Voor onze Specialisten. Ik (baloeke) heb het logje dat gepost stond in http://www.minatica.be/showthread.php?t=52208 (http://www.minatica.be/showthread.php?t=52208) verplaatst naar deze.
De tekst waar het topic begon is

Sinds kort kan ik mijn verkenner niet meer gebruiken in Vista. Bij het opstarten geeft hij al een "Run DLL fout" aan. Avast heeft al een paar keer een Trojan naar de kluis verplaatst. Kan er iemand voor een oplossing zorgen zonder dat ik heel de boel opnieuw moet installeren ?
Dank bij voorbaat.


Alvast bedankt voor de medewerking.
Hieronder vindt u de logfile van Hijackthis.
Systeemherstel heb ik al geprobeerd maar dat lost niks op.
De situatie is zelfs verslecht. Telkens ik Outlook afsluit moet ik volledig heropstarten om iets anders te kunnen openen.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:58, on 26/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HandigeBeheerder\scrmain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HandigeBeheerder\cwriter.exe
D:\TOOLS\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HandigeBeheerder toolbar - {4AD56E6F-7074-41EE-8A40-583C2C76EFCD} - C:\Program Files\HandigeBeheerder\SCToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStar tMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ICSDCLT] C:\Windows\rundll32.exe C:\Windows\system32\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cwriter] C:\Program Files\HandigeBeheerder\cwriter.exe
O4 - HKLM\..\Run: [HandigeBeheerder] C:\Program Files\HandigeBeheerder\scrmain.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Karl\AppData\Local\Temp\vtutt.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Karl\AppData\Local\Temp\efeff.dll,c
O4 - HKCU\..\Run: [d0af19de] rundll32.exe "C:\Users\Karl\AppData\Local\Temp\gaaslljb.dll",b
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Karl\AppData\Local\Temp\ovoprfwh.dll",run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-905332719-1523131749-3694973960-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Ilse')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\TOOLS\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9931 bytes

De RunDLL foutmelding die ik krijg is de volgende :

Fout in C:\Users\Karl\AppData\Local\Temp\ovoprfwh.dll
Ontbrekende vermelding:run

Als je onderstaande eerst even wil doen aub.


Schakel tijdelijk Windows Defender uit
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken ed., wat zo te zien nu gebeurd is omdat de gefixte regels er nog/terug in staan)
* Open Windows Defender > Klik Tools
* Klik "General Settings"
* Scroll naar "Real Time Protection Options"
* Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
* Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)



Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door Yes te klikken.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats dit log in je volgende post samen met een nieuw HijackThis log.

Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Karl\AppData\Local\Temp\vtutt.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Karl\AppData\Local\Temp\efeff.dll,c

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

plaats de combofix uitslag en een nieuw HJT logje aub.

Beste,
Hieronder vind je de nieuwe HijackThis logfile. Ik hoop dat ik, als leek, alles goed opgevolgd heb. Ik heb niet alles teruggevonden dat dit moest aanvinken. Die combofix.txt heb ik niet meer teruggekregen na het heropstarten. Dus zal ik het opnieuw doen en hem in mijn volgende post doorsturen.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:36, on 27/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HandigeBeheerder\scrmain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HandigeBeheerder\cwriter.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\TOOLS\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HandigeBeheerder toolbar - {4AD56E6F-7074-41EE-8A40-583C2C76EFCD} - C:\Program Files\HandigeBeheerder\SCToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStar tMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ICSDCLT] C:\Windows\rundll32.exe C:\Windows\system32\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cwriter] C:\Program Files\HandigeBeheerder\cwriter.exe
O4 - HKLM\..\Run: [HandigeBeheerder] C:\Program Files\HandigeBeheerder\scrmain.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Karl\AppData\Local\Temp\efeff.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\TOOLS\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9156 bytes

