Dit bericht had ik op de verkeerde plaats gepost, dus bij deze:

Geachte heer/dame,

Afgelopen vrijdag kreeg ik een bestand doorgestuurd in Windows Live Messenger. Via een contactpersoon kreeg ik het bericht:

'Have you seen this picture?', met daarbij een winzip bestand, iets van photo000.winzip was de naam (met andere cijfers; ik dacht 358). Nadat ik zo dom was om het te accepteren, werd dit bericht doorgestuurd naar alle personen in mijn contactlijst van msn.

Ik heb op internet gezocht naar een oplossing om het bestand te verwijderen, en kwam op deze pagina terecht:

http://forum.computeridee.nl/showthr...t=32533&page=2 (http://forum.computeridee.nl/showthread.php?t=32533&page=2)

Wat er in post nummer 18 staat (die van 9 oktober 2006), heb ik uitgevoerd.

Inmiddels weet ik niet of de problemen in Messenger zijn opgelost, al kwamen een aantal berichten niet aan. Ik weet niet of het virus nog doorgestuurd wordt naar contactpersonen. Weet iemand hoe dit te verhelpen is?

Daarnaast kreeg ik na het uitvoeren van die scans te maken met nog een probleem, al zal dat wel makkelijk te verhelpen zijn. Ik met mijn weinige verstand van computers kom er niet uit namelijk. Als ik nu met Firefox naar www.hotmail.com (http://www.hotmail.com/) ga, blijft de pagina gewoon wit. Op een tweetal andere sites heb ik ook problemen, dan blijft bijvoorbeeld een deel van de pagina wit (de achtergrond van de website). In Internet Explorer heb ik dit daarentegen niet. Er zal dus wel wat mis zijn met de browserinstellingen, maar ik weet dus niet hoe ik dat kan aanpassen. Heeft iemand voor deze twee problemen een oplossing?

Alvast heel erg bedankt!

Met vriendelijke groet,

Rob Bongers

En bij deze mijn Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:57:26, on 28-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\802.11g USB\RT2573\WLService.exe
D:\Program Files\802.11g USB\RT2573\RT2573.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\NETGEAR\WG111v2 Configuration Utility\WG111v2.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
D:\Program Files\Winamp\winamp.exe
D:\WINDOWS\system32\msiexec.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LiveMonitor] D:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [*ACLMTR] D:\WINDOWS\system32\hdhelp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PalTalk.lnk = D:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://ubwi0001.unimaas.nl/Citrix/ICAWEB/en/ica32/wficat.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gemtek USB Wireless LAN Card - Unknown owner - D:\Program Files\802.11g USB\RT2573\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Print Spooler Service (uerue1heiho1oy5z) - Unknown owner - D:\WINDOWS\system32\bzzhpdcrqkc.exe (file missing)

--
End of file - 10624 bytes

1. Ik zie dat je TeaTimer van Spybot op de achtergrond hebt draaien, deze kan in de weg zitten met het fixen van HijackThis-regels. Zet daarom de TeaTimer eventjes uit, dit doe je op de volgende manier:
1. Start Spybot Search and Destroy.
2. Ga naar 'Mode' > selecteer Advanced Mode
3. Ga naar 'Tools' en klik op het Resident-icoon in de lijst
4. Haal het vinkje weg bij Resident TeaTimer en klik OK

5. Download nu ResetTeaTimer.bat (http://downloads.subratam.org/ResetTeaTimer.bat) naar je bureaublad. (rechtsklikken -> opslaan als..)
6. Open nu ResetTeaTimer.bat vanaf je bureaublad.2. Ga naar start --> uitvoeren en typ daar: sc delete uerue1heiho1oy5z
Bevestig met ok.

3. Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regel aan:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\RunOnce: [*ACLMTR] D:\WINDOWS\system32\hdhelp.exe

Sluit nu alle openstaande vensters, behalve Hijackthis en klik op 'Fix checked'

4. Download Combofix (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe) naar je Bureaublad.

Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik Combofix.exe
Volg de instructies, aanvaard de disclaimer door "1" te typen en te bevestigen via "Enter".
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.

Ik heb nu alles gedaan tot stap 4. Combofix heb ik gedownload, maar het venster daarvan blijft zwart, er gebeurt niks, er komen geen instructies of iets dergelijks.

Weet U waar het aan ligt?

Plaats eens een nieuw Hijackthis logje :)

Bij deze:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:55, on 29-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\802.11g USB\RT2573\WLService.exe
D:\Program Files\802.11g USB\RT2573\RT2573.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\WINDOWS\system32\RunDll32.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\NETGEAR\WG111v2 Configuration Utility\WG111v2.exe
D:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Winamp\winamp.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LiveMonitor] D:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PalTalk.lnk = D:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = D:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://ubwi0001.unimaas.nl/Citrix/ICAWEB/en/ica32/wficat.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gemtek USB Wireless LAN Card - Unknown owner - D:\Program Files\802.11g USB\RT2573\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10030 bytes

Je Hijackthis logfile ziet er goed uit, kan je Combofix eens in veilige modus laten lopen:
http://users.telenet.be/marcvn/spyware/1378056.htm

Ook in de veilige modus doet Combofix het niet, het venster opent wel, maar het blijft zwart, er verschijnt geen tekst of iets dergelijks.

