Mededeling

Collapse
No announcement yet.

IE sluit spontaan af

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • IE sluit spontaan af

    Hallo,
    Ik heb ergens in dit forum hetzelfde prbleem al gelezen maar daar haalde ik voor mij niet de oplossing uit. Het probleem is dat IE spontaan afsluit zonder foutmelding oid. Ik heb allerlei antivirusscans en spywareprgramma's al laten draaien, ook online scans. Het helpt allemaal niet. Hierbij mijn log. Kan iemand mij helpen?

    Alvast bedankt
    René

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:15:16, on 1-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trust keyboard utility\1.0\KbdAp32A.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\PROGRA~1\CA\ETRUST~2\realmon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WL-142 Wireless Network Utility\WLANUTL.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Startup Inspector for Windows\Startup Monitor\StartMonPrj.exe
    C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
    C:\WINDOWS\ie7\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Private Folder 1.0\ShellHelper.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by126w.bay126.mail.live.com/mail/mail.aspx?n=1218843065&gs=true&wa=wsignin1.0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
    O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Usersys\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [FLMTRUSTKB] C:\Program Files\Trust keyboard utility\1.0\KbdAp32A.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~2\realmon.exe -s
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [StartupMonitor] C:\Program Files\Startup Inspector for Windows\Startup Monitor\StartMonPrj.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: WL-142 Wireless Network Utility.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll/search.htm
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/229?768d6b10676141d98760f96379648e25
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/230?768d6b10676141d98760f96379648e25
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.avsystemcare.com
    O15 - Trusted Zone: http://*.billingnow.com
    O15 - Trusted Zone: http://*.reliablestats.com
    O15 - Trusted Zone: http://*.winantispyware.com
    O15 - Trusted Zone: http://*.winantivirus.com
    O15 - Trusted Zone: http://*.winantiviruspro.com
    O15 - Trusted Zone: http://*.winnanny.com
    O15 - Trusted Zone: http://*.winsoftware.com
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://82.93.95.208:8181/SysCamInst.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3CCBC31B-7A32-43AE-BCF4-176D541BBBF6} (AxPhotoStudioNET Control) - http://nl.samsungmobile.com/play/photo/album_nld.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.nl/s/v/16.26/uploader2.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/en/SysWebTelecomInt.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138525653296
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://deharde.demon.nl/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/SITE/xupload/XUpload.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5110/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 13209 bytes

  • #2
    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O15 - Trusted Zone: http://*.avsystemcare.com
    O15 - Trusted Zone: http://*.billingnow.com
    O15 - Trusted Zone: http://*.reliablestats.com
    O15 - Trusted Zone: http://*.winantispyware.com
    O15 - Trusted Zone: http://*.winantivirus.com
    O15 - Trusted Zone: http://*.winantiviruspro.com
    O15 - Trusted Zone: http://*.winnanny.com
    O15 - Trusted Zone: http://*.winsoftware.com
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/en...TelecomInt.cab


    Klik daarna op "Fix checked" en sluit HijackThis af.

    Verwijder alle bestanden in de map c:\windows\prefetch
    Opruiming van cookies en tijdelijke internetbestanden:
    Sluit alle open vensters van Internet Explorer.
    Ga naar Start en klik op "Configuratiescherm" en dubbelklik op "Internet-opties".
    Het venster "Eigenschappen voor Internet" zal openen.
    Ga naar het tabblad "Algemeen".
    Bij "Browsergeschiedenis" klik je op de knop "Verwijderen".
    Een nieuw venster zal open: Browsergeschiedenis verwijderen.
    Klik onderaan op de knop "Alles verwijderen". In het venster dat nu opent plaats je een vinkje bij "Ook bestanden en instellingen die door invoegtoepassingen zijn opgeslagen, verwijderen".
    Klik op Ja.
    Dit verwijdert de tijdelijke internetbestanden, de cookies, de surfgeschiedenis, de opgeslagen informatie die je in formulieren hebt opgegeven en de opgeslagen wachtwoorden die automatisch worden ingevuld als je je aanmeldt bij een website die je eerder hebt bezocht.
    Indien je deze laatste 2 (formuliergegevens en wachtwoorden) liever niet verwijderd, dan klik je niet op alles verwijderen maar enkel op deze:
    - bij Tijdelijke internetbestanden op Bestanden verwijderen.
    - bij Cookies op Cookies verwijderen.
    - bij Geschiedenis op Geschiedenis verwijderen.

    Blokkeer ook nog de indirecte of third party cookies:
    Op het tabblad Privacy klik je op de knop geavanceerd.
    Plaats een vinkje bij "Automatische cookie-verwerking opheffen".
    Bij Directe cookies zorg je dat "Accepteren" aangeduid is.
    Bij Indirecte cookies kies je voor "Blokkeren".
    Klik op OK.
    Wanneer dit gebeurd is, sluit je het venster "Eigenschappen voor Internet".

    Opruiming van andere tijdelijke mappen en de prullenbak leegmaken:
    Sluit alle open vensters.
    Ga naar Start, kies Uitvoeren en tik in: cleanmgr
    Druk daarna op OK en Schijfopruiming zal gestart worden.
    Indien je meerdere partities hebt kies je de partitie waarop Windows geïnstalleerd is.
    Laat nu je systeem scannen op bestanden die verwijderd kunnen worden.
    Wanneer het overzicht verschijnt zorg je dat enkel de volgende items aangevinkt zijn:
    - Tijdelijke internetbestanden
    - Prullenbak
    - Tijdelijke bestanden
    Klik daarna op OK.

