Als ik mijn internet explorer of fireworks opstart dan komt er na een tijdje een nieuw venster tevoorschijn met een reclame (porno, dating of andere zooi)

Ik heb een logje van combofix

-07-24 12:38 126,016 --a------ C:\WINDOWS\system32\qqmlhumw.dll
2007-07-24 12:36 66,112 --a------ C:\WINDOWS\system32\uoreojgt.exe
2007-07-24 00:23 266,336 --a------ C:\WINDOWS\system32\ddcyv.dll
2007-07-24 00:18 31,254 --a------ C:\WINDOWS\system32\khffefd.dll
2007-07-22 17:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Maxtor
2007-07-22 17:12 <DIR> d-------- C:\Program Files\PowerQuest
2007-07-22 16:51 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-07-22 16:51 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-07-22 16:50 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-07-22 16:50 <DIR> d-------- C:\Program Files\Maxtor
2007-07-22 16:50 <DIR> d-------- C:\Program Files\Common Files\Maxtor
2007-07-22 16:47 <DIR> d-------- C:\Program Files\Seagate
2007-07-17 00:28 1,165 --a------ C:\WINDOWS\mozver.dat
2007-07-14 23:25 <DIR> d-------- C:\Program Files\Dnote Software
2007-07-14 21:41 <DIR> d-------- C:\DOCUME~1\GideonS\APPLIC~1\InstallShield
2007-07-14 21:39 <DIR> d-------- C:\Program Files\Kwyshell
2007-07-14 14:06 <DIR> d-------- C:\Program Files\SpeedFan
2007-07-14 14:02 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-14 14:02 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-14 14:02 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-14 14:02 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-14 14:02 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-14 14:02 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-14 14:02 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-08 20:30 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-07-03 15:02 <DIR> d-------- C:\DOCUME~1\Ik\APPLIC~1\ATI
2007-07-03 15:01 786,432 --ah----- C:\DOCUME~1\Ik\NTUSER.DAT
2007-07-03 15:01 <DIR> dr-h----- C:\DOCUME~1\Ik\Onlangs geopend
2007-07-03 15:01 <DIR> dr------- C:\DOCUME~1\Ik\Mijn documenten
2007-07-03 15:01 <DIR> dr------- C:\DOCUME~1\Ik\Menu Start
2007-07-03 15:01 <DIR> dr------- C:\DOCUME~1\Ik\Favorieten
2007-07-03 15:01 <DIR> d--h----- C:\DOCUME~1\Ik\Sjablonen
2007-07-03 15:01 <DIR> d--h----- C:\DOCUME~1\Ik\Netwerkprinteromgeving
2007-07-03 15:01 <DIR> d-------- C:\DOCUME~1\Ik\Bureaublad
2007-07-02 09:55 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-02 09:53 <DIR> d-------- C:\DOCUME~1\GideonS\.housecall6.6
2007-07-02 09:50 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-30 20:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
2007-06-30 17:26 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-06-30 17:18 <DIR> d-------- C:\Program Files\ATITool
2007-06-30 14:02 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-30 13:08 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-06-25 23:21 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-25 23:21 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-25 23:21 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-06-25 23:21 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-06-25 23:21 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-25 23:21 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-25 23:21 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-25 23:21 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-07-24 22:51:49 83,398 ----a-w C:\WINDOWS\system32\perfc013.dat
2007-07-24 22:51:49 471,952 ----a-w C:\WINDOWS\system32\perfh013.dat
2007-07-24 22:03:28 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-07-24 22:03:22 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-24 22:00:03 -------- d-----w C:\Program Files\PartyGaming.Net
2007-07-24 21:56:57 -------- d-----w C:\Program Files\Common Files\Scansoft Shared
2007-07-24 18:34:15 -------- d-----w C:\Program Files\Hitman Pro
2007-07-24 13:44:19 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\uTorrent
2007-07-22 14:46:59 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 19:41:54 -------- d-----w C:\Program Files\TomTom HOME
2007-07-02 09:53:42 -------- d-----w C:\Program Files\DAEMON Tools
2007-07-02 09:53:41 -------- d-----w C:\Program Files\NewsLeecher
2007-06-30 15:27:49 -------- d-----w C:\Program Files\ATI Technologies
2007-06-30 12:02:32 -------- d-----w C:\Program Files\Common Files\Nokia
2007-06-30 12:02:31 -------- d-----w C:\Program Files\Nokia
2007-06-30 11:08:21 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-06-27 14:06:31 -------- d-----w C:\Program Files\DC++
2007-06-24 13:31:27 6,076 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-23 16:59:05 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-23 16:50:40 -------- d-----w C:\Program Files\EA SPORTS
