Mededeling

Collapse
No announcement yet.

Trage PC en continu vastlopers met internet explorer

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trage PC en continu vastlopers met internet explorer

    Hierbij mijn logje. De PC is ernorm traag en het internet loopt steeds vast
    na een paar minuten op internet krijg ik al de foutmelding dat internet wordt afgesloten. Ik krijg ook regelmatig pop-up's over fouten in het register e.d.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:59:06, on 22-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\ltmsg.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?di&from=start.home.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gisnet.nl/sintmichielsgestel/mapguide/mgaxctrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203538804265
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5091/mcfscan.cab
    O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Roland/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

    --
    End of file - 7624 bytes

  • #2
    Ga naar start --> uitvoeren en typ daar: sc delete msupdate

    Daarnaast is je logfile al enkele dagen oud, post even een vers gemaakt logje.
    Groet,
    Pimmerd

    Comment


    • #3
      Hierbij mijn nieuwe logje. Ik heb afgelopen weekend al het programma combofix gedraaid en die heeft een aantal fouten opgespoord en verwijderd/hersteld. Hij loopt nu al een stuk beter. Mijn internet loopt in ieder geval niet meer vast.


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 7:52:34, on 27-2-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\CTsvcCDA.EXE
      C:\Program Files\SPAMfighter\sfus.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\TEMP\BN2.tmp
      C:\WINDOWS\DELLMMKB.EXE
      C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\WINDOWS\system32\ltmsg.exe
      C:\Program Files\SPAMfighter\SFAgent.exe
      C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\Program Files\Netropa\OSD.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Program Files\Outlook Express\msimn.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?di&from=start.home.nl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
      O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
      O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
      O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gisnet.nl/sintmichielsgestel/mapguide/mgaxctrl.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203538804265
      O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab
      O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
      O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
      O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5091/mcfscan.cab
      O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
      O20 - Winlogon Notify: opnomlj - opnomlj.dll (file missing)
      O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
      O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
      O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Roland/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

      --
      End of file - 7490 bytes

      Comment


      • #4
        Voordat we verder gaan, zou je het logje van Combofix eens kunnen posten, deze kan je terugvinden als C:\Combofix.txt
        Groet,
        Pimmerd

        Comment


        • #5
          ComboFix 08-02-24.4 - Roland 2008-02-24 20:58:27.1 - NTFSx86
          Gestart vanuit: C:\Documents and Settings\Roland\Bureaublad\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .
          ADS - system32: deleted 68762 bytes in 1 streams.

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Documents and Settings\All Users\Documenten\FNTS~1
          C:\Documents and Settings\All Users\Documenten\FNTS~1\F?nts\
          C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll
          C:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dll
          C:\Program Files\Helper
          C:\WINDOWS\Casino.ico
          C:\WINDOWS\SYSTEM32\bbadd.ini
          C:\WINDOWS\SYSTEM32\bbadd.ini2
          C:\WINDOWS\system32\ddabb.dll
          C:\WINDOWS\system32\icqmlib.exe
          C:\WINDOWS\system32\iepref32.dll
          C:\WINDOWS\system32\ierplc.dll
          C:\WINDOWS\system32\ips.dll
          C:\WINDOWS\system32\lanmandrv.sys
          C:\WINDOWS\system32\lanmanwrk.exe
          C:\WINDOWS\system32\laprxy.dllexe
          C:\WINDOWS\system32\msvcrtd.exe
          C:\WINDOWS\system32\ocxapi.dll
          C:\WINDOWS\system32\ocxloader.exe
          C:\WINDOWS\system32\qmopt.dll

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_LANMANDRV
          -------\LEGACY_MSUPDATE
          -------\LEGACY_NTMLSVC
          -------\LEGACY_RUNTIME
          -------\lanmandrv
          -------\msupdate
          -------\NtmlSvc


          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))
          .

          2008-02-24 19:54 . 2008-02-24 21:11 7,168 --a------ C:\WINDOWS\SYSTEM32\WLCtrl32.dl_
          2008-02-21 22:54 . 2008-02-21 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-02-21 22:53 . 2008-02-21 22:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-02-21 22:45 . 2008-02-21 22:45 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
          2008-02-21 22:45 . 2008-02-21 22:45 <DIR> d-------- C:\Documents and Settings\Roland\Application Data\Sammsoft
          2008-02-21 22:38 . 2008-02-21 22:44 <DIR> d-------- C:\Program Files\Free Window Registry Repair
          2008-02-21 20:11 . 2008-02-21 20:45 <DIR> d-------- C:\Program Files\Registry Defender
          2008-02-21 19:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
          2008-02-21 19:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
          2008-02-20 22:45 . 2008-02-20 22:45 <DIR> d-------- C:\Program Files\Trend Micro
          2008-02-19 21:33 . 2008-02-22 21:04 <DIR> dr-h----- C:\Documents and Settings\Roland\Onlangs geopend
          2008-02-19 21:01 . 2008-02-21 22:38 <DIR> d-------- C:\Documents and Settings\Limewire\Programma's
          2008-02-19 19:50 . 2008-02-19 19:50 51,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nkv2.sys
          2008-02-19 19:35 . 2008-02-19 19:35 88 --a------ C:\WINDOWS\wininit.ini
          2008-02-18 23:42 . 2008-02-18 23:40 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
          2008-02-18 20:49 . 2008-02-24 21:11 21,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Syf41.sys
          2008-02-18 20:49 . 2008-02-24 21:10 7,168 --a------ C:\WINDOWS\SYSTEM32\WLCtrl32.dll
          2008-02-18 20:48 . 2008-02-18 20:51 58,368 --a------ C:\wpohl.exe
          2008-02-18 20:48 . 2008-02-18 20:48 54,762 --a------ C:\WINDOWS\SYSTEM32\jkghje.dll
          2008-02-18 20:48 . 2008-02-18 20:51 27,648 --a------ C:\jupss.exe
          2008-02-10 20:29 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
          2008-02-10 20:29 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
          2008-02-10 20:29 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
          2008-02-10 20:28 . 2008-02-10 20:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2
          2008-02-10 20:24 . 2008-02-10 20:26 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
          2008-02-09 19:39 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-24 20:11 --------- d-----w C:\Program Files\SPAMfighter
          2008-02-21 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-02-21 22:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
          2008-02-21 21:54 --------- d-----w C:\Program Files\Lavasoft
          2008-02-21 19:26 --------- d-----w C:\Documents and Settings\Roland\Application Data\Lavasoft
          2008-02-20 20:48 --------- d-----w C:\Program Files\Common Files\Real
          2008-02-19 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
          2008-02-19 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-02-19 20:09 --------- d-----w C:\Program Files\QuarkXPress Passport
          2008-02-09 18:39 --------- d-----w C:\Program Files\Java
          2002-08-25 10:36 327 ---ha-w C:\Documents and Settings\Roland\hpothb07.dat
          2002-08-25 10:33 0 ---ha-w C:\Documents and Settings\Eigenaar\hpothb07.dat
          2002-08-24 18:43 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
          2002-04-13 11:24 748 ----a-w C:\Program Files\Snelkoppeling naar Powershow.lnk
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
          "AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-07-23 09:34 2084480]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
          "AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 01:00 102400]
          "DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [2001-09-23 07:14 163840]
          "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:11 196608]
          "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 03:19 69632]
          "LTWinModem1"="ltmsg.exe" [2001-04-03 10:38 38912 C:\WINDOWS\SYSTEM32\ltmsg.exe]
          "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-06 21:11 98304]
          "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomlj]
          opnomlj.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
          WLCtrl32.dll 2008-02-24 21:10 7168 C:\WINDOWS\SYSTEM32\WLCtrl32.dll