    Herstart de computer.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.

    Comment


    • #3
      IE sluit spontaan af

      Marckie,

      Geweldig dat je alles zo minutieus voor me uitspelt, ik had er anders echt niet uitgekomen. Ik heb alles stap voor stap uitgevoerd en hier is het nieuwe log

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:55:08, on 2-2-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\cisvc.exe
      C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
      C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trust keyboard utility\1.0\KbdAp32A.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\WINDOWS\system32\hphmon05.exe
      C:\PROGRA~1\CA\ETRUST~2\realmon.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
      C:\Program Files\Startup Inspector for Windows\Startup Monitor\StartMonPrj.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\WL-142 Wireless Network Utility\WLANUTL.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by126w.bay126.mail.live.com/mail/mail.aspx?n=1218843065&gs=true&wa=wsignin1.0
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
      O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Usersys\SPYBOT~1\SDHelper.dll
      O4 - HKLM\..\Run: [FLMTRUSTKB] C:\Program Files\Trust keyboard utility\1.0\KbdAp32A.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
      O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~2\realmon.exe -s
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [StartupMonitor] C:\Program Files\Startup Inspector for Windows\Startup Monitor\StartMonPrj.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O4 - Global Startup: WL-142 Wireless Network Utility.lnk = ?
      O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll/search.htm
      O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/229?768d6b10676141d98760f96379648e25
      O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/230?768d6b10676141d98760f96379648e25
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
      O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://82.93.95.208:8181/SysCamInst.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {3CCBC31B-7A32-43AE-BCF4-176D541BBBF6} (AxPhotoStudioNET Control) - http://nl.samsungmobile.com/play/photo/album_nld.cab
      O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.nl/s/v/16.26/uploader2.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138525653296
      O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
      O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://deharde.demon.nl/tsweb/msrdp.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
      O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
      O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/SITE/xupload/XUpload.ocx
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5110/mcfscan.cab
      O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13.hotmail.msn.com/activex/HMAtchmt.ocx
      O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
      O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
      O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      --
      End of file - 11856 bytes

      Comment


      • #4
        Dit ziet er al beter uit.

        Scan de computer met een geupdate Ad-Aware 2007. Instructies vind je hier.
        Deze scan doe je bij voorkeur in veilige modus.
        Laat Ad-Aware 2007 verwijderen wat het vindt aan geïnfecteerde bestanden of malware gerelateerde registersleutels.

        Laat daarna weten of er nog problemen zijn.

        Comment


        • #5
          IE sluit spontaan af

          Het probleem met IE wordt steeds groter, het lijkt erop dat juist het linken naar volgende sites niet meer lukt. Explorer blokkeert en het lijkt erop dat er op de achtergrond wat gebeurt. Ik weet niet of het ermee te maken heeft of dat het sowieso wat voorstelt maar binnen taakbeheer zie je dat het CPU gebruik grote sprongen maakt op momenten dat Explorer schakelt. Ik krijg echter alleen maar blanco schermen te zien. Ik kan dan alleen maar via taakbeheer afsluiten. Ook jouw link "hier" voor Ad-Aware kon ik niet openen. Toch heb ik AdAware 2007 gedownload en daarna ook nog de updates. In de veilige modes heb ik een volledige scan gedraaid. AdAware vond inderdaad wat infecties waaronder een Trojan. Ongelofelijk eigenlijk na alle scans die ik al gedraaid had. Helaas is het probleem niet verholpen, IE sluit nog steeds spontaan af en blokkeert bij doorlinken.
          Is er nog iets wat ik kan proberen?

          Comment


          • #6
            Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
            Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
            Als het tooltje klaar is, opent er een logfile (combofix.txt).
            Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

            Comment


            • #7
              Hier is het log van Combofix

              ComboFix 08-02.03.1 - René 2008-02-03 11:30:24.1 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.193 [GMT 1:00]
              Gestart vanuit: C:\Downloads\ComboFix.exe
              * Nieuw herstelpunt werd aangemaakt

              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\Documents and Settings\All Users\Application Data\salesmonitor
              C:\Documents and Settings\René.FRITSCHY.000\Application Data\printer.exe
              C:\Program Files\Common Files\companion wizard
              C:\Program Files\Common Files\companion wizard\compwiz.exe
              C:\WINDOWS\Downloaded Program Files\egauth.inf
              C:\WINDOWS\Fonts\acrsecB.fon
              C:\WINDOWS\Fonts\acrsecI.fon

              .
              (((((((((((((((((((( Bestanden Gemaakt van 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))
              .