2007-06-23 16:49:04 -------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2007-06-23 16:45:56 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-17 21:34:09 -------- d-----w C:\Program Files\Steam
2007-06-17 08:57:50 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\ATI
2007-06-14 15:43:52 14,368 ----a-w C:\WINDOWS\system32\relog_ap.dll
2007-06-14 14:25:28 17,440 ----a-w C:\WINDOWS\system32\acrotls.dll
2007-06-13 19:25:36 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-13 19:24:32 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-06-13 19:24:13 2,155,520 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-13 19:23:23 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-06-13 19:17:37 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-06-13 19:17:26 118,784 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-06-13 19:17:18 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-13 19:17:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-06-13 19:16:59 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-06-13 19:15:39 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-06-13 19:14:51 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-06-13 19:10:33 8,097,792 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-06-13 19:07:26 2,922,208 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-06-13 18:57:21 1,512,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-06-13 18:57:04 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-06-13 18:57:04 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-06-13 18:57:04 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-06-13 18:46:28 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-06-13 18:43:53 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-06-13 18:42:29 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-06-13 18:41:06 50,176 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-06-13 18:36:45 368,640 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-06-13 12:49:50 -------- d-----w C:\Program Files\Techland
2007-06-13 11:53:37 -------- d-----w C:\Program Files\Simbin
2007-06-11 22:12:45 -------- d-----w C:\Program Files\uTorrent
2007-06-09 21:24:08 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\PC Tools
2007-06-09 21:16:27 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-05 09:08:48 -------- d-----w C:\Program Files\Lavalys
2007-05-31 10:51:51 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\PC Suite
2007-05-31 10:49:50 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\Nokia
2007-05-16 15:19:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-06 20:41:15 87,608 ----a-w C:\DOCUME~1\GideonS\APPLIC~1\inst.exe
2007-05-06 20:41:15 47,360 ----a-w C:\DOCUME~1\GideonS\APPLIC~1\pcouffin.sys
2007-05-05 12:10:54 210,464 ----a-w C:\WINDOWS\system32\snapapi.dll
2007-05-01 16:41:14 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5D38D282-D764-4DB2-8203-1F6FE98859C0}=C:\WINDOWS\system32\ddcyv.dll [2007-07-24 00:23]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-06-14 18:32]
{857A461D-8D96-4996-A4A0-AEA0A2535B86}=C:\WINDOWS\system32\khffefd.dll [2007-07-24 00:18]
{938A8A03-A938-4019-B764-03FF8D167D79}=C:\WINDOWS\system32\iwnxgnlw.dll [2007-07-24 12:38]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll [2007-05-17 20:30]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 11:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 16:35]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 14:00 C:\WINDOWS\system32\bthprops.cpl]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 C:\WINDOWS\system32\HdAShCut.exe]
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-06-14 22:10]
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-06-14 22:13]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-06-14 17:43]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 12:40]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 12:53]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]
"{857A461D-8D96-4996-A4A0-AEA0A2535B86}"="C:\WINDOWS\system32\khffefd.dll" [2007-07-24 00:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyv]
C:\WINDOWS\system32\ddcyv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffefd]
khffefd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages msv1_0 relog_ap
Notification Packages scecli scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HD Tune]
C:\PROGRA~1\HDTUNE~1\HDTune.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUpEX]
"C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\G oogleToolbarNotifier.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Steam"="C:\Program Files\Steam\Steam.exe" -silent
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"PCLEPCI"=C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
NtmlSvc