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
          backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
          backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Herinneringen van Microsoft Works Agenda.lnk]
          backup=C:\WINDOWS\pss\Herinneringen van Microsoft Works Agenda.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Image Transfer.lnk]
          backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kill Popup.lnk]
          backup=C:\WINDOWS\pss\Kill Popup.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
          backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
          backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
          backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk]
          backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Suitcase Startup.lnk]
          backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
          backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^Roland^Menu Start^Programma's^Opstarten^AOM(2).lnk]
          backup=C:\WINDOWS\pss\AOM(2).lnkStartup

          [HKLM\~\startupfolder\C:^Documents and Settings^Roland^Menu Start^Programma's^Opstarten^Registration-Studio 8.lnk]
          backup=C:\WINDOWS\pss\Registration-Studio 8.lnkStartup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
          --a------ 2001-09-04 15:31 655360 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMTRUSTMOUSE]
          --a------ 2003-12-24 22:56 429568 C:\Program Files\Trust mouse utility\1.0\mouse32a.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
          --a------ 2001-09-06 17:10 94208 C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
          --a------ 2000-07-12 12:14 311350 C:\Program Files\Microsoft Works\WksSb.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
          --a------ 2000-08-29 15:56 28739 C:\Program Files\Microsoft Works\WkDetect.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
          --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wanadoo Menu]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
          --a------ 2000-07-12 10:59 24576 C:\Program Files\Microsoft Works\wkfud.exe

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

          R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 15:18]
          S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2001-09-06 17:09]
          S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 19:11]
          S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2002-04-16 19:56:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
          - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-24 21:10:58
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\WINDOWS\system32\devldr32.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\System32\CTsvcCDA.EXE
          C:\Program Files\SPAMfighter\sfus.exe
          C:\WINDOWS\System32\MsPMSPSv.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
          C:\Program Files\Netropa\OSD.exe
          C:\WINDOWS\system32\msiexec.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-02-24 21:20:58 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-02-24 20:20:50
          .
          2008-02-13 15:43:25 --- E O F ---

          Comment


          • #6
            Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

            File::
            C:\WINDOWS\SYSTEM32\DRIVERS\Syf41.sys
            C:\WINDOWS\SYSTEM32\WLCtrl32.dll
            C:\wpohl.exe
            C:\WINDOWS\SYSTEM32\jkghje.dll
            C:\jupss.exe

            Driver::
            Syf41

            Registry::
            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomlj]
            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

            Sla dit op op je Bureaublad als CFScript.txt

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.
            Start opnieuw op als daarom gevraagd wordt,
            en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

            Hoe is het met je problemen?
            Groet,
            Pimmerd

            Comment


            • #7
              Hierbij mijn nieuwe logs.
              Volgens mij loopt de pc redelijk goed, het internet loopt in ieder geval niet meer vast.

              ComboFix 08-02-24.4 - Roland 2008-02-28 20:05:33.2 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.60 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Roland\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\Roland\Bureaublad\CFScript.txt
              * Nieuw herstelpunt werd aangemaakt

              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

              FILE ::
              C:\jupss.exe
              C:\WINDOWS\SYSTEM32\DRIVERS\Syf41.sys
              C:\WINDOWS\SYSTEM32\jkghje.dll
              C:\WINDOWS\SYSTEM32\WLCtrl32.dll
              C:\wpohl.exe
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\jupss.exe
              C:\WINDOWS\SYSTEM32\DRIVERS\Syf41.sys
              C:\WINDOWS\system32\icqmlib.exe
              C:\WINDOWS\system32\iepref32.dll
              C:\WINDOWS\system32\ierplc.dll
              C:\WINDOWS\system32\ips.dll
              C:\WINDOWS\SYSTEM32\jkghje.dll
              C:\WINDOWS\system32\lanmandrv.sys
              C:\WINDOWS\system32\lanmanwrk.exe
              C:\WINDOWS\system32\laprxy.dllexe
              C:\WINDOWS\system32\ocxapi.dll
              C:\WINDOWS\system32\ocxloader.exe
              C:\WINDOWS\system32\qmopt.dll
              C:\WINDOWS\SYSTEM32\WLCtrl32.dll
              C:\wpohl.exe

              .
              ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

              .
              -------\LEGACY_LANMANDRV
              -------\LEGACY_SYF41
              -------\lanmandrv
              -------\Syf41


              (((((((((((((((((((( Bestanden Gemaakt van 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))
              .