              2008-02-03 08:19 . 2008-02-03 08:19 189,984 --a------ C:\WINDOWS\expls.exe
              2008-02-02 22:30 . 2008-02-02 22:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
              2008-02-02 22:23 . 2008-02-02 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
              2008-02-01 22:14 . 2008-02-01 22:14 <DIR> d-------- C:\Program Files\Trend Micro
              2008-02-01 18:03 . 2008-02-01 18:29 1,355 --a------ C:\WINDOWS\imsins.BAK
              2008-02-01 09:17 . 2008-02-03 10:51 <DIR> dr-h----- C:\Documents and Settings\René.FRITSCHY.000\Onlangs geopend
              2008-02-01 09:17 . 2008-02-03 10:51 <DIR> dr-h----- C:\Documents and Settings\René.FRITSCHY.000\Onlangs geopend
              2008-02-01 09:10 . 2008-02-03 11:19 5,696 --a------ C:\WINDOWS\rules.dat
              2008-02-01 09:07 . 2008-02-01 09:07 49,409 --a------ C:\WINDOWS\trashicon.exe
              2008-02-01 09:07 . 2008-02-02 08:51 29,696 --a------ C:\WINDOWS\wndsk.dll
              2008-01-26 11:00 . 2008-01-26 11:00 <DIR> d-------- C:\Program Files\Autorun
              2008-01-26 10:36 . 2008-01-26 10:36 <DIR> d-------- C:\Program Files\System Vault
              2008-01-26 10:23 . 2008-01-26 10:23 <DIR> d-------- C:\Program Files\FreeRIP3
              2008-01-08 22:32 . 2008-02-01 15:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
              2008-01-08 22:32 . 2008-01-08 22:32 1,409 --a------ C:\WINDOWS\QTFont.for
              2008-01-08 22:27 . 2008-01-12 17:53 9,264 --a------ C:\logfile
              2008-01-08 22:25 . 2008-01-08 22:25 <DIR> d-------- C:\Program Files\Common Files\Kodak
              2008-01-08 22:22 . 2008-01-08 22:26 <DIR> d-------- C:\Program Files\Kodak
              2008-01-08 22:15 . 2008-01-08 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
              2008-01-07 11:27 . 2008-01-07 11:27 <DIR> d-------- C:\Documents and Settings\Bianca.FRITSCHY\Application Data\ICQ Toolbar

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-02-03 09:39 --------- d-----w C:\Program Files\SpywareGuard
              2008-02-03 09:36 --------- d-----w C:\Program Files\regclean
              2008-02-03 07:21 --------- d-----w C:\Program Files\SpywareBlaster
              2008-02-02 21:24 --------- d-----w C:\Program Files\Lavasoft
              2008-02-02 21:24 --------- d-----w C:\Documents and Settings\René.FRITSCHY.000\Application Data\Lavasoft
              2008-02-02 21:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
              2008-02-02 14:41 35,814 ----a-w C:\Documents and Settings\René.FRITSCHY.000\Application Data\wklnhst.dat
              2008-02-02 11:35 --------- d-----w C:\Program Files\Google
              2008-02-02 07:36 46,048 ----a-w C:\Documents and Settings\Bianca.FRITSCHY\Application Data\wklnhst.dat
              2008-02-01 12:00 --------- d-----w C:\Documents and Settings\René.FRITSCHY.000\Application Data\wsInspector
              2008-01-20 15:40 --------- d-----w C:\Program Files\ICQToolbar
              2008-01-12 10:18 --------- d-----w C:\Documents and Settings\René.FRITSCHY.000\Application Data\Canon
              2007-12-27 18:14 --------- d-----w C:\Program Files\Unlocker
              2007-12-27 18:14 --------- d-----w C:\Program Files\Spyware Doctor
              2007-12-27 10:21 --------- d-----w C:\Program Files\Hitman Pro
              2007-12-27 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2007-12-27 09:42 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
              2007-12-27 09:42 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
              2007-12-27 09:40 --------- d-----w C:\Documents and Settings\René.FRITSCHY.000\Application Data\PC Tools
              2007-12-27 09:39 --------- d-----w C:\Program Files\Webroot
              2007-12-27 09:39 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
              2007-12-27 09:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
              2007-12-27 09:38 164 ----a-w C:\install.dat
              2007-12-27 09:38 --------- d-----w C:\Documents and Settings\René.FRITSCHY.000\Application Data\Webroot
              2007-12-27 09:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
              2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
              2007-12-09 12:48 --------- d-----w C:\Program Files\CCleaner
              2007-12-09 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
              2007-12-03 19:47 --------- d-----w C:\Documents and Settings\René.FRITSCHY.000\Application Data\ICQ
              2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
              2007-03-31 07:05 80,384 ----a-w C:\Documents and Settings\René.FRITSCHY.000\Application Data\GDIPFONTCACHEV1.DAT
              2007-03-12 15:45 13,330 ----a-w C:\Documents and Settings\Pamela.FRITSCHY\Application Data\wklnhst.dat
              2005-02-04 20:36 72,696 ----a-w C:\Documents and Settings\Pamela.FRITSCHY\Application Data\GDIPFONTCACHEV1.DAT
              2004-12-25 07:42 5,632 --sha-w C:\Program Files\Thumbs.db
              2004-09-29 17:22 72,696 ----a-w C:\Documents and Settings\Bianca.FRITSCHY\Application Data\GDIPFONTCACHEV1.DAT
              2004-09-28 13:56 56 --sh--r C:\WINDOWS\system32\ACCB63824F.sys
              2004-09-28 13:56 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
              "IE Privacy Keeper"="C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-12-03 14:52 1015808]
              "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
              "StartupMonitor"="C:\Program Files\Startup Inspector for Windows\Startup Monitor\StartMonPrj.exe" [2005-01-15 20:34 544768]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "FLMTRUSTKB"="C:\Program Files\Trust keyboard utility\1.0\KbdAp32A.exe" [2003-12-27 15:46 372224]
              "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 15:21 176128]
              "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-05 06:21 491520]
              "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~2\realmon.exe" [2004-04-06 16:14 504080]
              "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