Download reglooks.exe (http://users.telenet.be/marcvn/tools/reglooks.exe)
Plaats het op je bureaublad.
Dubbelklik op reglooks.exe en wacht tot er een logfile opent. Post de inhoud van deze logfile (result.txt).

De logfile result.txt:


REGLOOKS logfile

version 0.977
wo 30-01-2008 0:34:20,07
running from: "D:\Documents and Settings\Rob\Bureaublad"

--- SSODL regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad
only standard or legit regkeys found


--- STS regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler
only standard or legit regkeys found


--- USERINIT regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"


--- SHELL regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell"="Explorer.exe"


--- SYSTEM regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"System"=""


--- APPINIT_DLLS regkey ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"=""


--- NOTIFY regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
only standard or legit regkeys found


--- RUN / LOAD regkeys ---

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
"load"=""


--- BOOTEXECUTE regkey ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager
BootExecute= autocheck autochk *\0lsdelete\0\0


--- SHELLEXECUTEHOOKS regkey ---

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"


--- AUTORUN regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
"AutoRun"=""


--- HKLM\Run regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"WinampAgent"="D:\\Program Files\\Winamp\\winampa.exe"
"ShStatEXE"="\"D:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"D:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"D:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""
"DAEMON Tools-1033"="\"D:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"LiveMonitor"="D:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"SoundMan"="SOUNDMAN.EXE"
"C-Media Mixer"="Mixer.exe /startup"
"Adobe Reader Speed Launcher"="\"D:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"NeroFilterCheck"="D:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe"
"NBKeyScan"="\"D:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
"HP Software Update"="D:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"HP Component Manager"="\"D:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
"!AVG Anti-Spyware"="\"D:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[Run\OptionalComponents]
@=""
[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""
[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""


--- HKLM\RunOnce regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce
no HKLM RunOnce keys found


--- HKLM\RunOnceEx regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx
no HKLM RunOnceEx keys found


--- HKLM\RunServices regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices
no HKLM RunServices keys found


--- HKLM\RunServicesOnce regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce
no HKLM RunServicesOnce keys found


--- HKCU\Run regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
"CTFMON.EXE"="D:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"msnmsgr"="\"D:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"


--- HKCU\RunOnce regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce
no HKCU RunOnce keys found


--- HKCU\RunOnceEx regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnceEx
regkey does not exist


--- HKCU\RunServices regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices
no HKCU RunServices keys found


--- HKCU\RunServicesOnce regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce
no HKCU RunServicesOnce keys found


--- HKU\.DEFAULT\Run regkeys - Default user ---

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"


--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"


--- HKU\S-1-5-19\Run regkeys - User Lokale service ---

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"


--- HKU\S-1-5-20\Run regkeys - User Netwerkservice ---

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"


--- HKLM\Explorer\Run regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run
regkey does not exist


--- HKCU\Explorer\Run regkeys ---

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run
regkey does not exist


--- Image File Execution regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
no debuggers found


--- BROWSER HELPER OBJECTS regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR)
"{53707962-6F74-2D53-2644-206D7942484F}" FILE ="D:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="D:\\Program Files\\Java\\jre1.6.0_02\\bin\\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}" FILE ="D:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}" FILE ="d:\\program files\\google\\googletoolbar1.dll"
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" FILE ="D:\\Program Files\\Google\\GoogleToolbarNotifier\\2.1.615.5858 \\swg.dll"


--- TOOLBAR regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" FILE ="d:\\program files\\google\\googletoolbar1.dll"


--- URLSEARCHHOOKS regkeys ---

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
only standard regkeys found


--- SRCEENSAVER regkey ---

HKEY_CURRENT_USER\Control Panel\Desktop
"SCRNSAVE.EXE"="D:\\WINDOWS\\System32\\logon.scr"