              2008-02-28 20:17 . 2008-02-28 20:17 26,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Nty73.sys
              2008-02-28 20:17 . 2008-02-28 20:17 11,776 --a------ C:\WINDOWS\SYSTEM32\WLCtrl32.dl_
              2008-02-21 22:54 . 2008-02-21 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
              2008-02-21 22:53 . 2008-02-21 22:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
              2008-02-21 22:38 . 2008-02-24 22:02 <DIR> d-------- C:\Program Files\Free Window Registry Repair
              2008-02-21 20:11 . 2008-02-21 20:45 <DIR> d-------- C:\Program Files\Registry Defender
              2008-02-21 19:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
              2008-02-21 19:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
              2008-02-20 22:45 . 2008-02-20 22:45 <DIR> d-------- C:\Program Files\Trend Micro
              2008-02-19 21:33 . 2008-02-28 20:01 <DIR> dr-h----- C:\Documents and Settings\Roland\Onlangs geopend
              2008-02-19 21:01 . 2008-02-24 22:02 <DIR> d-------- C:\Documents and Settings\Limewire\Programma's
              2008-02-19 19:50 . 2008-02-27 07:43 51,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nkv2.sys
              2008-02-19 19:35 . 2008-02-19 19:35 88 --a------ C:\WINDOWS\wininit.ini
              2008-02-18 23:42 . 2008-02-18 23:40 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
              2008-02-10 20:29 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
              2008-02-10 20:29 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
              2008-02-10 20:29 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
              2008-02-10 20:28 . 2008-02-10 20:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2
              2008-02-10 20:24 . 2008-02-10 20:26 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
              2008-02-09 19:39 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-02-28 19:12 --------- d-----w C:\Program Files\SPAMfighter
              2008-02-21 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2008-02-21 22:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
              2008-02-21 21:54 --------- d-----w C:\Program Files\Lavasoft
              2008-02-21 19:26 --------- d-----w C:\Documents and Settings\Roland\Application Data\Lavasoft
              2008-02-20 20:48 --------- d-----w C:\Program Files\Common Files\Real
              2008-02-19 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
              2008-02-19 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2008-02-19 20:09 --------- d-----w C:\Program Files\QuarkXPress Passport
              2008-02-09 18:39 --------- d-----w C:\Program Files\Java
              2002-08-25 10:36 327 ---ha-w C:\Documents and Settings\Roland\hpothb07.dat
              2002-08-25 10:33 0 ---ha-w C:\Documents and Settings\Eigenaar\hpothb07.dat
              2002-08-24 18:43 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
              2002-04-13 11:24 748 ----a-w C:\Program Files\Snelkoppeling naar Powershow.lnk
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
              "AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 01:00 102400]
              "DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [2001-09-23 07:14 163840]
              "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:11 196608]
              "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 03:19 69632]
              "LTWinModem1"="ltmsg.exe" [2001-04-03 10:38 38912 C:\WINDOWS\SYSTEM32\ltmsg.exe]
              "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-06 21:11 98304]
              "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomlj]
              opnomlj.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
              WLCtrl32.dll

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
              backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
              backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Herinneringen van Microsoft Works Agenda.lnk]
              backup=C:\WINDOWS\pss\Herinneringen van Microsoft Works Agenda.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Image Transfer.lnk]
              backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kill Popup.lnk]
              backup=C:\WINDOWS\pss\Kill Popup.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
              backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
              backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
              backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk]
              backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Suitcase Startup.lnk]
              backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
              backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^Roland^Menu Start^Programma's^Opstarten^AOM(2).lnk]
              backup=C:\WINDOWS\pss\AOM(2).lnkStartup

              [HKLM\~\startupfolder\C:^Documents and Settings^Roland^Menu Start^Programma's^Opstarten^Registration-Studio 8.lnk]
              backup=C:\WINDOWS\pss\Registration-Studio 8.lnkStartup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
              --a------ 2001-09-04 15:31 655360 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMTRUSTMOUSE]
              C:\Program Files\Trust mouse utility\1.0\mouse32a.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
              --a------ 2001-09-06 17:10 94208 C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
              --a------ 2000-07-12 12:14 311350 C:\Program Files\Microsoft Works\WksSb.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
              --a------ 2000-08-29 15:56 28739 C:\Program Files\Microsoft Works\WkDetect.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
              --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wanadoo Menu]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
              --a------ 2000-07-12 10:59 24576 C:\Program Files\Microsoft Works\wkfud.exe

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
              "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

              R0 Nty73;Nty73;C:\WINDOWS\system32\Drivers\Nty73.sys [2008-02-28 20:17]
              R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
              R2 zipshot;zipshot;C:\WINDOWS\system32\drivers\zipshot.sys [1998-07-24 12:31]
              R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 15:18]
              S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2001-09-06 17:09]
              S1 wer32;wer32;C:\WINDOWS\system32\jkghje.dll
              S2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe
              S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 19:11]
              S3 QCEmerald;Logitech QuickCam Web(PID_0850);C:\WINDOWS\system32\DRIVERS\LVCE.sys [2001-09-06 17:09]
              S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-02-27 07:43]
              S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]

              *Newly Created Service* - NTY73
              .
              Inhoud van de 'Gedeelde Taken' map
              "2002-04-16 19:56:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
              - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-02-28 20:18:38
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              --------------------- DLLs Geladen Onder Lopende Processen ---------------------