              C:\Documents and Settings\Pamela.FRITSCHY\Menu Start\Programma's\Opstarten\
              Registration-InstantCopy.lnk - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 12:18:00 245760]

              C:\Documents and Settings\Bianca.FRITSCHY\Menu Start\Programma's\Opstarten\
              Registration-InstantCopy.lnk - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 12:18:00 245760]

              C:\Documents and Settings\Ren‚.FRITSCHY.000\Menu Start\Programma's\Opstarten\
              SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-11-21 14:53:14 262944]
              WL-142 Wireless Network Utility.lnk - C:\Program Files\WL-142 Wireless Network Utility\WLANUTL.exe [2005-08-09 18:38:56 3690496]

              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
              "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-11-21 14:50 233472]

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
              path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
              backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^René.FRITSCHY.000^Menu Start^Programma's^Opstarten^Registration-InstantCopy.lnk]
              path=C:\Documents and Settings\René.FRITSCHY.000\Menu Start\Programma's\Opstarten\Registration-InstantCopy.lnk
              backup=C:\WINDOWS\pss\Registration-InstantCopy.lnkStartup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMTRUSTMOUSE]
              --a------ 2003-12-27 15:44 429568 C:\Program Files\Trust mouse utility\1.0\mouse32a.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
              --a------ 2003-06-10 00:11 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestTrap]
              C:\Program Files\PestTrap\PestTrap.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
              --------- 2003-05-28 15:37 394240 C:\WINDOWS\System32\PSDrvCheck.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyQuake2.com]
              C:\Program Files\SpyQuake2.com\Spy-Quake2.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
              --a------ 2006-09-07 18:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
              "NVSvc"=2 (0x2)
              "MDM"=2 (0x2)
              "iPodService"=3 (0x3)
              "x10nets"=3 (0x3)
              "sdCoreService"=3 (0x3)
              "sdAuxService"=3 (0x3)
              "iPod Service"=3 (0x3)
              "CCALib8"=2 (0x2)
              "Apple Mobile Device"=2 (0x2)

              R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 17:29]
              R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 07:22]
              R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 07:04]
              R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2003-05-22 16:44]
              R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 07:47]
              S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 19:27]
              S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys [2003-03-26 13:40]
              S3 CA_LIC_CLNT;CA License Client;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 17:27]
              S3 CA_LIC_SRVR;CA License Server;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 17:41]
              S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys
              S3 PHIL142r;Philips Key Ring Wearable Audio Player (128 MB) Control Driver;C:\WINDOWS\system32\Drivers\PHIL142r.sys
              S3 sitwl142;Sitecom WL-142 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2005-03-01 18:50]
              S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-12-18 19:32]

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62f6b1f4-8530-11dc-90c4-000c7669ad0b}]
              \Shell\AutoRun\command - H:\InstallTomTomHOME.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{776e67b7-a277-11db-8f9e-000c7669ad0b}]
              \Shell\AutoRun\command - I:\LaunchU3.exe -a

              *Newly Created Service* - PCANDIS5
              .
              Inhoud van de 'Gedeelde Taken' map
              "2008-01-26 10:03:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
              - C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registr ation_7.4.20.2.sxt [email protected]
              "2008-02-03 09:36:03 C:\WINDOWS\Tasks\HP Usg Daily.job"
              - C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
              "2008-02-03 07:18:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
              - C:\Program Files\Windows Defender\MpCmdRun.exe
              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-02-03 11:35:11
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              Voltooingstijd: 2008-02-03 11:36:20
              ComboFix-quarantined-files.txt 2008-02-03 10:36:17
              .
              2008-02-01 17:42:27 --- E O F ---

              Comment


              • #8
                en hier is de nieuwe hijackthis log

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 11:39:54, on 3-2-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Windows Defender\MsMpEng.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Trust keyboard utility\1.0\KbdAp32A.exe
                C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
                C:\WINDOWS\system32\hphmon05.exe
                C:\PROGRA~1\CA\ETRUST~2\realmon.exe
                C:\Program Files\Windows Defender\MSASCui.exe
                C:\Program Files\QuickTime\qttask.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
                C:\WINDOWS\System32\cisvc.exe
                C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
                C:\Program Files\Startup Inspector for Windows\Startup Monitor\StartMonPrj.exe
                C:\Program Files\CA\eTrust Antivirus\InoRT.exe
                C:\Program Files\CA\eTrust Antivirus\InoTask.exe
                C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
                C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                C:\Program Files\WL-142 Wireless Network Utility\WLANUTL.exe
                C:\WINDOWS\system32\HPZipm12.exe
                C:\Program Files\Spyware Doctor\SDTrayApp.exe
                C:\Program Files\Microsoft Private Folder 1.0\ShellHelper.exe
                C:\Program Files\SpywareGuard\sgmain.exe
                C:\Program Files\SpywareGuard\sgbhp.exe
                C:\WINDOWS\system32\notepad.exe
                C:\WINDOWS\explorer.exe
                C:\WINDOWS\system32\notepad.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                C:\WINDOWS\system32\wuauclt.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by126w.bay126.mail.live.com/mail/mail.aspx?n=1218843065&gs=true&wa=wsignin1.0
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Usersys\SPYBOT~1\SDHelper.dll
                O4 - HKLM\..\Run: [FLMTRUSTKB] C:\Program Files\Trust keyboard utility\1.0\KbdAp32A.exe
                O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
                O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
                O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~2\realmon.exe -s
                O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
                O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                O4 - HKCU\..\Run: [StartupMonitor] C:\Program Files\Startup Inspector for Windows\Startup Monitor\StartMonPrj.exe
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
                O4 - Global Startup: WL-142 Wireless Network Utility.lnk = ?
                O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll/search.htm
                O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
                O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/229?768d6b10676141d98760f96379648e25
                O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/230?768d6b10676141d98760f96379648e25
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
                O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
                O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
                O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
                O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
                O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
                O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://82.93.95.208:8181/SysCamInst.cab
                O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
                O16 - DPF: {3CCBC31B-7A32-43AE-BCF4-176D541BBBF6} (AxPhotoStudioNET Control) - http://nl.samsungmobile.com/play/photo/album_nld.cab
                O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.nl/s/v/16.26/uploader2.cab
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
                O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
                O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138525653296
                O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
                O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
                O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
                O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://deharde.demon.nl/tsweb/msrdp.cab
                O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
                O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
                O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
                O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
                O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
                O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/SITE/xupload/XUpload.ocx
                O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5110/mcfscan.cab
                O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13.hotmail.msn.com/activex/HMAtchmt.ocx
                O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
                O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
                O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
                O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
                O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
                O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
                O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
                O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