Hieronder de combofix.tx

ComboFix 08-02-25.3 - Karl 2008-02-27 15:18:23.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1266 [GMT 1:00]
Gestart vanuit: C:\Users\Karl\Desktop\ComboFix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))
.
2008-02-26 13:50 . 2008-02-26 13:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-25 12:03 . 2008-02-25 12:03 <DIR> d-------- C:\Users\Karl\AppData\Roaming\HandigeBeheerder
2008-02-23 08:19 . 2008-02-23 08:19 <DIR> d-------- C:\Users\Ilse\AppData\Roaming\HandigeBeheerder
2008-02-20 19:47 . 2008-02-20 19:47 <DIR> d-------- C:\Users\Kirsty\AppData\Roaming\HandigeBeheerder
2008-02-20 17:41 . 2008-02-20 17:41 <DIR> d-------- C:\Program Files\HandigeBeheerder
2008-02-20 17:41 . 2007-02-13 08:09 388,126 --a------ C:\Windows\System32\sqlite3.dll
2008-02-19 21:41 . 2008-02-19 21:41 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-02-19 19:15 . 2008-02-19 19:15 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-19 19:15 . 2008-02-19 19:15 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-19 19:11 . 2008-02-19 19:11 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-19 19:11 . 2008-02-19 19:11 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-19 19:11 . 2008-02-19 19:11 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-19 19:11 . 2008-02-19 19:11 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-19 19:11 . 2008-02-19 19:11 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-19 19:11 . 2008-02-19 19:11 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-19 19:11 . 2008-02-19 19:11 17,976 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-19 19:10 . 2008-02-19 19:10 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-19 19:10 . 2008-02-19 19:10 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-19 19:10 . 2008-02-19 19:10 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-19 19:10 . 2008-02-19 19:10 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-19 19:10 . 2008-02-19 19:10 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-19 19:09 . 2008-02-19 19:09 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-19 19:09 . 2008-02-19 19:09 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-19 19:06 . 2008-02-19 19:06 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-02-19 19:04 . 2008-02-19 19:04 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-18 21:34 . 2008-02-18 21:34 <DIR> d-------- C:\Users\Karl\AppData\Roaming\Lavasoft
2008-02-18 21:33 . 2008-02-18 21:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-18 21:32 . 2008-02-19 08:49 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-18 21:32 . 2008-02-19 08:49 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-18 21:32 . 2008-02-19 08:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 14:27 . 2008-02-13 14:28 <DIR> d-------- C:\Users\Ilse\AppData\Roaming\AntiVirusScherm
2008-02-13 09:37 . 2008-02-13 10:03 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-02-13 09:37 . 2008-02-13 09:45 <DIR> d-------- C:\Program Files\Lexmark 6300 Series
2008-02-13 09:37 . 2008-02-13 09:50 1,502 --a------ C:\LXCDINST.csv
2008-02-13 09:37 . 2008-02-13 09:37 0 --a------ C:\lxcdfire.csv
2008-02-12 12:10 . 2008-02-12 12:11 <DIR> d-------- C:\Users\Kirsty\AppData\Roaming\AntiVirusScherm
2008-02-05 19:52 . 2008-02-19 15:00 <DIR> d-------- C:\Program Files\SchijfBewaker
2008-02-05 19:52 . 2008-02-05 19:52 <DIR> d-------- C:\Program Files\Common Files\SchijfBewaker
2008-02-05 19:51 . 2008-02-05 19:51 257,552 --a------ C:\Users\Karl\AppData\Roaming\setup_nl[1].exe
2008-02-05 15:08 . 2008-02-05 15:08 0 --a------ C:\Users\Kirsty\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-27 13:41 27,240 ----a-w C:\Users\Karl\AppData\Roaming\nvModes.dat
2008-02-27 11:16 27,240 ----a-w C:\Users\Ilse\AppData\Roaming\nvModes.dat
2008-02-25 09:58 27,430 ----a-w C:\Users\Kirsty\AppData\Roaming\nvModes.dat
2008-02-21 14:17 --------- d-----w C:\ProgramData\WinZip
2008-02-19 18:10 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-19 18:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-19 18:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-19 18:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-19 18:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-19 18:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-19 18:05 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-19 18:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-19 18:05 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-15 12:42 --------- d-----w C:\Users\Ilse\AppData\Roaming\Ahead
2008-02-12 10:38 --------- d-----w C:\ProgramData\DVD Shrink
2008-01-25 14:40 --------- d-----w C:\Users\Kirsty\AppData\Roaming\DivX
2008-01-23 16:04 --------- d-----w C:\Users\Ilse\AppData\Roaming\DivX
2008-01-23 16:04 --------- d-----w C:\ProgramData\Apple Computer
2008-01-18 17:11 --------- d-----w C:\Users\Kirsty\AppData\Roaming\Ahead
2008-01-11 10:33 --------- d-----w C:\Users\Karl\AppData\Roaming\DivX
2008-01-09 19:08 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 17:31 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 17:31 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 17:30 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 17:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 09:08 --------- d-----w C:\Program Files\QuickTime
2008-01-04 15:14 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-01-04 10:49 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-03 18:23 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-03 17:48 --------- d-----w C:\Users\Karl\AppData\Roaming\Ahead
2008-01-03 14:23 --------- d-----w C:\Program Files\WinAVI VideoConverter
2008-01-03 11:18 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-03 11:17 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-03 11:17 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-03 11:15 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-03 11:15 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-03 11:15 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-03 11:15 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-02 19:59 --------- d-----w C:\Program Files\Alwil Software
2008-01-02 17:47 --------- d-----w C:\Program Files\MSBuild
2008-01-02 17:43 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-02 16:12 --------- d-----w C:\Users\Karl\AppData\Roaming\CyberLink
2008-01-02 16:01 --------- d-----w C:\Users\Karl\AppData\Roaming\Ulead Systems
2008-01-02 15:53 --------- d-sh--w C:\ProgramData\Sjablonen
2008-01-02 15:53 --------- d-sh--w C:\ProgramData\Menu Start
2008-01-02 15:53 --------- d-sh--w C:\ProgramData\Favorieten
2008-01-02 15:53 --------- d-sh--w C:\ProgramData\Documenten
2008-01-02 15:53 --------- d-sh--w C:\ProgramData\Bureaublad
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-10-20 03:28 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{4AD56E6F-7074-41EE-8A40-583C2C76EFCD}
[HKEY_CLASSES_ROOT\clsid\{4ad56e6f-7074-41ee-8a40-583c2c76efcd}]
[HKEY_CLASSES_ROOT\SCToolbar.ShellBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{3FC8C143-F2CC-4AB1-9AC0-8B1407302795}]
[HKEY_CLASSES_ROOT\SCToolbar.ShellBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4AD56E6F-7074-41EE-8A40-583C2C76EFCD}"= C:\Program Files\HandigeBeheerder\SCToolbar.dll [2007-11-23 16:37 139264]
[HKEY_CLASSES_ROOT\clsid\{4ad56e6f-7074-41ee-8a40-583c2c76efcd}]
[HKEY_CLASSES_ROOT\SCToolbar.ShellBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{3FC8C143-F2CC-4AB1-9AC0-8B1407302795}]
[HKEY_CLASSES_ROOT\SCToolbar.ShellBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 18:30 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"cmds"="C:\Users\Karl\AppData\Local\Temp\efeff.dll" [2008-01-29 16:05 332288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-11 14:22 1006264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 15:36 178712]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 16:18 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 10:53 4702208 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-09 01:57 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-09 01:57 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-09 01:57 81920]
"RemoteControl"="C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" [2007-02-09 19:51 71216]
"LanguageShortcut"="C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 21:17 52256]
"UpdatePPShortCut"="C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStar tMenu.exe" [2007-09-13 15:32 222504]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-24 03:39 220160]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 14:54 16896]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"ICSDCLT"="C:\Windows\C:\Windows\system32\icsdclt.dll" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"cwriter"="C:\Program Files\HandigeBeheerder\cwriter.exe" [2007-10-25 14:04 81920]
"HandigeBeheerder"="C:\Program Files\HandigeBeheerder\scrmain.exe" [2007-12-13 17:27 3571712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"SSDPSRV"="C:\Windows\system32\ssdpsrv.exe" [2001-07-21 22:30 55568]
C:\Users\Kirsty\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\Users\Karl\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 15:57:26 2756608]
WinZip Quick Pick.lnk - D:\TOOLS\WZQKPICK.EXE [2007-08-03 11:10:00 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{20F9385E-02EE-4C14-8963-AD533A21D30A}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{DA0DB1A5-099E-42B0-90C7-DEF4A2E3F050}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{10D081D7-0D04-4491-9E5C-066557065B61}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7EC6773B-3159-4441-B1DB-9ECB38E16B06}"= C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc|Desc=CyberLink MakeDisc
"{F4C450EB-75D2-4982-ABE8-78B03B2F3921}"= C:\Program Files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector|Desc=CyberLink PowerDirector
"{9553CA21-B0E0-4FDC-B756-D15D1772C44D}"= C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD|Desc=CyberLink PowerDVD
"{244AF036-784A-4072-A117-F7D2E3B8B2B1}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV|Desc=CyberLink PowerDV
"{BE687ACA-4DB3-4656-9D2D-42C8F2DA0EDA}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{323341FE-50B6-4671-94E2-820CC58B799F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DE86AD85-FF3E-49E5-88C6-1832933E417F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{72CCAEDC-712A-4F13-832B-A21497BC9336}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{435344FE-7422-46A3-B51A-7D2BB7C463EE}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{7D4B7EF0-B06A-4A7B-9907-A38EA7A03CF4}D:\program files\bearshare\bearshare.exe"= UDP:D:\program files\bearshare\bearshare.exe:BearShare|Desc=BearS hare
"UDP Query User{788CE47E-FF5E-4279-8A06-F88A1D5F51D6}D:\program files\bearshare\bearshare.exe"= TCP:D:\program files\bearshare\bearshare.exe:BearShare|Desc=BearS hare
"TCP Query User{579B3FA6-FB99-4BDD-9784-911011F657DE}C:\program files\nero\nero 7\nero showtime\showtime.exe"= UDP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime Essentials|Desc=Nero ShowTime Essentials
"UDP Query User{4CCD221A-C148-4BB5-8D23-CA44FB866174}C:\program files\nero\nero 7\nero showtime\showtime.exe"= TCP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime Essentials|Desc=Nero ShowTime Essentials
"{CD684814-AEE9-4189-B543-F578BC685C0C}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3B699FE4-E164-4DD9-8DD4-A76D8A4CC15F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E31EC8AA-C10B-4802-A569-B16764FCDC90}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6FFCD59-7339-4159-A7CC-B87496387512}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{59296E27-8C7F-4374-895A-0B60F6FEAD98}C:\program files\common files\ahead\nero web\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter|Desc=MSI starter
"UDP Query User{0537C91C-FA3B-4F34-81AB-56B0FFFC1BF3}C:\program files\common files\ahead\nero web\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter|Desc=MSI starter
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\as wMonFlt.sys [2007-12-04 15:52]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 12:44]
R3 NETw4v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-08 07:26]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 20:28]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 20:47]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 09:31]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]
S3 PhilCap;NXP service;C:\Windows\system32\DRIVERS\PhilCap.sys [2007-07-31 10:58]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{998de256-c864-11dc-9cb7-0040d0d29a54}]
\shell\AutoRun\command - G:\ie.exe
\shell\explore\Command - G:\ie.exe
\shell\open\Command - G:\ie.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 15:20:32
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Users\Karl\AppData\Local\Temp\efeff.dll
.
Voltooingstijd: 2008-02-27 15:21:33
ComboFix2.txt 2008-02-27 13:37:45
.
2008-02-26 20:28:24 --- E O F ---