              PROCESS: C:\WINDOWS\system32\winlogon.exe
              -> C:\WINDOWS\system32\WLCtrl32.dll
              .
              ------------------------ Other Running Processes ------------------------
              .
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\System32\CTsvcCDA.EXE
              C:\WINDOWS\System32\MsPMSPSv.exe
              C:\WINDOWS\system32\devldr32.exe
              C:\WINDOWS\TEMP\BN2.tmp
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Netropa\OSD.exe
              C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\WINDOWS\system32\msiexec.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              .
              **************************************************************************
              .
              Voltooingstijd: 2008-02-28 20:26:01 - machine was rebooted
              ComboFix-quarantined-files.txt 2008-02-28 19:25:53
              ComboFix2.txt 2008-02-24 20:21:00
              .
              2008-02-13 15:43:25 --- E O F ---




              Hijack this logje

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 20:29:55, on 28-2-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16608)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\System32\CTsvcCDA.EXE
              C:\Program Files\SPAMfighter\sfus.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\System32\MsPMSPSv.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\TEMP\BN2.tmp
              C:\WINDOWS\DELLMMKB.EXE
              C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
              C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
              C:\WINDOWS\system32\ltmsg.exe
              C:\Program Files\SPAMfighter\SFAgent.exe
              C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
              C:\Program Files\Netropa\OSD.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
              C:\WINDOWS\explorer.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?di&from=start.home.nl
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
              O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
              O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
              O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
              O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
              O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
              O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
              O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
              O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
              O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
              O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
              O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gisnet.nl/sintmichielsgestel/mapguide/mgaxctrl.cab
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203538804265
              O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
              O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab
              O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
              O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
              O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
              O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
              O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5091/mcfscan.cab
              O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
              O20 - Winlogon Notify: opnomlj - opnomlj.dll (file missing)
              O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
              O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
              O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
              O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Roland/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

              --
              End of file - 7386 bytes

              Comment


              • #8
                Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

                Registry::
                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomlj]
                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

                Driver::
                wer32
                Nhksrv
                Nty73
                zipshot

                File::
                C:\WINDOWS\system32\WLCtrl32.dll
                C:\WINDOWS\TEMP\BN2.tmp

                Sla dit op op je Bureaublad als CFScript.txt

                Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                Dit zal ComboFix doen herstarten.
                Start opnieuw op als daarom gevraagd wordt,
                en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
                Groet,
                Pimmerd

                Comment


                • #9
                  ComboFix 08-02-24.4 - Roland 2008-02-28 21:19:49.3 - NTFSx86
                  Gestart vanuit: C:\Documents and Settings\Roland\Bureaublad\ComboFix.exe
                  Command switches used :: C:\Documents and Settings\Roland\Bureaublad\CFScript.txt
                  * Nieuw herstelpunt werd aangemaakt

                  WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                  FILE ::
                  C:\WINDOWS\system32\WLCtrl32.dll
                  C:\WINDOWS\TEMP\BN2.tmp
                  .

                  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                  .

                  C:\WINDOWS\system32\WLCtrl32.dll
                  C:\WINDOWS\TEMP\BN2.tmp

                  .
                  ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

                  .
                  -------\LEGACY_NHKSRV
                  -------\LEGACY_NTY73
                  -------\LEGACY_ZIPSHOT
                  -------\Nhksrv
                  -------\Nty73
                  -------\wer32
                  -------\zipshot


                  (((((((((((((((((((( Bestanden Gemaakt van 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))
                  .

                  2008-02-28 21:30 . 2008-02-28 21:30 4,645 --ah----- C:\WINDOWS\SYSTEM32\mmhren21.jpg
                  2008-02-28 21:29 . 2008-02-28 21:29 26,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Nta52.sys
                  2008-02-28 21:29 . 2008-02-28 21:29 11,776 --a------ C:\WINDOWS\SYSTEM32\WLCtrl32.dl_
                  2008-02-28 20:17 . 2008-02-28 21:14 26,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Nty73.sys
                  2008-02-21 22:54 . 2008-02-21 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                  2008-02-21 22:53 . 2008-02-21 22:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                  2008-02-21 22:38 . 2008-02-24 22:02 <DIR> d-------- C:\Program Files\Free Window Registry Repair
                  2008-02-21 20:11 . 2008-02-21 20:45 <DIR> d-------- C:\Program Files\Registry Defender
                  2008-02-21 19:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
                  2008-02-21 19:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
                  2008-02-20 22:45 . 2008-02-20 22:45 <DIR> d-------- C:\Program Files\Trend Micro
                  2008-02-19 21:33 . 2008-02-28 21:17 <DIR> dr-h----- C:\Documents and Settings\Roland\Onlangs geopend
                  2008-02-19 21:01 . 2008-02-24 22:02 <DIR> d-------- C:\Documents and Settings\Limewire\Programma's
                  2008-02-19 19:50 . 2008-02-27 07:43 51,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nkv2.sys
                  2008-02-19 19:35 . 2008-02-19 19:35 88 --a------ C:\WINDOWS\wininit.ini
                  2008-02-18 23:42 . 2008-02-18 23:40 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
                  2008-02-10 20:29 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
                  2008-02-10 20:29 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
                  2008-02-10 20:29 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
                  2008-02-10 20:28 . 2008-02-10 20:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2
                  2008-02-10 20:24 . 2008-02-10 20:26 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
                  2008-02-09 19:39 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-02-28 20:26 --------- d-----w C:\Program Files\SPAMfighter
                  2008-02-21 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                  2008-02-21 22:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
                  2008-02-21 21:54 --------- d-----w C:\Program Files\Lavasoft
                  2008-02-21 19:26 --------- d-----w C:\Documents and Settings\Roland\Application Data\Lavasoft
                  2008-02-20 20:48 --------- d-----w C:\Program Files\Common Files\Real
                  2008-02-19 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
                  2008-02-19 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
                  2008-02-19 20:09 --------- d-----w C:\Program Files\QuarkXPress Passport
                  2008-02-09 18:39 --------- d-----w C:\Program Files\Java
                  2002-08-25 10:36 327 ---ha-w C:\Documents and Settings\Roland\hpothb07.dat
                  2002-08-25 10:33 0 ---ha-w C:\Documents and Settings\Eigenaar\hpothb07.dat
                  2002-08-24 18:43 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
                  2002-04-13 11:24 748 ----a-w C:\Program Files\Snelkoppeling naar Powershow.lnk
                  .