                --
                End of file - 12026 bytes

                Comment


                • #9
                  Ga naar deze website: http://www.virustotal.com/en/indexf.html
                  Laat volgend bestandje scannen: C:\WINDOWS\expls.exe
                  Post het resultaat van de scan.

                  Doe dit ook voor: C:\WINDOWS\trashicon.exe


                  Hoe draait de computer nu?

                  Comment


                  • #10
                    Het wordt steeds lastiger om met IE te navigeren. Doorlinken lukt eigenlijk helemaal niet meer. Ik word er zo langzamerhand gek van om keer op keer de boel met taakbeheer te onderbreken en telkens alles opnieuw te moeten doen.

                    Nou goed, hier is het bestandje van EXPLS.EXE
                    Bestand expls.exe ontvangen op 2007.12.18 14:41:37 (CET)
                    Huidig status: Einde

                    Resultaat: 20/32 (62.50%)
                    Geformatteerd Resultaten afdrukken
                    Antivirus Versie Laatst geüpdatet Resultaat
                    AhnLab-V3 - - Win-Trojan/Downloader.199696
                    AntiVir - - -
                    Authentium - - -
                    Avast - - -
                    AVG - - Potentially harmful program WinFixer.AJC
                    BitDefender - - Trojan.Generic.73705
                    CAT-QuickHeal - - Downloader.WinFixer.au (Not a Virus)
                    ClamAV - - Adware.Fakealert-39
                    DrWeb - - Trojan.DownLoader.36408
                    eSafe - - -
                    eTrust-Vet - - -
                    Ewido - - Not-A-Virus.Downloader.Win32.WinFixer.au
                    FileAdvisor - - -
                    Fortinet - - -
                    F-Prot - - -
                    F-Secure - - -
                    Ikarus - - not-a-virusownloader.Win32.WinFixer.au
                    Kaspersky - - not-a-virusownloader.Win32.WinFixer.au
                    McAfee - - -
                    Microsoft - - TrojanDownloader:Win32/Renos
                    NOD32v2 - - Win32/Adware.AVSystemCare
                    Norman - - W32/WinFixer.ARO
                    Panda - - Application/AVSystemCare
                    Prevx1 - - LocusSoftware:Spyware-a
                    Rising - - Trojan.DL.Win32.WinFixer.au
                    Sophos - - SysKontroller System Repairer Downloader
                    Sunbelt - - LocusSoftware
                    Symantec - - Downloader.MisleadApp
                    TheHacker - - -
                    VBA32 - - Downloader.Win32.WinFixer.au
                    VirusBuster - - -
                    Webwasher-Gateway - - Riskware.Fake.Syscontrol
                    Extra informatie
                    MD5: d54ad27eeafdebdfa52957bd95cfc1f0
                    SHA1: 80999a242539ee62c1de27aadca453f69d36eb0f
                    SHA256: 0f4d29fde46709ee6134f9fc9cb0b6279a678db6196ad718dd89b7c424953c0f
                    SHA512: 7cd7267c15afd34456570fe13fa88e2d108be1182357b9c92f5f7ced97b812de 36e92bb150d0baa3f17a8c288b0feace8307e646dcda9768496d227156e06648

                    en hier is het bestandje van TRASHICON.EXE

                    Bestand trashicon.exe ontvangen op 2008.02.02 02:19:24 (CET)
                    Huidig status: Einde