Schakel tijdelijk Windows Defender uit
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken ed., wat zo te zien nu gebeurd is omdat de gefixte regels er nog/terug in staan)
* Open Windows Defender > Klik Tools
* Klik "General Settings"
* Scroll naar "Real Time Protection Options"
* Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
* Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)


Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O3 - Toolbar: HandigeBeheerder toolbar - {4AD56E6F-7074-41EE-8A40-583C2C76EFCD} - C:\Program Files\HandigeBeheerder\SCToolbar.dll
O4 - HKLM\..\Run: [HandigeBeheerder] C:\Program Files\HandigeBeheerder\scrmain.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Karl\AppData\Local\Temp\efeff.dll,c

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.


Download http://www.regnow.com/trialware/download/Download_mbam-setup.exe?item=12128-1&affiliate=34290
Malwarebytes' Anti-Malware op je bureaublad.
Dubbelklik mbam-setup.exeen kies voor "Next" om de tool te installeren.
Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
Druk daarna op "Finish".
Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
Druk dan op de knop "Start Scan".
Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
Als het programma je computer wil laten herstarten, sta je dit toe.
Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
Post deze log in je volgende bericht

succes

Hieronder het logje. Ik heb ook Spybot laten draaien en die heeft enkele wijzigingen in het register doorgevoerd.




Malwarebytes' Anti-Malware 1.05
Database versie: 416
Scan type: Volledige Scan (C:\|D:\|F:\|)
Objecten gescand: 146998
Verstreken tijd: 28 minute(s), 22 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 6
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 3
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
C:\Users\Karl\AppData\Local\Temp\NI.UGA6PM_0001_N1 22M3010 (Rogue.Multiple) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\Program Files\Common Files\SchijfBewaker\strpmon.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Program Files\SchijfBewaker\SysRep.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Windows\System32\sqlite3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

Dat ziet er veelbelovend uit, mag ik ook nog een hijackthis logje ter controle aub, en vertel gelijk hoe het gaat.