                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
                  "AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 01:00 102400]
                  "DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [2001-09-23 07:14 163840]
                  "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:11 196608]
                  "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 03:19 69632]
                  "LTWinModem1"="ltmsg.exe" [2001-04-03 10:38 38912 C:\WINDOWS\SYSTEM32\ltmsg.exe]
                  "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
                  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-06 21:11 98304]
                  "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
                  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomlj]
                  opnomlj.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
                  WLCtrl32.dll

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
                  backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
                  backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Herinneringen van Microsoft Works Agenda.lnk]
                  backup=C:\WINDOWS\pss\Herinneringen van Microsoft Works Agenda.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Image Transfer.lnk]
                  backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kill Popup.lnk]
                  backup=C:\WINDOWS\pss\Kill Popup.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
                  backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
                  backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
                  backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk]
                  backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Suitcase Startup.lnk]
                  backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
                  backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^Roland^Menu Start^Programma's^Opstarten^AOM(2).lnk]
                  backup=C:\WINDOWS\pss\AOM(2).lnkStartup

                  [HKLM\~\startupfolder\C:^Documents and Settings^Roland^Menu Start^Programma's^Opstarten^Registration-Studio 8.lnk]
                  backup=C:\WINDOWS\pss\Registration-Studio 8.lnkStartup

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
                  --a------ 2001-09-04 15:31 655360 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMTRUSTMOUSE]
                  C:\Program Files\Trust mouse utility\1.0\mouse32a.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
                  --a------ 2001-09-06 17:10 94208 C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
                  --a------ 2000-07-12 12:14 311350 C:\Program Files\Microsoft Works\WksSb.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
                  --a------ 2000-08-29 15:56 28739 C:\Program Files\Microsoft Works\WkDetect.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
                  --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wanadoo Menu]

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
                  --a------ 2000-07-12 10:59 24576 C:\Program Files\Microsoft Works\wkfud.exe

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                  "%windir%\\system32\\sessmgr.exe"=
                  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                  "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

                  R0 Nta52;Nta52;C:\WINDOWS\system32\Drivers\Nta52.sys [2008-02-28 21:29]
                  R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
                  R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 15:18]
                  S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2001-09-06 17:09]
                  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 19:11]
                  S3 QCEmerald;Logitech QuickCam Web(PID_0850);C:\WINDOWS\system32\DRIVERS\LVCE.sys [2001-09-06 17:09]
                  S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-02-27 07:43]
                  S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]

                  *Newly Created Service* - NTA52
                  .
                  Inhoud van de 'Gedeelde Taken' map
                  "2002-04-16 19:56:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
                  - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
                  .
                  **************************************************************************

                  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-02-28 21:30:32
                  Windows 5.1.2600 Service Pack 2 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  Scan succesvol afgerond
                  verborgen bestanden: 0

                  **************************************************************************
                  .
                  --------------------- DLLs Geladen Onder Lopende Processen ---------------------

                  PROCESS: C:\WINDOWS\system32\winlogon.exe
                  -> C:\WINDOWS\system32\WLCtrl32.dll
                  .
                  ------------------------ Other Running Processes ------------------------
                  .
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\System32\CTsvcCDA.EXE
                  C:\WINDOWS\System32\MsPMSPSv.exe
                  C:\WINDOWS\system32\devldr32.exe
                  C:\WINDOWS\TEMP\BN2.tmp
                  C:\Program Files\Internet Explorer\IEXPLORE.EXE
                  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
                  C:\WINDOWS\system32\msiexec.exe
                  C:\Program Files\Netropa\OSD.exe
                  .
                  **************************************************************************
                  .
                  Voltooingstijd: 2008-02-28 21:36:27 - machine was rebooted
                  ComboFix-quarantined-files.txt 2008-02-28 20:36:20
                  ComboFix2.txt 2008-02-28 19:26:02
                  ComboFix3.txt 2008-02-24 20:21:00
                  .
                  2008-02-13 15:43:25 --- E O F ---






                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 21:41:27, on 28-2-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\System32\CTsvcCDA.EXE
                  C:\Program Files\SPAMfighter\sfus.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\System32\MsPMSPSv.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\TEMP\BN2.tmp
                  C:\WINDOWS\DELLMMKB.EXE
                  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
                  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                  C:\WINDOWS\system32\ltmsg.exe
                  C:\Program Files\SPAMfighter\SFAgent.exe
                  C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
                  C:\Program Files\Netropa\OSD.exe
                  C:\WINDOWS\explorer.exe
                  C:\Program Files\Outlook Express\msimn.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\Internet Explorer\IEXPLORE.EXE
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?di&from=start.home.nl
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
                  O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
                  O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
                  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
                  O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                  O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
                  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
                  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                  O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
                  O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
                  O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
                  O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gisnet.nl/sintmichielsgestel/mapguide/mgaxctrl.cab
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203538804265
                  O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
                  O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab
                  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
                  O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
                  O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
                  O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
                  O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5091/mcfscan.cab
                  O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
                  O20 - Winlogon Notify: opnomlj - opnomlj.dll (file missing)
                  O20 - Winlogon Notify: WLCtrl32 - WLCtrl32.dll (file missing)
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                  O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
                  O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
                  O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Roland/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

                  --
                  End of file - 7403 bytes

                  Comment


                  • #10
                    Sorry voor deze late reactie, was je logje een beetje uit het oog verloren

                    Zou je eens een vers combofix logje kunnen plaatsen?
                    Groet,
                    Pimmerd

                    Comment


                    • #11
                      ComboFix 08-02-24.4 - Roland 2008-03-04 19:18:35.4 - NTFSx86
                      Gestart vanuit: C:\Documents and Settings\Roland\Bureaublad\ComboFix.exe

                      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                      .