                    Resultaat: 14/32 (43.75%)
                    Geformatteerd Resultaten afdrukken
                    Antivirus Versie Laatst geüpdatet Resultaat
                    AhnLab-V3 - - -
                    AntiVir - - TR/Crypt.ULPM.Gen
                    Authentium - - -
                    Avast - - -
                    AVG - - -
                    BitDefender - - -
                    CAT-QuickHeal - - (Suspicious) - DNAScan
                    ClamAV - - -
                    DrWeb - - -
                    eSafe - - suspicious Trojan/Worm
                    eTrust-Vet - - -
                    Ewido - - -
                    FileAdvisor - - -
                    Fortinet - - -
                    F-Prot - - W32/Heuristic-KPP!Eldorado
                    F-Secure - - W32/Smalltroj.CNTD
                    Ikarus - - Trojan.Crypt.ULPM
                    Kaspersky - - Heur.Invader
                    McAfee - - -
                    Microsoft - - Trojan:Win32/AgentBypass.gen!G
                    NOD32v2 - - -
                    Norman - - W32/Smalltroj.CNTD
                    Panda - - Suspicious file
                    Prevx1 - - Trojan.Gorhax
                    Rising - - -
                    Sophos - - Sus/UnkPacker
                    Sunbelt - - VIPRE.Suspicious
                    Symantec - - -
                    TheHacker - - -
                    VBA32 - - -
                    VirusBuster - - -
                    Webwasher-Gateway - - Trojan.Crypt.ULPM.Gen
                    Extra informatie
                    MD5: 1e50eead9ddf4f19279a7b360913a689
                    SHA1: 00f7d246fa58d523fdc63227de4fd7d56ecae2c7
                    SHA256: 97a1907ceff1360692abf8374722558765c46b32abb4f00c1b580532a2abf947
                    SHA512: e03cd297a1b297baf3825d2878991fc07024d05e308132f9f4642be743bbeb98 968b2c8ee90305d979cb89e0b9e8954baf8fd38bfd1cc010e686a523f958cf37


                    Volgens mij zit je goed, het lijken inderdaad virussen!
                    Wat is de volgende stap?

                    Comment


                    • #11
                      Voor we tot actie overgaan, kan je deze ook nog eens laten scannen?

                      C:\WINDOWS\wndsk.dll

                      Comment


                      • #12
                        Opnieuw: Jackpot !


                        Bestand wndsk.dll_ ontvangen op 2008.01.31 13:31:49 (CET)
                        Huidig status: Einde

                        Resultaat: 7/32 (21.88%)
                        Geformatteerd Resultaten afdrukken
                        Antivirus Versie Laatst geüpdatet Resultaat
                        AhnLab-V3 - - -
                        AntiVir - - TR/Spy.Gen
                        Authentium - - -
                        Avast - - -
                        AVG - - -
                        BitDefender - - -
                        CAT-QuickHeal - - -
                        ClamAV - - -
                        DrWeb - - -
                        eSafe - - suspicious Trojan/Worm
                        eTrust-Vet - - -
                        Ewido - - -
                        FileAdvisor - - -
                        Fortinet - - -
                        F-Prot - - W32/Injector.A.gen!Eldorado
                        F-Secure - - -
                        Ikarus - - -
                        Kaspersky - - Heur.Invader
                        McAfee - - -
                        Microsoft - - -
                        NOD32v2 - - -
                        Norman - - -
                        Panda - - Suspicious file
                        Prevx1 - - -
                        Rising - - -
                        Sophos - - Mal/Emogen-G
                        Sunbelt - - -
                        Symantec - - -
                        TheHacker - - -
                        VBA32 - - -
                        VirusBuster - - -
                        Webwasher-Gateway - - Trojan.Spy.Gen
                        Extra informatie
                        MD5: ebdda811a7178a0ece42909ef49d414f
                        SHA1: ab86ee4fed997ac626863c5ff00c511e02624fea
                        SHA256: 72580b2630d91c8827a31dbbcef07ce8362983e9d5cd8df59644ee496735c78b
                        SHA512: fa71dafe5952c9eb8045387679c9b88e0c0a1df5994f511995fe31ae73c5d71d 06d576f4ec366bbf2c190a014ddbedecd04aea26b77cc063e3f1fc1504d5000d

                        Comment


                        • #13
                          Ik heb het idee, dat we ze nu wel gehad hebben Rene.

                          Open een kladblokbestand.
                          Kopieer de ondestaande code, en plak deze in het kladblokbestand.
                          Sla het kladblokbestand op als CFScript.txt
                          Code:
                          File::
                          C:\WINDOWS\trashicon.exe
                          C:\WINDOWS\expls.exe
                          C:\WINDOWS\wndsk.dll
                          Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

                          ComboFix zal opnieuw starten.
                          Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
                          Post de inhoud van de logfile.

                          Comment


                          • #14
                            Ik heb gedaan wat je voorstelde maar ik was nog wat vergeten. Al bij de eerste keer dat ik Combofix opstartte kreeg ik onderstaande foutmelding. Bij de tweede keer hetzelfde:
                            "de instructie op 07 0x7c9111de verwijst naar geheugen op 0x00200064. De lees- of schrijfbewerking ("read") op het geheugen is mislukt"
                            Ik weet niet of het wat uitmaakt maar nadat ik deze melding wegdrukte ging Combofix gewoon door.

                            Hierbij het log:

                            ComboFix 08-02.03.1 - René 2008-02-03 14:24:24.2 - NTFSx86
                            Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.118 [GMT 1:00]
                            Gestart vanuit: C:\Downloads\ComboFix.exe
                            Command switches used :: C:\Documents and Settings\René.FRITSCHY.000\Mijn documenten\CFScript.txt
                            * Nieuw herstelpunt werd aangemaakt

                            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                            FILE
                            C:\WINDOWS\expls.exe
                            C:\WINDOWS\trashicon.exe
                            C:\WINDOWS\wndsk.dll
                            .