Beste,
Hieronder het gevraagde hijackthis logje.
De situatie van mijn laptop is nauwelijks veranderd. Als ik mijn verkenner open, sluit hij één seconde later terug automatisch af. Ook komen al mijn inkomende mails via Outlook in het dubbel binnen. Ik krijg ook soms meldingen van Spybot dat er veranderingen in het register gebeurd zijn. Deze moet ik toch weigeren hé ? Ik vrees dat ik gisteren op accepteren gedrukt heb. Ik heb gelukkig al mijn persoonlijke documenten en mails op een andere partitie geplaatst. Zodat ik misschien toch beter Vista opnieuw zou installeren.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:52, on 28/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\TOOLS\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\TOOLS\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\HandigeBeheerder\cwriter.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\TOOLS\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStar tMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ICSDCLT] C:\Windows\rundll32.exe C:\Windows\system32\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cwriter] C:\Program Files\HandigeBeheerder\cwriter.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\TOOLS\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Karl\AppData\Local\Temp\efeff.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BMd39c2a42] Rundll32.exe "C:\Users\Karl\AppData\Local\Temp\hfkedrye.dll",s
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Karl\AppData\Local\Temp\vhckfxmc.dll",run
O4 - HKCU\..\Run: [d0af19de] rundll32.exe "C:\Users\Karl\AppData\Local\Temp\ysgorqqw.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\TOOLS\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\TOOLS\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\TOOLS\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\TOOLS\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\TOOLS\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9825 bytes

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG


Dan beginnen we even opnieuw.

Volg alle stappen nauwkeurig.


Schakel tijdelijk Windows Defender uit
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken ed., wat zo te zien nu gebeurd is omdat de gefixte regels er nog/terug in staan)
* Open Windows Defender > Klik Tools
* Klik "General Settings"
* Scroll naar "Real Time Protection Options"
* Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
* Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)


Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
- Start Spybot
- Ga naar Mode > selecteer Advanced Mode
- Ga naar Tools en klik op het Resident-icoon in de lijst
- Haal het vinkje weg bij Resident TeaTimer en klik OK
- Herstart de computer

Download vervolgens ResetTeaTimer.bat (http://downloads.subratam.org/ResetTeaTimer.bat) naar je Bureaublad.
Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
Als de computer schoon is, kun je TeaTimer weer aan zetten

Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden

Volg de instructies die daar gegeven worden.
Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Karl\AppData\Local\Temp\efeff.dll,c

Klik op 'Fix checked' om de items te verwijderen.

succes

Hier gaan we weer.