                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      C:\WINDOWS\system32\drivers\Nty73.sys
                      C:\WINDOWS\system32\icqmlib.exe
                      C:\WINDOWS\system32\iepref32.dll
                      C:\WINDOWS\system32\ierplc.dll
                      C:\WINDOWS\system32\ips.dll
                      C:\WINDOWS\system32\lanmandrv.sys
                      C:\WINDOWS\system32\lanmanwrk.exe
                      C:\WINDOWS\system32\laprxy.dllexe
                      C:\WINDOWS\system32\ocxapi.dll
                      C:\WINDOWS\system32\ocxloader.exe
                      C:\WINDOWS\system32\qmopt.dll

                      .
                      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

                      .
                      -------\LEGACY_LANMANDRV
                      -------\lanmandrv


                      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))
                      .

                      2008-03-04 19:26 . 2008-03-04 19:26 11,776 --a------ C:\WINDOWS\SYSTEM32\WLCtrl32.dl_
                      2008-02-28 21:29 . 2008-03-04 19:26 26,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Nta52.sys
                      2008-02-28 21:29 . 2008-03-04 19:25 11,776 --a------ C:\WINDOWS\SYSTEM32\WLCtrl32.dll
                      2008-02-21 22:54 . 2008-02-21 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                      2008-02-21 22:53 . 2008-02-21 22:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                      2008-02-21 22:38 . 2008-02-24 22:02 <DIR> d-------- C:\Program Files\Free Window Registry Repair
                      2008-02-21 20:11 . 2008-02-21 20:45 <DIR> d-------- C:\Program Files\Registry Defender
                      2008-02-21 19:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
                      2008-02-21 19:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
                      2008-02-20 22:45 . 2008-02-20 22:45 <DIR> d-------- C:\Program Files\Trend Micro
                      2008-02-19 21:33 . 2008-02-28 21:17 <DIR> dr-h----- C:\Documents and Settings\Roland\Onlangs geopend
                      2008-02-19 21:01 . 2008-02-24 22:02 <DIR> d-------- C:\Documents and Settings\Limewire\Programma's
                      2008-02-19 19:50 . 2008-02-27 07:43 51,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nkv2.sys
                      2008-02-19 19:35 . 2008-02-19 19:35 88 --a------ C:\WINDOWS\wininit.ini
                      2008-02-18 23:42 . 2008-02-18 23:40 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
                      2008-02-10 20:29 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
                      2008-02-10 20:29 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
                      2008-02-10 20:29 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
                      2008-02-10 20:28 . 2008-02-10 20:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2
                      2008-02-10 20:24 . 2008-02-10 20:26 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
                      2008-02-09 19:39 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-03-04 18:25 --------- d-----w C:\Program Files\SPAMfighter
                      2008-02-21 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                      2008-02-21 22:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
                      2008-02-21 21:54 --------- d-----w C:\Program Files\Lavasoft
                      2008-02-21 19:26 --------- d-----w C:\Documents and Settings\Roland\Application Data\Lavasoft
                      2008-02-20 20:48 --------- d-----w C:\Program Files\Common Files\Real
                      2008-02-19 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
                      2008-02-19 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
                      2008-02-19 20:09 --------- d-----w C:\Program Files\QuarkXPress Passport
                      2008-02-09 18:39 --------- d-----w C:\Program Files\Java
                      2002-08-25 10:36 327 ---ha-w C:\Documents and Settings\Roland\hpothb07.dat
                      2002-08-25 10:33 0 ---ha-w C:\Documents and Settings\Eigenaar\hpothb07.dat
                      2002-08-24 18:43 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
                      2002-04-13 11:24 748 ----a-w C:\Program Files\Snelkoppeling naar Powershow.lnk
                      .

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
                      "AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 01:00 102400]
                      "DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [2001-09-23 07:14 163840]
                      "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:11 196608]
                      "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 03:19 69632]
                      "LTWinModem1"="ltmsg.exe" [2001-04-03 10:38 38912 C:\WINDOWS\SYSTEM32\ltmsg.exe]
                      "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
                      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-06 21:11 98304]
                      "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomlj]
                      opnomlj.dll

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
                      WLCtrl32.dll 2008-03-04 19:25 11776 C:\WINDOWS\SYSTEM32\WLCtrl32.dll

                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
                      backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
                      backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Herinneringen van Microsoft Works Agenda.lnk]
                      backup=C:\WINDOWS\pss\Herinneringen van Microsoft Works Agenda.lnkCommon Startup

                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Image Transfer.lnk]
                      backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kill Popup.lnk]
                      backup=C:\WINDOWS\pss\Kill Popup.lnkCommon Startup

                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
                      backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
                      backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
                      backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk]
                      backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Suitcase Startup.lnk]
                      backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup

                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
                      backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

                      [HKLM\~\startupfolder\C:^Documents and Settings^Roland^Menu Start^Programma's^Opstarten^AOM(2).lnk]
                      backup=C:\WINDOWS\pss\AOM(2).lnkStartup

                      [HKLM\~\startupfolder\C:^Documents and Settings^Roland^Menu Start^Programma's^Opstarten^Registration-Studio 8.lnk]
                      backup=C:\WINDOWS\pss\Registration-Studio 8.lnkStartup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
                      --a------ 2001-09-04 15:31 655360 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMTRUSTMOUSE]
                      C:\Program Files\Trust mouse utility\1.0\mouse32a.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
                      --a------ 2001-09-06 17:10 94208 C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
                      --a------ 2000-07-12 12:14 311350 C:\Program Files\Microsoft Works\WksSb.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
                      --a------ 2000-08-29 15:56 28739 C:\Program Files\Microsoft Works\WkDetect.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
                      --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wanadoo Menu]

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
                      --a------ 2000-07-12 10:59 24576 C:\Program Files\Microsoft Works\wkfud.exe

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"=
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