                            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                            .

                            C:\WINDOWS\expls.exe
                            C:\WINDOWS\trashicon.exe
                            C:\WINDOWS\wndsk.dll

                            .
                            (((((((((((((((((((( Bestanden Gemaakt van 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))
                            .

                            2008-02-02 22:30 . 2008-02-02 22:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
                            2008-02-02 22:23 . 2008-02-02 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                            2008-02-01 22:14 . 2008-02-01 22:14 <DIR> d-------- C:\Program Files\Trend Micro
                            2008-02-01 18:03 . 2008-02-01 18:29 1,355 --a------ C:\WINDOWS\imsins.BAK
                            2008-02-01 09:17 . 2008-02-03 14:22 <DIR> dr-h----- C:\Documents and Settings\René.FRITSCHY.000\Onlangs geopend
                            2008-02-01 09:17 . 2008-02-03 14:22 <DIR> dr-h----- C:\Documents and Settings\René.FRITSCHY.000\Onlangs geopend
                            2008-02-01 09:10 . 2008-02-03 11:19 5,696 --a------ C:\WINDOWS\rules.dat
                            2008-01-26 11:00 . 2008-01-26 11:00 <DIR> d-------- C:\Program Files\Autorun
                            2008-01-26 10:36 . 2008-01-26 10:36 <DIR> d-------- C:\Program Files\System Vault
                            2008-01-26 10:23 . 2008-01-26 10:23 <DIR> d-------- C:\Program Files\FreeRIP3
                            2008-01-08 22:32 . 2008-02-01 15:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                            2008-01-08 22:32 . 2008-01-08 22:32 1,409 --a------ C:\WINDOWS\QTFont.for
                            2008-01-08 22:27 . 2008-01-12 17:53 9,264 --a------ C:\logfile
                            2008-01-08 22:25 . 2008-01-08 22:25 <DIR> d-------- C:\Program Files\Common Files\Kodak
                            2008-01-08 22:22 . 2008-01-08 22:26 <DIR> d-------- C:\Program Files\Kodak
                            2008-01-08 22:15 . 2008-01-08 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
                            2008-01-07 11:27 . 2008-01-07 11:27 <DIR> d-------- C:\Documents and Settings\Bianca.FRITSCHY\Application Data\ICQ Toolbar

                            .
                            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            2008-02-03 09:39 --------- d-----w C:\Program Files\SpywareGuard
                            2008-02-03 09:36 --------- d-----w C:\Program Files\regclean
                            2008-02-03 07:21 --------- d-----w C:\Program Files\SpywareBlaster
                            2008-02-02 21:24 --------- d-----w C:\Program Files\Lavasoft
                            2008-02-02 21:24 --------- d-----w C:\Documents and Settings\René.FRITSCHY.000\Application Data\Lavasoft
                            2008-02-02 21:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                            2008-02-02 14:41 35,814 ----a-w C:\Documents and Settings\René.FRITSCHY.000\Application Data\wklnhst.dat
                            2008-02-02 11:35 --------- d-----w C:\Program Files\Google
                            2008-02-02 07:36 46,048 ----a-w C:\Documents and Settings\Bianca.FRITSCHY\Application Data\wklnhst.dat
                            2008-02-01 12:00 --------- d-----w C:\Documents and Settings\René.FRITSCHY.000\Application Data\wsInspector
                            2008-01-20 15:40 --------- d-----w C:\Program Files\ICQToolbar
                            2008-01-12 10:18 --------- d-----w C:\Documents and Settings\René.FRITSCHY.000\Application Data\Canon
                            2007-12-27 18:14 --------- d-----w C:\Program Files\Unlocker
                            2007-12-27 18:14 --------- d-----w C:\Program Files\Spyware Doctor
                            2007-12-27 10:21 --------- d-----w C:\Program Files\Hitman Pro
                            2007-12-27 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                            2007-12-27 09:42 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
                            2007-12-27 09:42 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
                            2007-12-27 09:40 --------- d-----w C:\Documents and Settings\René.FRITSCHY.000\Application Data\PC Tools
                            2007-12-27 09:39 --------- d-----w C:\Program Files\Webroot
                            2007-12-27 09:39 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
                            2007-12-27 09:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
                            2007-12-27 09:38 164 ----a-w C:\install.dat
                            2007-12-27 09:38 --------- d-----w C:\Documents and Settings\René.FRITSCHY.000\Application Data\Webroot
                            2007-12-27 09:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
                            2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
                            2007-12-09 12:48 --------- d-----w C:\Program Files\CCleaner
                            2007-12-09 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
                            2007-12-03 19:47 --------- d-----w C:\Documents and Settings\René.FRITSCHY.000\Application Data\ICQ
                            2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
                            2007-03-31 07:05 80,384 ----a-w C:\Documents and Settings\René.FRITSCHY.000\Application Data\GDIPFONTCACHEV1.DAT
                            2007-03-12 15:45 13,330 ----a-w C:\Documents and Settings\Pamela.FRITSCHY\Application Data\wklnhst.dat
                            2005-02-04 20:36 72,696 ----a-w C:\Documents and Settings\Pamela.FRITSCHY\Application Data\GDIPFONTCACHEV1.DAT
                            2004-12-25 07:42 5,632 --sha-w C:\Program Files\Thumbs.db
                            2004-09-29 17:22 72,696 ----a-w C:\Documents and Settings\Bianca.FRITSCHY\Application Data\GDIPFONTCACHEV1.DAT
                            2004-09-28 13:56 56 --sh--r C:\WINDOWS\system32\ACCB63824F.sys
                            2004-09-28 13:56 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
                            .