ComboFix 08-02-25.3 - Karl 2008-02-28 18:43:46.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1180 [GMT 1:00]
Gestart vanuit: C:\Users\Karl\Desktop\ComboFix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))
.
2008-02-27 16:32 . 2008-02-27 16:32 <DIR> d-------- C:\Users\Karl\AppData\Roaming\Malwarebytes
2008-02-27 16:32 . 2008-02-27 16:32 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-02-27 16:32 . 2008-02-27 16:32 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-02-27 16:31 . 2008-02-27 16:31 <DIR> d-------- C:\Users\Karl\AppData\Roaming\Download Manager
2008-02-27 16:13 . 2008-02-27 16:16 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-27 16:13 . 2008-02-27 16:16 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-27 16:11 . 2008-02-27 16:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-27 15:29 . 2005-08-25 18:19 115,920 --a------ C:\Windows\System32\MSINET.OCX
2008-02-27 14:30 . 2008-02-27 14:38 <DIR> d-------- C:\ComboFix[1]
2008-02-26 13:50 . 2008-02-26 13:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-25 12:03 . 2008-02-25 12:03 <DIR> d-------- C:\Users\Karl\AppData\Roaming\HandigeBeheerder
2008-02-23 08:19 . 2008-02-23 08:19 <DIR> d-------- C:\Users\Ilse\AppData\Roaming\HandigeBeheerder
2008-02-20 19:47 . 2008-02-20 19:47 <DIR> d-------- C:\Users\Kirsty\AppData\Roaming\HandigeBeheerder
2008-02-20 17:41 . 2008-02-20 17:41 <DIR> d-------- C:\Program Files\HandigeBeheerder
2008-02-19 21:41 . 2008-02-19 21:41 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-02-19 19:15 . 2008-02-19 19:15 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-19 19:15 . 2008-02-19 19:15 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-19 19:11 . 2008-02-19 19:11 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-19 19:11 . 2008-02-19 19:11 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-19 19:11 . 2008-02-19 19:11 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-19 19:11 . 2008-02-19 19:11 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-19 19:11 . 2008-02-19 19:11 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-19 19:11 . 2008-02-19 19:11 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-19 19:11 . 2008-02-19 19:11 17,976 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-19 19:10 . 2008-02-19 19:10 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-19 19:10 . 2008-02-19 19:10 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-19 19:10 . 2008-02-19 19:10 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-19 19:10 . 2008-02-19 19:10 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-19 19:10 . 2008-02-19 19:10 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-19 19:09 . 2008-02-19 19:09 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-19 19:09 . 2008-02-19 19:09 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-19 19:06 . 2008-02-19 19:06 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-02-19 19:04 . 2008-02-19 19:04 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-18 21:34 . 2008-02-18 21:34 <DIR> d-------- C:\Users\Karl\AppData\Roaming\Lavasoft
2008-02-18 21:33 . 2008-02-18 21:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-18 21:32 . 2008-02-27 15:50 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-18 21:32 . 2008-02-27 15:50 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-18 21:32 . 2008-02-19 08:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 14:27 . 2008-02-13 14:28 <DIR> d-------- C:\Users\Ilse\AppData\Roaming\AntiVirusScherm
2008-02-13 09:37 . 2008-02-13 10:03 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-02-13 09:37 . 2008-02-13 09:45 <DIR> d-------- C:\Program Files\Lexmark 6300 Series
2008-02-13 09:37 . 2008-02-13 09:50 1,502 --a------ C:\LXCDINST.csv
2008-02-13 09:37 . 2008-02-13 09:37 0 --a------ C:\lxcdfire.csv
2008-02-12 12:10 . 2008-02-12 12:11 <DIR> d-------- C:\Users\Kirsty\AppData\Roaming\AntiVirusScherm
2008-02-05 19:52 . 2008-02-19 15:00 <DIR> d-------- C:\Program Files\SchijfBewaker
2008-02-05 19:52 . 2008-02-27 17:12 <DIR> d-------- C:\Program Files\Common Files\SchijfBewaker
2008-02-05 19:51 . 2008-02-05 19:51 257,552 --a------ C:\Users\Karl\AppData\Roaming\setup_nl[1].exe
2008-02-05 15:08 . 2008-02-05 15:08 0 --a------ C:\Users\Kirsty\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-27 15:24 27,240 ----a-w C:\Users\Karl\AppData\Roaming\nvModes.dat
2008-02-27 11:16 27,240 ----a-w C:\Users\Ilse\AppData\Roaming\nvModes.dat
2008-02-25 09:58 27,430 ----a-w C:\Users\Kirsty\AppData\Roaming\nvModes.dat
2008-02-21 14:17 --------- d-----w C:\ProgramData\WinZip
2008-02-19 18:10 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-19 18:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-19 18:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-19 18:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-19 18:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-19 18:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-19 18:05 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-19 18:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-19 18:05 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-15 12:42 --------- d-----w C:\Users\Ilse\AppData\Roaming\Ahead
2008-02-12 10:38 --------- d-----w C:\ProgramData\DVD Shrink
2008-01-25 14:40 --------- d-----w C:\Users\Kirsty\AppData\Roaming\DivX
2008-01-23 16:04 --------- d-----w C:\Users\Ilse\AppData\Roaming\DivX
2008-01-23 16:04 --------- d-----w C:\ProgramData\Apple Computer
2008-01-18 17:11 --------- d-----w C:\Users\Kirsty\AppData\Roaming\Ahead
2008-01-11 10:33 --------- d-----w C:\Users\Karl\AppData\Roaming\DivX
2008-01-09 19:08 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 17:31 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 17:31 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 17:30 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 17:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 09:08 --------- d-----w C:\Program Files\QuickTime
2008-01-04 15:14 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-01-04 10:49 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-03 18:23 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-03 17:48 --------- d-----w C:\Users\Karl\AppData\Roaming\Ahead
2008-01-03 14:23 --------- d-----w C:\Program Files\WinAVI VideoConverter
2008-01-03 11:18 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-03 11:17 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-03 11:17 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-03 11:15 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-03 11:15 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-03 11:15 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-03 11:15 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-02 19:59 --------- d-----w C:\Program Files\Alwil Software
2008-01-02 17:47 --------- d-----w C:\Program Files\MSBuild
2008-01-02 17:43 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-02 16:12 --------- d-----w C:\Users\Karl\AppData\Roaming\CyberLink
2008-01-02 16:01 --------- d-----w C:\Users\Karl\AppData\Roaming\Ulead Systems
2008-01-02 15:53 --------- d-sh--w C:\ProgramData\Sjablonen
2008-01-02 15:53 --------- d-sh--w C:\ProgramData\Menu Start
2008-01-02 15:53 --------- d-sh--w C:\ProgramData\Favorieten
2008-01-02 15:53 --------- d-sh--w C:\ProgramData\Documenten
2008-01-02 15:53 --------- d-sh--w C:\ProgramData\Bureaublad
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-10-20 03:28 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4AD56E6F-7074-41EE-8A40-583C2C76EFCD}"= C:\Program Files\HandigeBeheerder\SCToolbar.dll [2007-11-23 16:37 139264]
[HKEY_CLASSES_ROOT\clsid\{4ad56e6f-7074-41ee-8a40-583c2c76efcd}]
[HKEY_CLASSES_ROOT\SCToolbar.ShellBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{3FC8C143-F2CC-4AB1-9AC0-8B1407302795}]
[HKEY_CLASSES_ROOT\SCToolbar.ShellBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 18:30 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"cmds"="C:\Users\Karl\AppData\Local\Temp\efeff.dll" [2008-01-29 16:05 332288]
"d0af19de"="C:\Users\Karl\AppData\Local\Temp\ysgorqqw.dll" [2008-02-27 15:50 85056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-11 14:22 1006264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 15:36 178712]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 16:18 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 10:53 4702208 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-09 01:57 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-09 01:57 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-09 01:57 81920]
"RemoteControl"="C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" [2007-02-09 19:51 71216]
"LanguageShortcut"="C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 21:17 52256]
"UpdatePPShortCut"="C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStar tMenu.exe" [2007-09-13 15:32 222504]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-24 03:39 220160]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 14:54 16896]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"ICSDCLT"="C:\Windows\C:\Windows\system32\icsdclt.dll" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"cwriter"="C:\Program Files\HandigeBeheerder\cwriter.exe" [2007-10-25 14:04 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"SSDPSRV"="C:\Windows\system32\ssdpsrv.exe" [2001-07-21 22:30 55568]
C:\Users\Kirsty\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\Users\Karl\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 15:57:26 2756608]
WinZip Quick Pick.lnk - D:\TOOLS\WZQKPICK.EXE [2007-08-03 11:10:00 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{20F9385E-02EE-4C14-8963-AD533A21D30A}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{DA0DB1A5-099E-42B0-90C7-DEF4A2E3F050}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{10D081D7-0D04-4491-9E5C-066557065B61}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7EC6773B-3159-4441-B1DB-9ECB38E16B06}"= C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc|Desc=CyberLink MakeDisc
"{F4C450EB-75D2-4982-ABE8-78B03B2F3921}"= C:\Program Files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector|Desc=CyberLink PowerDirector
"{9553CA21-B0E0-4FDC-B756-D15D1772C44D}"= C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD|Desc=CyberLink PowerDVD
"{244AF036-784A-4072-A117-F7D2E3B8B2B1}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV|Desc=CyberLink PowerDV
"{BE687ACA-4DB3-4656-9D2D-42C8F2DA0EDA}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{323341FE-50B6-4671-94E2-820CC58B799F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DE86AD85-FF3E-49E5-88C6-1832933E417F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{72CCAEDC-712A-4F13-832B-A21497BC9336}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{435344FE-7422-46A3-B51A-7D2BB7C463EE}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{7D4B7EF0-B06A-4A7B-9907-A38EA7A03CF4}D:\program files\bearshare\bearshare.exe"= UDP:D:\program files\bearshare\bearshare.exe:BearShare|Desc=BearS hare
"UDP Query User{788CE47E-FF5E-4279-8A06-F88A1D5F51D6}D:\program files\bearshare\bearshare.exe"= TCP:D:\program files\bearshare\bearshare.exe:BearShare|Desc=BearS hare
"TCP Query User{579B3FA6-FB99-4BDD-9784-911011F657DE}C:\program files\nero\nero 7\nero showtime\showtime.exe"= UDP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime Essentials|Desc=Nero ShowTime Essentials
"UDP Query User{4CCD221A-C148-4BB5-8D23-CA44FB866174}C:\program files\nero\nero 7\nero showtime\showtime.exe"= TCP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime Essentials|Desc=Nero ShowTime Essentials
"{CD684814-AEE9-4189-B543-F578BC685C0C}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3B699FE4-E164-4DD9-8DD4-A76D8A4CC15F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E31EC8AA-C10B-4802-A569-B16764FCDC90}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6FFCD59-7339-4159-A7CC-B87496387512}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{59296E27-8C7F-4374-895A-0B60F6FEAD98}C:\program files\common files\ahead\nero web\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter|Desc=MSI starter
"UDP Query User{0537C91C-FA3B-4F34-81AB-56B0FFFC1BF3}C:\program files\common files\ahead\nero web\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter|Desc=MSI starter
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\as wMonFlt.sys [2007-12-04 15:52]
R2 SBSDWSCService;SBSD Security Center Service;D:\TOOLS\Spybot []
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 12:44]
R3 NETw4v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-08 07:26]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 20:28]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 20:47]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 09:31]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]
S3 PhilCap;NXP service;C:\Windows\system32\DRIVERS\PhilCap.sys [2007-07-31 10:58]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{998de256-c864-11dc-9cb7-0040d0d29a54}]
\shell\AutoRun\command - G:\ie.exe
\shell\explore\Command - G:\ie.exe
\shell\open\Command - G:\ie.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 18:45:56
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Users\Karl\AppData\Local\Temp\ysgorqqw.dll
-> C:\Users\Karl\AppData\Local\Temp\efeff.dll
.
Voltooingstijd: 2008-02-28 18:46:55
ComboFix2.txt 2008-02-27 14:21:34
.
2008-02-26 20:28:24 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:43, on 28/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HandigeBeheerder\cwriter.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\TOOLS\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\rundll32.exe