Contents of the 'Scheduled Tasks' folder
2007-06-30 15:16:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-08 15:16:11 C:\WINDOWS\tasks\Easy Onderhoud.job
************************************************** ************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 01:00:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{7771fdc2-fddf-4c9b-affc-98bcd91bf93b}]

Completion time: 2007-07-25 1:03:03
C:\ComboFix-quarantined-files.txt ... 2007-07-25 01:03
C:\ComboFix2.txt ... 2007-07-07 00:43
C:\ComboFix3.txt ... 2007-06-11 23:12
--- E O F ---

en van hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 1:12:32, on 25-7-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Brother\Brmfl05a\Brinstck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Statusvenster.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172058392000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

WIe kan me hiervan af helpen!?

Hoi,

Download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) naar je bureaublad.

Dubbelklik VundoFix.exe om het te starten.
Klik de Scan for Vundo knop.
Eenmaal gedaan met scannen, klik de Remove Vundo knop.
Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES
Nadat je Yes hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen tijdens het verwijderen van Vundo.
Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.
Start je pc terug opnieuw op.

Note: Het is mogelijk dat vundofix een bestand gevonden heeft dat niet kon verwijderd worden.
In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Click the Scan for Vundo."

Doe nog eens een scan met Combofix en post de log daarvan samen met de log van Vundofix en een nieuw HijackThis logje.

-----------------------------Hijackthis--------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:52:05, on 25-7-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {47DE4379-170D-4DB3-8EFA-52345782F062} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - C:\WINDOWS\system32\khffefd.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\odkletgd.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Statusvenster.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172058392000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: khffefd - C:\WINDOWS\SYSTEM32\khffefd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

----------------------------Combofix---------------------------------
ComboFix 07-06-11.3 - C:\Documents and Settings\GideonS\Bureaublad\ComboFix.exe
"GideonS" - 2007-07-25 13:53:20 - Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))

