\Application Data\SystemRequirementsLab
2007-12-15 15:02 --------- d-----w C:\Program Files\Common Files\Java
2007-12-05 09:18 --------- d-----w C:\Program Files\Lexmark 510 Series
2007-12-04 21:43 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-04 21:43 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-04 21:28 --------- d-----w C:\Documents and Settings\Steven\Application Data\DAEMON Tools Pro
2007-12-04 17:02 --------- d-----w C:\Program Files\MSBuild
2007-12-04 17:02 --------- d-----w C:\Program Files\Microsoft Works
2007-12-04 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-04 17:01 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-04 11:19 --------- d-----w C:\Program Files\Sierra Entertainment
2007-12-04 11:19 --------- d-----w C:\Documents and Settings\Steven\Application Data\InstallShield
2007-12-03 20:21 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-02 20:42 --------- d-----w C:\Program Files\Intel Corporation
2007-12-01 23:49 --------- d-----w C:\Documents and Settings\Steven\Application Data\Creative
2007-12-01 16:18 --------- d--h--r C:\Documents and Settings\Steven\Application Data\SecuROM
2007-12-01 16:01 --------- d-----w C:\Program Files\HL Ep 1
2007-11-30 17:37 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-11-30 17:37 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-30 16:32 --------- d-----w C:\Program Files\Electronic Arts
2007-11-30 16:07 --------- d-----w C:\Program Files\MSN Messenger
2007-11-30 16:03 --------- d-----w C:\Program Files\BitLord
2007-11-30 15:04 --------- d-----w C:\Program Files\Lavalys
2007-11-30 14:59 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-30 14:32 --------- d-----w C:\Program Files\Sierra
2007-11-30 14:22 --------- d-----w C:\Program Files\Intel
2007-11-30 14:09 --------- d-----w C:\Program Files\Google
2007-11-30 13:46 --------- d-----w C:\Program Files\Siemens
2007-11-30 13:45 --------- d-----w C:\Program Files\Funk Software
2007-11-30 13:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-30 13:45 --------- d-----w C:\Program Files\Common Files\Funk Software
2007-11-30 13:40 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-30 13:40 --------- d-----w C:\Program Files\Realtek
2007-11-30 13:24 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 07:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-12 06:51 8523776]
"nwiz"="nwiz.exe" [2007-11-12 06:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-12 06:51 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2007-11-30 14:46:21]

R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-07-27 21:11]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 OdysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 18:40:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 18:44:04 - machine was rebooted [Steven]
ComboFix-quarantined-files.txt 2008-01-18 17:44:03
.
2008-01-15 19:13:13 --- E O F ---


en de verse HJT-Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:19, on 22-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Inspector File Recovery\filerecovery.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Steam\Steam.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - http://www.ea.com/images/games/crysis/img/wallpaper/wallpaper1680x1050.jpg

--
End of file - 4356 bytes

De meeste problemen zijn opgelost, alleen heb ik nu het probleem dat geen Antivirus wilt draaien zoals NOD32 en Spybot Search and Destroy.

Groetjes,
Steven

Download ATF Cleaner (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.

• Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
  
• Klik vervolgens op de toets Scan Settings.
  Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
  Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
  
• Klik dan op de toets OK.
  
• Start nu het scannen door op de tekst My Computer te klikken.
  
  
  Hou er rekening mee dat deze scan een tijdje in beslag neemt.
  
• Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
  Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

Post dit rapport in je volgende bericht.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 22, 2008 10:05:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/01/2008
Kaspersky Anti-Virus database records: 527121
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 143244
Number of viruses found: 4
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 01:08:02

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\cert8.db Object is locked skipped
C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\history.dat Object is locked skipped
C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\key3.db Object is locked skipped
C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\parent.lock Object is locked skipped
C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Steven\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Steven\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Steven\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Steven\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Steven\Local Settings\Application Data\Mozilla\Firefox\Profiles\rn5izwup.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Steven\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Steven\Local Settings\History\History.IE5\MSHist012008012220080123\index.dat Object is locked skipped
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Steven\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Steven\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_16.DVD(AAC)[KAA][044EA07C].avi.bc! Object is locked skipped
C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_17.DVD(AAC)[KAA][E0060F5D].avi.bc! Object is locked skipped
C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_18.DVD(AAC)[KAA][6D19DE13].avi.bc! Object is locked skipped
C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_20.DVD(AAC)[KAA][A91BA3B1].avi.bc! Object is locked skipped
C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_22.DVD(AAC)[KAA][E6140F69].avi.bc! Object is locked skipped
C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_23.DVD(AAC)[KAA][20451956].avi.bc! Object is locked skipped
C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_24.DVD(AAC)[KAA][B88973A0].avi.bc! Object is locked skipped
C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_25.DVD(AAC)[KAA][2F1B0A73].avi.bc! Object is locked skipped
C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_35.DVD(AAC)[KAA][D8E288DC].avi.bc! Object is locked skipped
C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_38.DVD(AAC)[KAA][A38DF978].avi.bc! Object is locked skipped
C:\Program Files\BitLord\Downloads\[KAA]_FullMetal_Alchemist_01-51.DVD(complete)\Fullmetal_Alchemist_42.DVD(H264.AAC)[KAA][713E51AF].mkv.bc! Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\E1EH3TAA.NQF Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\ESET\infected\PCIJXCDA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\Program Files\ESET\infected\PHOYVWBA.NQF Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\steamapps\base source engine 2.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\counter-strike source client.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\counter-strike source shared.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source engine.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source materials.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source models.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source sounds.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\sourceinit.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kxwadtwm.dll.vir Object is locked skipped
C:\QooBox\Quarantine\catchme2008-01-18_184042.90.zip/jkkihif.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dqa skipped
C:\QooBox\Quarantine\catchme2008-01-18_184042.90.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4483D05F-D9A8-44DC-AD79-D2090077D549}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Prima, hoe is het inmiddels met je problemen?

Ik kan nog steeds niet NOD32 opstarten, maar ik zal hem eens opnieuw installeren. Nadat ik combofix had gedraaid was alles een stuk sneller en reageerde alles weer vlot. Ik zal nu eens NOD32 herinstalleren en dan zal ik laten weten of alles werkt.

Zeer bedankt voor alle hulp.

Groetjes,
Steven.

Ik hoor het dan wel

Ik heb NOD gisteren geinstalleerd en heb werkt allemaal naar behoren.

Nogmaals bedankt,
Steven.

Mooi zo, doe het volgende nog even:


Deinstalleer Combofix:
Ga naar start --> uitvoeren en typ daar: combofix /u
Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

Download ATF Cleaner (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.