--
End of file - 1919 bytes

Ik kan u nu al melden dat mijn verkenner terug werkt en dat ik nog geen foutmeldingen gekregen heb. Mijn configuratiescherm is ook opnieuw toegankelijk. Ik krijg wel nog steeds al mijn mails in het dubbel.

Zeer erg bedankt. Als amateur kan ik enkel respect opbrengen voor specialisten als jullie.

Dat is al een verbetering , mag ik een volledig hijackthis logje aub.

Alle problemen zijn blijkbaar nog niet opgelost. Want ik heb alweer een foutvenster van RunDll gekregen.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:06, on 29/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\TOOLS\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\TOOLS\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStar tMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ICSDCLT] C:\Windows\rundll32.exe C:\Windows\system32\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Karl\AppData\Local\Temp\efeff.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Karl\AppData\Local\Temp\owajdplt.dll",run
O4 - HKCU\..\Run: [d0af19de] rundll32.exe "C:\Users\Karl\AppData\Local\Temp\ifylhjoa.dll",b
O4 - HKCU\..\Run: [BMd39c2a42] Rundll32.exe "C:\Users\Karl\AppData\Local\Temp\hxfsbghp.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\TOOLS\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\TOOLS\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\TOOLS\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\TOOLS\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\TOOLS\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9477 bytes

Hallo, wil je de combofix eerst even op het bureaublad installeren aub.

Omdat dit vista is wil je dit dus (uitvoeren als Administrator)!!

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\Users\Karl\AppData\Local\Temp\owajdplt.dll
C:\Users\Karl\AppData\Local\Temp\ifylhjoa.dll
C:\Users\Karl\AppData\Local\Temp\hxfsbghp.dll

Folder::
C:\Program Files\SchijfBewaker
C:\Program Files\Common Files\SchijfBewaker

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"cmds"=-
"d0af19de"=-
"BMd39c2a42"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{998de256-c864-11dc-9cb7-0040d0d29a54}]


Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.



start opnieuw op en vertel eens hoe het nu gaat.

Sorry, maar ik heb de laatste dagen niet veel tijd gehad om op de PC te zitten. Ik zal zo snel mogelijk de bovenstaande opdracht uitvoeren en de resultaten doorsturen.

Mijn probleem met de dubbele mails heb ik kunnen oplossen.
Ik krijg nog steeds Run DLL foutmeldingen na de opstart.