2007-07-25 13:54 6,467 ---hs---- C:\WINDOWS\system32\utvwa.bak1
2007-07-25 13:53 228,960 --a------ C:\WINDOWS\system32\awvtu.dll
2007-07-25 13:44 <DIR> d-------- C:\VundoFix Backups
2007-07-25 13:27 126,016 --a------ C:\WINDOWS\system32\odkletgd.dll
2007-07-25 13:24 66,112 --a------ C:\WINDOWS\system32\dglyybet.exe
2007-07-25 01:29 <DIR> d-------- C:\DOCUME~1\GideonS\APPLIC~1\ScanSoft
2007-07-25 01:14 38,533 --a------ C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
2007-07-25 01:14 <DIR> d-------- C:\WINDOWS\system32\RVAXO
2007-07-25 00:54 <DIR> dr------- C:\DOCUME~1\GideonS\APPLIC~1\Brother
2007-07-25 00:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-07-25 00:23 53,248 --------- C:\WINDOWS\system32\BrNetSti.dll
2007-07-25 00:23 34,816 --------- C:\WINDOWS\system32\BrWiaNCp.dll
2007-07-25 00:23 31,744 --------- C:\WINDOWS\system32\Brnsplg.dll
2007-07-25 00:22 53,248 -r------- C:\WINDOWS\system32\BrMfNt.dll
2007-07-25 00:22 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
2007-07-25 00:22 122,880 --------- C:\WINDOWS\system32\BrfxD05a.dll
2007-07-25 00:22 106,496 --------- C:\WINDOWS\system32\BrMuSNMP.dll
2007-07-25 00:22 0 --a------ C:\WINDOWS\brdfxspd.dat
2007-07-25 00:04 50 --a------ C:\WINDOWS\system32\bridf05a.dat
2007-07-25 00:03 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2007-07-25 00:03 65,536 --------- C:\WINDOWS\system32\BRWEBUP.EXE
2007-07-25 00:03 54,272 --------- C:\WINDOWS\system32\brinsstr.dll
2007-07-25 00:03 188,416 --------- C:\WINDOWS\system32\PDRVINST.DLL
2007-07-25 00:03 147,456 --------- C:\WINDOWS\brunin03.dll
2007-07-25 00:03 <DIR> d-------- C:\Program Files\Brother
2007-07-25 00:03 <DIR> d-------- C:\Brother
2007-07-24 23:56 <DIR> d-------- C:\Program Files\ScanSoft
2007-07-24 23:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
2007-07-24 16:28 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-24 16:28 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-24 16:28 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-07-24 16:28 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-24 16:27 164 --a------ C:\install.dat
2007-07-24 16:27 <DIR> d-------- C:\Program Files\Webroot
2007-07-24 16:27 <DIR> d-------- C:\DOCUME~1\GideonS\APPLIC~1\Webroot
2007-07-24 16:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-24 12:38 126,016 --a------ C:\WINDOWS\system32\qqmlhumw.dll
2007-07-24 12:36 66,112 --a------ C:\WINDOWS\system32\uoreojgt.exe
2007-07-24 00:18 31,254 --a------ C:\WINDOWS\system32\khffefd.dll
2007-07-22 17:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Maxtor
2007-07-22 17:12 <DIR> d-------- C:\Program Files\PowerQuest
2007-07-22 16:51 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-07-22 16:51 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-07-22 16:50 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-07-22 16:50 <DIR> d-------- C:\Program Files\Maxtor
2007-07-22 16:50 <DIR> d-------- C:\Program Files\Common Files\Maxtor
2007-07-22 16:47 <DIR> d-------- C:\Program Files\Seagate
2007-07-17 00:28 1,165 --a------ C:\WINDOWS\mozver.dat
2007-07-14 23:25 <DIR> d-------- C:\Program Files\Dnote Software
2007-07-14 21:41 <DIR> d-------- C:\DOCUME~1\GideonS\APPLIC~1\InstallShield
2007-07-14 21:39 <DIR> d-------- C:\Program Files\Kwyshell
2007-07-14 14:06 <DIR> d-------- C:\Program Files\SpeedFan
2007-07-14 14:02 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-14 14:02 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-14 14:02 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-14 14:02 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-14 14:02 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-14 14:02 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-14 14:02 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-08 20:30 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-07-03 15:02 <DIR> d-------- C:\DOCUME~1\Ik\APPLIC~1\ATI
2007-07-03 15:01 786,432 --ah----- C:\DOCUME~1\Ik\NTUSER.DAT
2007-07-03 15:01 <DIR> dr-h----- C:\DOCUME~1\Ik\Onlangs geopend
2007-07-03 15:01 <DIR> dr------- C:\DOCUME~1\Ik\Mijn documenten
2007-07-03 15:01 <DIR> dr------- C:\DOCUME~1\Ik\Menu Start
2007-07-03 15:01 <DIR> dr------- C:\DOCUME~1\Ik\Favorieten
2007-07-03 15:01 <DIR> d--h----- C:\DOCUME~1\Ik\Sjablonen
2007-07-03 15:01 <DIR> d--h----- C:\DOCUME~1\Ik\Netwerkprinteromgeving
2007-07-03 15:01 <DIR> d-------- C:\DOCUME~1\Ik\Bureaublad
2007-07-02 09:55 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-02 09:53 <DIR> d-------- C:\DOCUME~1\GideonS\.housecall6.6
2007-07-02 09:50 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-30 20:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
2007-06-30 17:26 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-06-30 17:18 <DIR> d-------- C:\Program Files\ATITool
2007-06-30 14:02 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-30 13:08 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-06-25 23:21 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-25 23:21 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-25 23:21 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-06-25 23:21 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-06-25 23:21 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-25 23:21 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-25 23:21 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-25 23:21 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-07-25 11:53:01 83,398 ----a-w C:\WINDOWS\system32\perfc013.dat
2007-07-25 11:53:01 471,952 ----a-w C:\WINDOWS\system32\perfh013.dat
2007-07-24 23:40:15 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\uTorrent
2007-07-24 22:03:28 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-07-24 22:03:22 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-24 22:00:03 -------- d-----w C:\Program Files\PartyGaming.Net