                            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            REGEDIT4
                            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
                            "IE Privacy Keeper"="C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-12-03 14:52 1015808]
                            "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
                            "StartupMonitor"="C:\Program Files\Startup Inspector for Windows\Startup Monitor\StartMonPrj.exe" [2005-01-15 20:34 544768]

                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "FLMTRUSTKB"="C:\Program Files\Trust keyboard utility\1.0\KbdAp32A.exe" [2003-12-27 15:46 372224]
                            "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 15:21 176128]
                            "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-05 06:21 491520]
                            "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~2\realmon.exe" [2004-04-06 16:14 504080]
                            "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
                            "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]

                            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                            "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

                            C:\Documents and Settings\Pamela.FRITSCHY\Menu Start\Programma's\Opstarten\
                            Registration-InstantCopy.lnk - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 12:18:00 245760]

                            C:\Documents and Settings\Bianca.FRITSCHY\Menu Start\Programma's\Opstarten\
                            Registration-InstantCopy.lnk - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe [2002-09-26 12:18:00 245760]

                            C:\Documents and Settings\Ren‚.FRITSCHY.000\Menu Start\Programma's\Opstarten\
                            SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

                            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                            Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-11-21 14:53:14 262944]
                            WL-142 Wireless Network Utility.lnk - C:\Program Files\WL-142 Wireless Network Utility\WLANUTL.exe [2005-08-09 18:38:56 3690496]

                            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
                            "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-11-21 14:50 233472]

                            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
                            path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
                            backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

                            [HKLM\~\startupfolder\C:^Documents and Settings^René.FRITSCHY.000^Menu Start^Programma's^Opstarten^Registration-InstantCopy.lnk]
                            path=C:\Documents and Settings\René.FRITSCHY.000\Menu Start\Programma's\Opstarten\Registration-InstantCopy.lnk
                            backup=C:\WINDOWS\pss\Registration-InstantCopy.lnkStartup

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMTRUSTMOUSE]
                            --a------ 2003-12-27 15:44 429568 C:\Program Files\Trust mouse utility\1.0\mouse32a.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
                            --a------ 2003-06-10 00:11 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestTrap]
                            C:\Program Files\PestTrap\PestTrap.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
                            --------- 2003-05-28 15:37 394240 C:\WINDOWS\System32\PSDrvCheck.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyQuake2.com]
                            C:\Program Files\SpyQuake2.com\Spy-Quake2.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
                            --a------ 2006-09-07 18:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                            "NVSvc"=2 (0x2)
                            "MDM"=2 (0x2)
                            "iPodService"=3 (0x3)
                            "x10nets"=3 (0x3)
                            "sdCoreService"=3 (0x3)
                            "sdAuxService"=3 (0x3)
                            "iPod Service"=3 (0x3)
                            "CCALib8"=2 (0x2)
                            "Apple Mobile Device"=2 (0x2)

                            R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 17:29]
                            R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 07:22]
                            R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 07:04]
                            R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2003-05-22 16:44]
                            R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 07:47]
                            S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 19:27]
                            S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys [2003-03-26 13:40]
                            S3 CA_LIC_CLNT;CA License Client;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 17:27]
                            S3 CA_LIC_SRVR;CA License Server;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 17:41]
                            S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys
                            S3 PHIL142r;Philips Key Ring Wearable Audio Player (128 MB) Control Driver;C:\WINDOWS\system32\Drivers\PHIL142r.sys
                            S3 sitwl142;Sitecom WL-142 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2005-03-01 18:50]
                            S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-12-18 19:32]

                            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62f6b1f4-8530-11dc-90c4-000c7669ad0b}]
                            \Shell\AutoRun\command - H:\InstallTomTomHOME.exe

                            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{776e67b7-a277-11db-8f9e-000c7669ad0b}]
                            \Shell\AutoRun\command - I:\LaunchU3.exe -a

                            *Newly Created Service* - PCANDIS5
                            .
                            Inhoud van de 'Gedeelde Taken' map
                            "2008-01-26 10:03:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
                            - C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registr ation_7.4.20.2.sxt [email protected]
                            "2008-02-03 09:36:03 C:\WINDOWS\Tasks\HP Usg Daily.job"
                            - C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
                            "2008-02-03 07:18:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
                            - C:\Program Files\Windows Defender\MpCmdRun.exe
                            .
                            **************************************************************************

                            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                            Rootkit scan 2008-02-03 14:29:01
                            Windows 5.1.2600 Service Pack 2 NTFS

                            scannen van verborgen processen ...

                            scannen van verborgen autostart items ...

                            scannen van verborgen bestanden ...

                            Scan succesvol afgerond
                            verborgen bestanden: 0

                            **************************************************************************
                            .
                            Voltooingstijd: 2008-02-03 14:30:18
                            ComboFix-quarantined-files.txt 2008-02-03 13:30:15
                            ComboFix2.txt 2008-02-03 10:36:21
                            .
                            2008-02-01 17:42:27 --- E O F ---

                            Comment


                            • #15
                              Ondanks de foutmelding, lijkt me de procedure toch gelukt.
                              Hoe draait de computer nu?

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X