                      R0 Nta52;Nta52;C:\WINDOWS\system32\Drivers\Nta52.sys [2008-03-04 19:26]
                      R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
                      R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 15:18]
                      S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2001-09-06 17:09]
                      S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 19:11]
                      S3 QCEmerald;Logitech QuickCam Web(PID_0850);C:\WINDOWS\system32\DRIVERS\LVCE.sys [2001-09-06 17:09]
                      S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-02-27 07:43]
                      S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]

                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2002-04-16 19:56:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
                      - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-03-04 19:27:46
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

                      PROCESS: C:\WINDOWS\system32\winlogon.exe
                      -> C:\WINDOWS\system32\WLCtrl32.dll
                      .
                      ------------------------ Other Running Processes ------------------------
                      .
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\WINDOWS\System32\CTsvcCDA.EXE
                      C:\WINDOWS\System32\MsPMSPSv.exe
                      C:\WINDOWS\system32\devldr32.exe
                      C:\WINDOWS\TEMP\BN8.tmp
                      C:\Program Files\Internet Explorer\IEXPLORE.EXE
                      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
                      C:\WINDOWS\system32\msiexec.exe
                      C:\Program Files\Netropa\OSD.exe
                      .
                      **************************************************************************
                      .
                      Voltooingstijd: 2008-03-04 19:33:14 - machine was rebooted
                      ComboFix-quarantined-files.txt 2008-03-04 18:33:08
                      ComboFix2.txt 2008-02-28 20:36:27
                      ComboFix3.txt 2008-02-28 19:26:02
                      ComboFix4.txt 2008-02-24 20:21:00
                      .
                      2008-02-13 15:43:25 --- E O F ---

                      Comment


                      • #12
                        Verwijder Combofix, ga naar start --> uitvoeren en typ daar: combofix /u
                        Download Combofix opnieuw via deze link: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

                        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

                        KILLALL::

                        RootKit::
                        C:\WINDOWS\SYSTEM32\WLCtrl32.dl_
                        C:\WINDOWS\SYSTEM32\DRIVERS\Nta52.sys
                        C:\WINDOWS\SYSTEM32\WLCtrl32.dll
                        C:\WINDOWS\SYSTEM32\DRIVERS\nkv2.sys
                        C:\WINDOWS\wininit.ini

                        Driver::
                        Nta52
                        nkv2

                        Registry::
                        [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomlj]
                        [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

                        Sla dit op op je Bureaublad als CFScript.txt

                        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                        Dit zal ComboFix doen herstarten.
                        Start opnieuw op als daarom gevraagd wordt,
                        en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
                        Groet,
                        Pimmerd

                        Comment


                        • #13
                          ComboFix 08-03-04.3 - Roland 2008-03-04 22:42:24.5 - NTFSx86
                          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.79 [GMT 1:00]
                          Gestart vanuit: C:\Documents and Settings\Roland\Bureaublad\ComboFix.exe
                          Command switches used :: C:\Documents and Settings\Roland\Bureaublad\cfscript.txt
                          * Nieuw herstelpunt werd aangemaakt

                          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                          .

                          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                          .

                          C:\WINDOWS\SYSTEM32\DRIVERS\nkv2.sys
                          C:\WINDOWS\SYSTEM32\DRIVERS\Nta52.sys
                          C:\WINDOWS\SYSTEM32\WLCtrl32.dl_
                          C:\WINDOWS\SYSTEM32\WLCtrl32.dll
                          C:\WINDOWS\wininit.ini

                          .
                          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

                          .
                          -------\LEGACY_NTA52
                          -------\Nta52


                          (((((((((((((((((((( Bestanden Gemaakt van 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))
                          .

                          2008-02-21 22:54 . 2008-02-21 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                          2008-02-21 22:53 . 2008-02-21 22:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                          2008-02-21 22:38 . 2008-02-24 22:02 <DIR> d-------- C:\Program Files\Free Window Registry Repair
                          2008-02-21 20:11 . 2008-02-21 20:45 <DIR> d-------- C:\Program Files\Registry Defender
                          2008-02-21 19:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
                          2008-02-21 19:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
                          2008-02-20 22:45 . 2008-02-20 22:45 <DIR> d-------- C:\Program Files\Trend Micro
                          2008-02-19 21:33 . 2008-03-04 22:40 <DIR> dr-h----- C:\Documents and Settings\Roland\Onlangs geopend
                          2008-02-19 21:01 . 2008-02-24 22:02 <DIR> d-------- C:\Documents and Settings\Limewire\Programma's
                          2008-02-18 23:42 . 2008-02-18 23:40 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
                          2008-02-10 20:29 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
                          2008-02-10 20:29 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
                          2008-02-10 20:29 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
                          2008-02-10 20:28 . 2008-02-10 20:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2
                          2008-02-10 20:24 . 2008-02-10 20:26 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
                          2008-02-09 19:39 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl

                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2008-03-04 21:48 --------- d-----w C:\Program Files\SPAMfighter
                          2008-02-21 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                          2008-02-21 22:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
                          2008-02-21 21:54 --------- d-----w C:\Program Files\Lavasoft
                          2008-02-21 19:26 --------- d-----w C:\Documents and Settings\Roland\Application Data\Lavasoft
                          2008-02-20 20:48 --------- d-----w C:\Program Files\Common Files\Real
                          2008-02-19 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
                          2008-02-19 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
                          2008-02-19 20:09 --------- d-----w C:\Program Files\QuarkXPress Passport
                          2008-02-09 18:39 --------- d-----w C:\Program Files\Java
                          2002-08-25 10:36 327 ---ha-w C:\Documents and Settings\Roland\hpothb07.dat
                          2002-08-25 10:33 0 ---ha-w C:\Documents and Settings\Eigenaar\hpothb07.dat
                          2002-08-24 18:43 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
                          2002-04-13 11:24 748 ----a-w C:\Program Files\Snelkoppeling naar Powershow.lnk
                          .