2007-07-24 21:56:57 -------- d-----w C:\Program Files\Common Files\Scansoft Shared
2007-07-24 18:34:15 -------- d-----w C:\Program Files\Hitman Pro
2007-07-22 14:46:59 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 19:41:54 -------- d-----w C:\Program Files\TomTom HOME
2007-07-02 09:53:42 -------- d-----w C:\Program Files\DAEMON Tools
2007-07-02 09:53:41 -------- d-----w C:\Program Files\NewsLeecher
2007-06-30 15:27:49 -------- d-----w C:\Program Files\ATI Technologies
2007-06-30 12:02:32 -------- d-----w C:\Program Files\Common Files\Nokia
2007-06-30 12:02:31 -------- d-----w C:\Program Files\Nokia
2007-06-30 11:08:21 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-06-27 14:06:31 -------- d-----w C:\Program Files\DC++
2007-06-24 13:31:27 6,076 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-23 16:59:05 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-23 16:50:40 -------- d-----w C:\Program Files\EA SPORTS
2007-06-23 16:49:04 -------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2007-06-23 16:45:56 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-17 21:34:09 -------- d-----w C:\Program Files\Steam
2007-06-17 08:57:50 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\ATI
2007-06-14 15:43:52 14,368 ----a-w C:\WINDOWS\system32\relog_ap.dll
2007-06-14 14:25:28 17,440 ----a-w C:\WINDOWS\system32\acrotls.dll
2007-06-13 19:25:36 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-13 19:24:32 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-06-13 19:24:13 2,155,520 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-13 19:23:23 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-06-13 19:17:37 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-06-13 19:17:26 118,784 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-06-13 19:17:18 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-13 19:17:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-06-13 19:16:59 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-06-13 19:15:39 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-06-13 19:14:51 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-06-13 19:10:33 8,097,792 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-06-13 19:07:26 2,922,208 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-06-13 18:57:21 1,512,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-06-13 18:57:04 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-06-13 18:57:04 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-06-13 18:57:04 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-06-13 18:46:28 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-06-13 18:43:53 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-06-13 18:42:29 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-06-13 18:41:06 50,176 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-06-13 18:36:45 368,640 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-06-13 12:49:50 -------- d-----w C:\Program Files\Techland
2007-06-13 11:53:37 -------- d-----w C:\Program Files\Simbin
2007-06-11 22:12:45 -------- d-----w C:\Program Files\uTorrent
2007-06-09 21:24:08 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\PC Tools
2007-06-09 21:16:27 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-05 09:08:48 -------- d-----w C:\Program Files\Lavalys
2007-05-31 10:51:51 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\PC Suite
2007-05-31 10:49:50 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\Nokia
2007-05-16 15:19:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-06 20:41:15 87,608 ----a-w C:\DOCUME~1\GideonS\APPLIC~1\inst.exe
2007-05-06 20:41:15 47,360 ----a-w C:\DOCUME~1\GideonS\APPLIC~1\pcouffin.sys
2007-05-05 12:10:54 210,464 ----a-w C:\WINDOWS\system32\snapapi.dll
2007-05-01 16:41:14 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{0AC244FB-6199-4F40-B8B1-8D60044F0776}=C:\WINDOWS\system32\awvtu.dll [2007-07-25 13:53]
{47DE4379-170D-4DB3-8EFA-52345782F062}=C:\WINDOWS\system32\ddcyv.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-06-14 18:32]
{857A461D-8D96-4996-A4A0-AEA0A2535B86}=C:\WINDOWS\system32\khffefd.dll [2007-07-24 00:18]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll [2007-05-17 20:30]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 11:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 16:35]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 14:00 C:\WINDOWS\system32\bthprops.cpl]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 C:\WINDOWS\system32\HdAShCut.exe]
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-06-14 22:10]
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-06-14 22:13]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-06-14 17:43]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 12:40]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 12:53]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]
"{857A461D-8D96-4996-A4A0-AEA0A2535B86}"="C:\WINDOWS\system32\khffefd.dll" [2007-07-24 00:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtu]
C:\WINDOWS\system32\awvtu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffefd]
khffefd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages msv1_0 relog_ap
Notification Packages scecli scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HD Tune]
C:\PROGRA~1\HDTUNE~1\HDTune.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUpEX]
"C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\G oogleToolbarNotifier.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Steam"="C:\Program Files\Steam\Steam.exe" -silent
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"PCLEPCI"=C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
NtmlSvc