Hieronder de Log van combifix

ComboFix 08-02-25.3 - Karl 2008-03-05 19:17:43.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1113 [GMT 1:00]
Gestart vanuit: C:\Users\Karl\Desktop\ComboFix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))
.
2008-03-04 17:27 . 2008-03-04 17:27 <DIR> d-------- C:\Users\Kirsty\AppData\Roaming\CyberLink
2008-02-27 16:32 . 2008-02-27 16:32 <DIR> d-------- C:\Users\Karl\AppData\Roaming\Malwarebytes
2008-02-27 16:32 . 2008-02-27 16:32 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-02-27 16:32 . 2008-02-27 16:32 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-02-27 16:31 . 2008-02-27 16:31 <DIR> d-------- C:\Users\Karl\AppData\Roaming\Download Manager
2008-02-27 16:13 . 2008-02-27 16:16 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-27 16:13 . 2008-02-27 16:16 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-27 16:11 . 2008-02-27 16:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-27 15:29 . 2005-08-25 18:19 115,920 --a------ C:\Windows\System32\MSINET.OCX
2008-02-27 14:30 . 2008-02-27 14:38 <DIR> d-------- C:\ComboFix[1]
2008-02-26 13:50 . 2008-02-26 13:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-25 12:03 . 2008-02-25 12:03 <DIR> d-------- C:\Users\Karl\AppData\Roaming\HandigeBeheerder
2008-02-23 08:19 . 2008-02-23 08:19 <DIR> d-------- C:\Users\Ilse\AppData\Roaming\HandigeBeheerder
2008-02-20 19:47 . 2008-02-20 19:47 <DIR> d-------- C:\Users\Kirsty\AppData\Roaming\HandigeBeheerder
2008-02-19 21:41 . 2008-02-19 21:41 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-02-19 19:15 . 2008-02-19 19:15 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-19 19:15 . 2008-02-19 19:15 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-19 19:11 . 2008-02-19 19:11 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-19 19:11 . 2008-02-19 19:11 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-19 19:11 . 2008-02-19 19:11 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-19 19:11 . 2008-02-19 19:11 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-19 19:11 . 2008-02-19 19:11 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-19 19:11 . 2008-02-19 19:11 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-19 19:11 . 2008-02-19 19:11 17,976 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-19 19:10 . 2008-02-19 19:10 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-19 19:10 . 2008-02-19 19:10 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-19 19:10 . 2008-02-19 19:10 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-19 19:10 . 2008-02-19 19:10 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-19 19:10 . 2008-02-19 19:10 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-19 19:09 . 2008-02-19 19:09 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-19 19:09 . 2008-02-19 19:09 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-19 19:06 . 2008-02-19 19:06 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-02-19 19:04 . 2008-02-19 19:04 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-18 21:34 . 2008-02-18 21:34 <DIR> d-------- C:\Users\Karl\AppData\Roaming\Lavasoft
2008-02-18 21:33 . 2008-02-18 21:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-18 21:32 . 2008-02-27 15:50 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-18 21:32 . 2008-02-27 15:50 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-18 21:32 . 2008-02-19 08:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 14:27 . 2008-02-13 14:28 <DIR> d-------- C:\Users\Ilse\AppData\Roaming\AntiVirusScherm
2008-02-13 09:37 . 2008-02-13 10:03 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-02-13 09:37 . 2008-02-13 09:45 <DIR> d-------- C:\Program Files\Lexmark 6300 Series
2008-02-13 09:37 . 2008-02-13 09:50 1,502 --a------ C:\LXCDINST.csv
2008-02-13 09:37 . 2008-02-13 09:37 0 --a------ C:\lxcdfire.csv
2008-02-12 12:10 . 2008-02-12 12:11 <DIR> d-------- C:\Users\Kirsty\AppData\Roaming\AntiVirusScherm
2008-02-05 19:51 . 2008-02-05 19:51 257,552 --a------ C:\Users\Karl\AppData\Roaming\setup_nl[1].exe
2008-02-05 15:08 . 2008-02-05 15:08 0 --a------ C:\Users\Kirsty\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-04 16:29 --------- d-----w C:\Users\Kirsty\AppData\Roaming\Ahead
2008-03-04 16:27 --------- d-----w C:\ProgramData\CyberLink
2008-03-03 22:17 27,430 ----a-w C:\Users\Kirsty\AppData\Roaming\nvModes.dat
2008-02-27 15:24 27,240 ----a-w C:\Users\Karl\AppData\Roaming\nvModes.dat
2008-02-27 11:16 27,240 ----a-w C:\Users\Ilse\AppData\Roaming\nvModes.dat
2008-02-21 14:17 --------- d-----w C:\ProgramData\WinZip
2008-02-19 18:10 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-19 18:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-19 18:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-19 18:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-19 18:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-19 18:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-19 18:05 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-19 18:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-19 18:05 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-15 12:42 --------- d-----w C:\Users\Ilse\AppData\Roaming\Ahead
2008-02-12 10:38 --------- d-----w C:\ProgramData\DVD Shrink
2008-01-25 14:40 --------- d-----w C:\Users\Kirsty\AppData\Roaming\DivX
2008-01-23 16:04 --------- d-----w C:\Users\Ilse\AppData\Roaming\DivX
2008-01-23 16:04 --------- d-----w C:\ProgramData\Apple Computer
2008-01-11 10:33 --------- d-----w C:\Users\Karl\AppData\Roaming\DivX
2008-01-09 19:08 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 17:31 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 17:31 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 17:30 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 17:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-03 11:18 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-03 11:17 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-03 11:17 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-10-20 03:28 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 18:30 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"cmds"="C:\Users\Karl\AppData\Local\Temp\efeff.dll" [2008-01-29 16:05 332288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-11 14:22 1006264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 15:36 178712]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 16:18 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 10:53 4702208 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-09 01:57 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-09 01:57 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-09 01:57 81920]
"RemoteControl"="C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" [2007-02-09 19:51 71216]
"LanguageShortcut"="C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 21:17 52256]
"UpdatePPShortCut"="C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStar tMenu.exe" [2007-09-13 15:32 222504]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-24 03:39 220160]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 14:54 16896]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"ICSDCLT"="C:\Windows\C:\Windows\system32\icsdclt.dll" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"SSDPSRV"="C:\Windows\system32\ssdpsrv.exe" [2001-07-21 22:30 55568]
C:\Users\Kirsty\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\Users\Karl\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 15:57:26 2756608]
WinZip Quick Pick.lnk - D:\TOOLS\WZQKPICK.EXE [2007-08-03 11:10:00 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{20F9385E-02EE-4C14-8963-AD533A21D30A}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{DA0DB1A5-099E-42B0-90C7-DEF4A2E3F050}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{10D081D7-0D04-4491-9E5C-066557065B61}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7EC6773B-3159-4441-B1DB-9ECB38E16B06}"= C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc|Desc=CyberLink MakeDisc
"{F4C450EB-75D2-4982-ABE8-78B03B2F3921}"= C:\Program Files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector|Desc=CyberLink PowerDirector
"{9553CA21-B0E0-4FDC-B756-D15D1772C44D}"= C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD|Desc=CyberLink PowerDVD
"{244AF036-784A-4072-A117-F7D2E3B8B2B1}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV|Desc=CyberLink PowerDV
"{BE687ACA-4DB3-4656-9D2D-42C8F2DA0EDA}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{323341FE-50B6-4671-94E2-820CC58B799F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DE86AD85-FF3E-49E5-88C6-1832933E417F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{72CCAEDC-712A-4F13-832B-A21497BC9336}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{435344FE-7422-46A3-B51A-7D2BB7C463EE}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{7D4B7EF0-B06A-4A7B-9907-A38EA7A03CF4}D:\program files\bearshare\bearshare.exe"= UDP:D:\program files\bearshare\bearshare.exe:BearShare|Desc=BearS hare
"UDP Query User{788CE47E-FF5E-4279-8A06-F88A1D5F51D6}D:\program files\bearshare\bearshare.exe"= TCP:D:\program files\bearshare\bearshare.exe:BearShare|Desc=BearS hare
"TCP Query User{579B3FA6-FB99-4BDD-9784-911011F657DE}C:\program files\nero\nero 7\nero showtime\showtime.exe"= UDP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime Essentials|Desc=Nero ShowTime Essentials
"UDP Query User{4CCD221A-C148-4BB5-8D23-CA44FB866174}C:\program files\nero\nero 7\nero showtime\showtime.exe"= TCP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime Essentials|Desc=Nero ShowTime Essentials
"{CD684814-AEE9-4189-B543-F578BC685C0C}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3B699FE4-E164-4DD9-8DD4-A76D8A4CC15F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E31EC8AA-C10B-4802-A569-B16764FCDC90}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6FFCD59-7339-4159-A7CC-B87496387512}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{59296E27-8C7F-4374-895A-0B60F6FEAD98}C:\program files\common files\ahead\nero web\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter|Desc=MSI starter
"UDP Query User{0537C91C-FA3B-4F34-81AB-56B0FFFC1BF3}C:\program files\common files\ahead\nero web\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter|Desc=MSI starter
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\as wMonFlt.sys [2007-12-04 15:52]
R2 SBSDWSCService;SBSD Security Center Service;D:\TOOLS\Spybot []
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 12:44]
R3 NETw4v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-08 07:26]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 20:28]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 20:47]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 09:31]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]
S3 PhilCap;NXP service;C:\Windows\system32\DRIVERS\PhilCap.sys [2007-07-31 10:58]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{998de256-c864-11dc-9cb7-0040d0d29a54}]
\shell\AutoRun\command - G:\ie.exe
\shell\explore\Command - G:\ie.exe
\shell\open\Command - G:\ie.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 19:22:14
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-03-05 19:23:12
ComboFix-quarantined-files.txt 2008-03-05 18:23:08
ComboFix2.txt 2008-02-28 17:46:56
ComboFix3.txt 2008-02-27 14:21:34
.
2008-03-05 07:56:53 --- E O F ---