                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          REGEDIT4
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
                          "AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 01:00 102400]
                          "DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [2001-09-23 07:14 163840]
                          "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:11 196608]
                          "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 03:19 69632]
                          "LTWinModem1"="ltmsg.exe" [2001-04-03 10:38 38912 C:\WINDOWS\SYSTEM32\ltmsg.exe]
                          "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
                          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-06 21:11 98304]
                          "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
                          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

                          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
                          backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
                          backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Herinneringen van Microsoft Works Agenda.lnk]
                          backup=C:\WINDOWS\pss\Herinneringen van Microsoft Works Agenda.lnkCommon Startup

                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Image Transfer.lnk]
                          backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kill Popup.lnk]
                          backup=C:\WINDOWS\pss\Kill Popup.lnkCommon Startup

                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
                          backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
                          backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
                          backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk]
                          backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Suitcase Startup.lnk]
                          backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup

                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
                          backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

                          [HKLM\~\startupfolder\C:^Documents and Settings^Roland^Menu Start^Programma's^Opstarten^AOM(2).lnk]
                          backup=C:\WINDOWS\pss\AOM(2).lnkStartup

                          [HKLM\~\startupfolder\C:^Documents and Settings^Roland^Menu Start^Programma's^Opstarten^Registration-Studio 8.lnk]
                          backup=C:\WINDOWS\pss\Registration-Studio 8.lnkStartup

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
                          --a------ 2001-09-04 15:31 655360 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMTRUSTMOUSE]
                          C:\Program Files\Trust mouse utility\1.0\mouse32a.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
                          --a------ 2001-09-06 17:10 94208 C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
                          --a------ 2000-07-12 12:14 311350 C:\Program Files\Microsoft Works\WksSb.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
                          --a------ 2000-08-29 15:56 28739 C:\Program Files\Microsoft Works\WkDetect.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
                          --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wanadoo Menu]

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
                          --a------ 2000-07-12 10:59 24576 C:\Program Files\Microsoft Works\wkfud.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                          "AntiVirusOverride"=dword:00000001

                          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                          "%windir%\\system32\\sessmgr.exe"=
                          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                          "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

                          R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
                          R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 15:18]
                          S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2001-09-06 17:09]
                          S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 19:11]
                          S3 QCEmerald;Logitech QuickCam Web(PID_0850);C:\WINDOWS\system32\DRIVERS\LVCE.sys [2001-09-06 17:09]
                          S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys
                          S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]

                          .
                          Inhoud van de 'Gedeelde Taken' map
                          "2002-04-16 19:56:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
                          - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
                          .
                          **************************************************************************

                          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                          Rootkit scan 2008-03-04 22:49:24
                          Windows 5.1.2600 Service Pack 2 NTFS

                          scannen van verborgen processen ...

                          scannen van verborgen autostart items ...

                          scannen van verborgen bestanden ...

                          Scan succesvol afgerond
                          verborgen bestanden: 0

                          **************************************************************************
                          .
                          ------------------------ Other Running Processes ------------------------
                          .
                          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          C:\WINDOWS\System32\CTsvcCDA.EXE
                          C:\WINDOWS\System32\MsPMSPSv.exe
                          C:\WINDOWS\system32\devldr32.exe
                          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
                          C:\WINDOWS\system32\msiexec.exe
                          C:\Program Files\Netropa\OSD.exe
                          .
                          **************************************************************************
                          .
                          Voltooingstijd: 2008-03-04 22:52:25 - machine was rebooted
                          ComboFix-quarantined-files.txt 2008-03-04 21:52:21
                          ComboFix2.txt 2008-03-04 18:33:15
                          .
                          2008-02-13 15:43:25 --- E O F ---







                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 22:53:45, on 4-3-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                          Boot mode: Normal

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\WINDOWS\System32\CTsvcCDA.EXE
                          C:\Program Files\SPAMfighter\sfus.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\System32\MsPMSPSv.exe
                          C:\WINDOWS\system32\wuauclt.exe
                          C:\WINDOWS\DELLMMKB.EXE
                          C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
                          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                          C:\WINDOWS\system32\ltmsg.exe
                          C:\Program Files\SPAMfighter\SFAgent.exe
                          C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
                          C:\WINDOWS\system32\msiexec.exe
                          C:\Program Files\Netropa\OSD.exe
                          C:\WINDOWS\explorer.exe
                          C:\WINDOWS\system32\notepad.exe
                          C:\Program Files\Outlook Express\msimn.exe
                          C:\Program Files\Messenger\msmsgs.exe
                          C:\Program Files\Internet Explorer\IEXPLORE.EXE
                          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?di&from=start.home.nl
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl
                          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                          O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
                          O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
                          O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
                          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
                          O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                          O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
                          O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                          O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
                          O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
                          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                          O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
                          O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
                          O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
                          O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gisnet.nl/sintmichielsgestel/mapguide/mgaxctrl.cab
                          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203538804265
                          O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
                          O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab
                          O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
                          O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
                          O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
                          O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
                          O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5091/mcfscan.cab
                          O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
                          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                          O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
                          O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
                          O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Roland/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

                          --
                          End of file - 7286 bytes

                          Comment


                          • #14
                            Ziet er weer goed uit!

                            De Java software op je computer is verouderd.
                            Oudere versies hebben lekken die malware de kans geeft om zich te installeren.
                            Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren:
                            Download Java Runtime Environment (JRE) 6u5.
                            • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u5".
                            • Klik op de "Download" knop aan de rechterkant.
                            • In het uitklapmenu rechts naast Platform, selecteer Windows
                            • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
                            • De pagina zal herladen.
                            • Klik op de jre-6u5-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
                            • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                            • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                            • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                            • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                            • Herhaal dit tot alle oudere versies verdwenen zijn.
                            • Na het verwijderen van alle oudere versies, herstart je pc.
                            • Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                            Nog problemen?
                            Groet,
                            Pimmerd

                            Comment


                            • #15
                              Heel erg bedankt voor je hulp.

                              Hij draait weer perfect

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X