Contents of the 'Scheduled Tasks' folder
2007-06-30 15:16:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-08 15:16:11 C:\WINDOWS\tasks\Easy Onderhoud.job
************************************************** ************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 13:59:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [2980]

scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{7771fdc2-fddf-4c9b-affc-98bcd91bf93b}]

Completion time: 2007-07-25 14:02:14
C:\ComboFix-quarantined-files.txt ... 2007-07-25 14:02
--- E O F ---

---------------------------------Vundofix---------------------------

VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.11
Scan started at 13:44:55 25-7-2007
Listing files found while scanning....
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\iwnxgnlw.dll
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini2
C:\WINDOWS\system32\vycdd.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iwnxgnlw.dll
C:\WINDOWS\system32\iwnxgnlw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.ini2
C:\WINDOWS\system32\vycdd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.tmp
C:\WINDOWS\system32\vycdd.tmp Has been deleted!
Performing Repairs to the registry.
Done!

Hi gideon,

open HijackThis, klik do a scan only en plaats en vink volgende regels aan:

O2 - BHO: (no name) - {47DE4379-170D-4DB3-8EFA-52345782F062} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - C:\WINDOWS\system32\khffefd.dll
O20 - Winlogon Notify: khffefd - C:\WINDOWS\SYSTEM32\khffefd.dll

Sluit alle open vensters, behalve HijackThis, en klik op Fix Checked. Sluit HijackThis.

Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\odkletgd.dll
C:\WINDOWS\system32\dglyybet.exe
C:\WINDOWS\system32\qqmlhumw.dll
C:\WINDOWS\system32\uoreojgt.exe
C:\WINDOWS\system32\khffefd.dll


Sla dit op op je Bureaublad als CFScript .
Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw hijackThis logje.

Hey Rosty,

Ik kan deze twee niet vinden in m'n hijack

O2 - BHO: (no name) - {47DE4379-170D-4DB3-8EFA-52345782F062} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - C:\WINDOWS\system32\khffefd.dll
O20 - Winlogon Notify: khffefd - C:\WINDOWS\SYSTEM32\khffefd.dll

Trouwens de pop up verschijnen niet, maar ik heb toch voor zekerheid je advies uitgevoerd.

----------------------------------Hijackthis-------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:52:37, on 25-7-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172058392000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

---------------------Combofix-----------------------
ComboFix 07-06-11.3 - C:\Documents and Settings\GideonS\Bureaublad\ComboFix.exe
"GideonS" - 2007-07-25 23:44:04 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\GideonS\Bureaublad\CFScript.txt

((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))