--- CONTEXTMENUHANDLERS regkeys ---

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
"AVG Anti-Spyware" CLSID ={8934FCEF-F5B8-468f-951F-78A921CD3920} FILE ="D:\\Program Files\\AVG Anti-Spyware 7.5\\context.dll"
"Cover Designer" CLSID ={73FCA462-9BD5-4065-A73F-A8E5F6904EF7} FILE ="D:\\Program Files\\Nero\\Nero8\\Nero CoverDesigner\\CoverEdExtension.dll"
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
"Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"Quick Par" CLSID ={D120D80B-BD26-4A74-8E43-2C2AF0966139} FILE ="D:\\Program Files\\QuickPar\\QuickParShlExt.dll"
"RExpCtxU" CLSID ={D9F81151-62CA-4858-B45E-82B3EC41A549} FILE ="D:\\Program Files\\Resco\\Pocket Encryption\\RExpCtxU.dll"
"VirusScan" CLSID ={cda2863e-2497-4c49-9b89-06840e070a87} FILE ="D:\\Program Files\\Network Associates\\VirusScan\\shext.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="D:\\Program Files\\WinRAR\\rarext.dll"
"WinZip" CLSID ={E0D79304-84BE-11CE-9641-444553540000} FILE ="D:\\PROGRA~1\\WINZIP\\WZSHLSTB.DLL"
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHan dlers
"AVG Anti-Spyware" CLSID ={8934FCEF-F5B8-468f-951F-78A921CD3920} FILE ="D:\\Program Files\\AVG Anti-Spyware 7.5\\context.dll"
"EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"RExpCtxU" CLSID ={D9F81151-62CA-4858-B45E-82B3EC41A549} FILE ="D:\\Program Files\\Resco\\Pocket Encryption\\RExpCtxU.dll"
"Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
"VirusScan" CLSID ={cda2863e-2497-4c49-9b89-06840e070a87} FILE ="D:\\Program Files\\Network Associates\\VirusScan\\shext.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="D:\\Program Files\\WinRAR\\rarext.dll"
"WinZip" CLSID ={E0D79304-84BE-11CE-9641-444553540000} FILE ="D:\\PROGRA~1\\WINZIP\\WZSHLSTB.DLL"

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandle rs
"VirusScan" CLSID ={cda2863e-2497-4c49-9b89-06840e070a87} FILE ="D:\\Program Files\\Network Associates\\VirusScan\\shext.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="D:\\Program Files\\WinRAR\\rarext.dll"
"WinZip" CLSID ={E0D79304-84BE-11CE-9641-444553540000} FILE ="D:\\PROGRA~1\\WINZIP\\WZSHLSTB.DLL"


--- ALTERNATESHELL regkey ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot
"AlternateShell"="cmd.exe"


--- SAFEBOOT MINIMAL SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal
no unknown services found


--- SAFEBOOT NETWORK SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network
no unknown services found


--- SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DS1410D
"DisplayName"="DS1410D"
\??\D:\WINDOWS\system32\drivers\ds1410d.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Gemtek USB Wireless LAN Card
"DisplayName"="Gemtek USB Wireless LAN Card"
D:\Program Files\802.11g USB\RT2573\WLService.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\hardlock
"DisplayName"="hardlock"
\??\D:\WINDOWS\system32\drivers\hardlock.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Haspnt
"DisplayName"="Haspnt"
\??\D:\WINDOWS\system32\drivers\Haspnt.sys

"DisplayName"="Nero BackItUp Scheduler 3"
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SDTHOOK
System32\DRIVERS\SDTHOOK.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sentinel
"DisplayName"="Sentinel"
\SystemRoot\System32\Drivers\SENTINEL.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sntnlusb
"DisplayName"="Rainbow USB SuperPro"
system32\DRIVERS\SNTNLUSB.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\viamraid
system32\DRIVERS\viamraid.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\videX32
system32\DRIVERS\videX32.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\xfilt
"DisplayName"="VIA SATA IDE Hot-plug Driver"
system32\DRIVERS\xfilt.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{457F40EA-52FE-4374-9293-141A30E4E216}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{4ACCF20E-23A8-4034-B751-D7D9FA4747FE}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{6F5BBBC5-5239-4627-94B9-D47715F01354}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{720CC18A-778D-4BB7-AAD3-76ED04C31C1D}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{8C0600AA-BE46-4E75-837C-E11F86286FB1}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{9336FFA0-217E-4BEA-84BC-B2D43C3B0F9C}
no imagepath value found


--- SECURITYPROVIDERS regkey ---

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


--- SVCHOST regkey ---

HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
HTTPFilter: HTTPFilter\0\0
LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService: DnsCache\0\0
netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServ er\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCom patibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServ er\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntm ssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\ 0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedacc ess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0 WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0B ITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN \0\0
DcomLaunch: DcomLaunch\0TermService\0\0
rpcss: RpcSs\0\0
imgsvc: StiSvc\0\0
termsvcs: TermService\0\0
hpdevmgmt: hpqcxs08\0hpqddsvc\0\0


--- WOW-CMDLINE regkeys ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\WOW
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386


--- DNS SERVER regkeys ---

no "NameServer" values found


--- STARTUP FOLDERS ---

D:\Documents and Settings\Rob\Menu Start\Programma's\Opstarten\desktop.ini
D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PalTalk.lnk
D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk
D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WG111v2 Smart Wizard Wireless Setting.lnk


--- TASK SCHEDULER JOBS ---

no .job files found


--- File associations ---

.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


FINISHED

Logje ziet er goed uit :)
Nog problemen, op Combofix na?

Nee, ik heb geen problemen meer gehad, heel erg bedankt!

Graag gedaan :)