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG

Download
Malwarebytes' Anti-Malware
http://www.besttechie.net/tools/mbam-setup.exe
op je bureaublad.
Dubbelklik mbam-setup.exeen kies voor "Next" om de tool te installeren.
Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
Druk daarna op "Finish".
Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
Druk dan op de knop "Start Scan".
Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
Als het programma je computer wil laten herstarten, sta je dit toe.
Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
Post deze log in je volgende bericht

Malwarebytes' Anti-Malware 1.05
Database versie: 416
Scan type: Volledige Scan (C:\|D:\|F:\|)
Objecten gescand: 145340
Verstreken tijd: 29 minute(s), 11 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 6
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Ok wat er nog in zat is nu weg, hoe gaat het met je problemen ?

Bij het opstarten krijg ik nog steeds een RunDLL foutmelding. En als ik rechts klik op "mijn computer" en dan "verkennen", dan opent de verkenner maar na één seconde sluit hij opnieuw. Zeer lastig als je iets wil opzoeken in je archief.

Iets anders proberen.
Ga naar,
start > uitvoeren type daar sfc /scannow (denk om de spatie). cd van XP bij de hand houden, als er om gevraagd word in de speler stoppen en laten draaien.

Laat even weten of het geholpen heeft.

Ik heb via bureau accesoires > uitvoeren sfc /scannow ingevoegd maar er gebeurt niks.
De RunDLL-melding die ik krijg is de volgende :

Fout in C:\users\Karl\AppData\Local\Temp\lakrsnjr.dll
Ontbrekende

Sorry stukje tekort :

Fout in C:\users\Karl\AppData\Local\Temp\lakrsnjr.dll
Ontbrekende vermelding : run

Ga naar http://virusscan.jotti.org
In het upload venster, kopieer de volgende tekst:
G:\ie.exe

(waarschijnlijk is G: een USB stick o.i.d. zorg dus dat deze ingeplugd is!)
Klik vervolgens op verzenden en plaats de uitslag in je volgende bericht.

Open een leeg kladblok venster en kopieer/plak onderstaande dikgedrukte tekst daarin:

@ECHO OFF
IF EXIST log.txt DEL log.txt
REN C:\users\Karl\AppData\Local\Temp\lakrsnjr.dll lakrsnjr.bak
ECHO Deleting files>>log.txt
FOR %%g in (
C:\users\Karl\AppData\Local\Temp\lakrsnjr.bak) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Sla het vervolgens op als fix.bat op je Bureaublad
Kies bij Opslaan als type voor Alle bestanden.

Klik vervolgens met je rechter muisknop op fix.bat
Kies voor 'Uitvoeren als Administrator'.

Plaats vervolgens het logje van Fix.bat, de uitslag van de jotti scan in je volgende bericht.
Download combofix opnieuw, maak daarmee een nieuwe logfile en post die.



en ook even wat anders proberen.

ga naar start > uitvoeren en typ:



regsvr32 urlmon.dll
regsvr32 jscript.dll
regsvr32 wshom.ocx

(enter na iedere regel)

start opnieuw op en vertel even hoe het gaat

Log fix.bat
Deleting files
C:\users\Karl\AppData\Local\Temp\lakrsnjr.bak deleted

de uitslag van jotti scan volgt later want de server is momenteel extremely busy.
de 3 lijntjes onderaan heb ik ingevoegd met opdrachtprompt maar bij de laatste twee kwam er een foutmelding.

Ik heb gemerkt dat de verkenner nu wel blijft werken. Maar de RunDLL foutmelding is er nog steeds bij het opstarten. Ik zal later op de avond nog eens proberen op jotti.org

Blijkbaar is mijn memorystick verdwenen en kan ik de laatste opdracht niet uitvoeren.

jammer, alles verder wel goed.

Buiten die RunDLL foutmelding blijkt alles goed te draaien. Soms durft MSN messenger ongevraagd online te gaan. Maar anders geen problemen meer.

Dat kan je instellen bij messenger zelf he, kijk bij opties.