2007-07-25 20:22 249,856 --------- C:\WINDOWS\Setup1.exe
2007-07-25 17:44 <DIR> dr-h----- C:\DOCUME~1\GideonS\Onlangs geopend
2007-07-25 13:54 6,467 ---hs---- C:\WINDOWS\system32\utvwa.bak1
2007-07-25 13:53 228,960 --a------ C:\WINDOWS\system32\awvtu.dll
2007-07-25 13:44 <DIR> d-------- C:\VundoFix Backups
2007-07-25 13:27 126,016 --a------ C:\WINDOWS\system32\odkletgd.dll
2007-07-25 13:24 66,112 --a------ C:\WINDOWS\system32\dglyybet.exe
2007-07-25 01:29 <DIR> d-------- C:\DOCUME~1\GideonS\APPLIC~1\ScanSoft
2007-07-25 01:14 38,533 --a------ C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
2007-07-25 01:14 <DIR> d-------- C:\WINDOWS\system32\RVAXO
2007-07-25 00:54 <DIR> dr------- C:\DOCUME~1\GideonS\APPLIC~1\Brother
2007-07-25 00:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-07-25 00:23 53,248 --------- C:\WINDOWS\system32\BrNetSti.dll
2007-07-25 00:23 34,816 --------- C:\WINDOWS\system32\BrWiaNCp.dll
2007-07-25 00:23 31,744 --------- C:\WINDOWS\system32\Brnsplg.dll
2007-07-25 00:22 53,248 -r------- C:\WINDOWS\system32\BrMfNt.dll
2007-07-25 00:22 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
2007-07-25 00:22 122,880 --------- C:\WINDOWS\system32\BrfxD05a.dll
2007-07-25 00:22 106,496 --------- C:\WINDOWS\system32\BrMuSNMP.dll
2007-07-25 00:22 0 --a------ C:\WINDOWS\brdfxspd.dat
2007-07-25 00:04 50 --a------ C:\WINDOWS\system32\bridf05a.dat
2007-07-25 00:03 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2007-07-25 00:03 65,536 --------- C:\WINDOWS\system32\BRWEBUP.EXE
2007-07-25 00:03 54,272 --------- C:\WINDOWS\system32\brinsstr.dll
2007-07-25 00:03 188,416 --------- C:\WINDOWS\system32\PDRVINST.DLL
2007-07-25 00:03 147,456 --------- C:\WINDOWS\brunin03.dll
2007-07-25 00:03 <DIR> d-------- C:\Program Files\Brother
2007-07-25 00:03 <DIR> d-------- C:\Brother
2007-07-24 23:56 <DIR> d-------- C:\Program Files\ScanSoft
2007-07-24 23:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
2007-07-24 16:28 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-24 16:28 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-24 16:28 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-07-24 16:28 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-24 16:27 164 --a------ C:\install.dat
2007-07-24 16:27 <DIR> d-------- C:\Program Files\Webroot
2007-07-24 16:27 <DIR> d-------- C:\DOCUME~1\GideonS\APPLIC~1\Webroot
2007-07-24 16:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-24 12:38 126,016 --a------ C:\WINDOWS\system32\qqmlhumw.dll
2007-07-24 12:36 66,112 --a------ C:\WINDOWS\system32\uoreojgt.exe
2007-07-24 00:18 31,254 --a------ C:\WINDOWS\system32\khffefd.dll
2007-07-22 17:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Maxtor
2007-07-22 17:12 <DIR> d-------- C:\Program Files\PowerQuest
2007-07-22 16:51 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-07-22 16:51 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-07-22 16:50 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-07-22 16:50 <DIR> d-------- C:\Program Files\Maxtor
2007-07-22 16:50 <DIR> d-------- C:\Program Files\Common Files\Maxtor
2007-07-22 16:47 <DIR> d-------- C:\Program Files\Seagate
2007-07-17 00:28 1,165 --a------ C:\WINDOWS\mozver.dat
2007-07-14 21:41 <DIR> d-------- C:\DOCUME~1\GideonS\APPLIC~1\InstallShield
2007-07-14 14:02 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-14 14:02 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-14 14:02 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-14 14:02 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-14 14:02 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-14 14:02 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-14 14:02 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-08 20:30 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-07-03 15:02 <DIR> d-------- C:\DOCUME~1\Ik\APPLIC~1\ATI
2007-07-03 15:01 786,432 --ah----- C:\DOCUME~1\Ik\NTUSER.DAT
2007-07-03 15:01 <DIR> dr-h----- C:\DOCUME~1\Ik\Onlangs geopend
2007-07-03 15:01 <DIR> dr------- C:\DOCUME~1\Ik\Mijn documenten
2007-07-03 15:01 <DIR> dr------- C:\DOCUME~1\Ik\Menu Start
2007-07-03 15:01 <DIR> dr------- C:\DOCUME~1\Ik\Favorieten
2007-07-03 15:01 <DIR> d--h----- C:\DOCUME~1\Ik\Sjablonen
2007-07-03 15:01 <DIR> d--h----- C:\DOCUME~1\Ik\Netwerkprinteromgeving
2007-07-03 15:01 <DIR> d-------- C:\DOCUME~1\Ik\Bureaublad
2007-07-02 09:55 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-02 09:53 <DIR> d-------- C:\DOCUME~1\GideonS\.housecall6.6
2007-07-02 09:50 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-30 20:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
2007-06-30 17:26 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-06-30 17:18 <DIR> d-------- C:\Program Files\ATITool
2007-06-30 14:02 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-30 13:08 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-06-25 23:21 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-25 23:21 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-25 23:21 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-06-25 23:21 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-06-25 23:21 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-25 23:21 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-25 23:21 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-25 23:21 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-07-25 18:22:29 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-07-25 16:41:20 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-25 16:40:04 -------- d-----w C:\Program Files\Steam
2007-07-25 15:52:16 471,952 ----a-w C:\WINDOWS\system32\perfh013.dat
2007-07-25 15:52:15 83,398 ----a-w C:\WINDOWS\system32\perfc013.dat
2007-07-24 23:40:15 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\uTorrent
2007-07-24 22:03:28 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-07-24 22:00:03 -------- d-----w C:\Program Files\PartyGaming.Net
2007-07-24 21:56:57 -------- d-----w C:\Program Files\Common Files\Scansoft Shared
2007-07-24 18:34:15 -------- d-----w C:\Program Files\Hitman Pro
2007-07-22 14:46:59 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 19:41:54 -------- d-----w C:\Program Files\TomTom HOME
2007-07-02 09:53:42 -------- d-----w C:\Program Files\DAEMON Tools
2007-07-02 09:53:41 -------- d-----w C:\Program Files\NewsLeecher
2007-06-30 15:27:49 -------- d-----w C:\Program Files\ATI Technologies
2007-06-30 12:02:32 -------- d-----w C:\Program Files\Common Files\Nokia
2007-06-30 12:02:31 -------- d-----w C:\Program Files\Nokia
2007-06-30 11:08:21 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-06-27 14:06:31 -------- d-----w C:\Program Files\DC++
2007-06-24 13:31:27 6,076 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-23 16:59:05 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-23 16:49:04 -------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2007-06-23 16:45:56 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-17 08:57:50 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\ATI
2007-06-14 15:43:52 14,368 ----a-w C:\WINDOWS\system32\relog_ap.dll
2007-06-14 14:25:28 17,440 ----a-w C:\WINDOWS\system32\acrotls.dll
2007-06-13 19:25:36 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-13 19:24:32 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-06-13 19:24:13 2,155,520 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-13 19:23:23 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-06-13 19:17:37 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-06-13 19:17:26 118,784 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-06-13 19:17:18 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-13 19:17:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-06-13 19:16:59 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-06-13 19:15:39 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-06-13 19:14:51 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-06-13 19:10:33 8,097,792 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-06-13 19:07:26 2,922,208 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-06-13 18:57:21 1,512,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-06-13 18:57:04 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-06-13 18:57:04 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-06-13 18:57:04 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-06-13 18:46:28 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-06-13 18:43:53 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-06-13 18:42:29 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-06-13 18:41:06 50,176 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-06-13 18:36:45 368,640 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-06-11 22:12:45 -------- d-----w C:\Program Files\uTorrent
2007-06-09 21:24:08 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\PC Tools
2007-06-09 21:16:27 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-05 09:08:48 -------- d-----w C:\Program Files\Lavalys
2007-05-31 10:51:51 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\PC Suite
2007-05-31 10:49:50 -------- d-----w C:\DOCUME~1\GideonS\APPLIC~1\Nokia
2007-05-16 15:19:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-06 20:41:15 87,608 ----a-w C:\DOCUME~1\GideonS\APPLIC~1\inst.exe
2007-05-06 20:41:15 47,360 ----a-w C:\DOCUME~1\GideonS\APPLIC~1\pcouffin.sys
2007-05-05 12:10:54 210,464 ----a-w C:\WINDOWS\system32\snapapi.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{230DEBEE-BB8E-4E41-91C6-7E0D3D8D3B57}=C:\WINDOWS\system32\awvtu.dll [2007-07-25 13:53]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-06-14 18:32]
{857A461D-8D96-4996-A4A0-AEA0A2535B86}=C:\WINDOWS\system32\khffefd.dll [2007-07-24 00:18]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll [2007-05-17 20:30]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 11:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 16:35]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 14:00 C:\WINDOWS\system32\bthprops.cpl]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 C:\WINDOWS\system32\HdAShCut.exe]
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-06-14 22:10]
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-06-14 22:13]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-06-14 17:43]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 12:40]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 12:53]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]
"{857A461D-8D96-4996-A4A0-AEA0A2535B86}"="C:\WINDOWS\system32\khffefd.dll" [2007-07-24 00:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtu]
C:\WINDOWS\system32\awvtu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffefd]
khffefd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages msv1_0 relog_ap
Notification Packages scecli scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HD Tune]
C:\PROGRA~1\HDTUNE~1\HDTune.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUpEX]
"C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\G oogleToolbarNotifier.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Steam"="C:\Program Files\Steam\Steam.exe" -silent
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"PCLEPCI"=C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
NtmlSvc

Contents of the 'Scheduled Tasks' folder
2007-06-30 15:16:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-08 15:16:11 C:\WINDOWS\tasks\Easy Onderhoud.job
************************************************** ************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 23:47:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\B THPORT\Parameters\Services\{7771fdc2-fddf-4c9b-affc-98bcd91bf93b}]

Completion time: 2007-07-25 23:49:41
C:\ComboFix-quarantined-files.txt ... 2007-07-25 23:49
C:\ComboFix2.txt ... 2007-07-25 14:02
--- E O F ---

Ziet er goed uit hoor.
Hoe werkt alles verder?

Bedankt alles werkt weer prima. Ik zal de bedankjes aan klikken

Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".
- Start de pc opnieuw op
- Er is nu een nieuw schoon herstel punt aangemaakt
Hier nog wat tips. tips (http://www.jawwi.nl/tips/beveiligen.html)
De tooltjes die we gebruikt hebben mag je ook terug verwijderen hoor!!!