Hoi hoi,
Internet explorer opent dus vanzelf,ook als ik hem gewoon op het bureaublad heb staan.
Ook loopt alles staaeds vast ,en is traag.
Bedankt voor het bekijken.
Hier mijn logje.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:07:53, on 14-11-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Office Mouse\moffice.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Office Mouse\MOUSE32A.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {F3540318-A817-4255-91B1-A9C34A127A54} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-21-1417001333-630328440-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220028454109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220042951515
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.92.190.132/activex/AxisCamControl.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540012} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://82.151.42.188:443/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
--
End of file - 8702 bytes

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {F3540318-A817-4255-91B1-A9C34A127A54} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.



Download ComboFix van één van deze locaties:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen:)

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Hier komt het logje van ComboFix

ComboFix 10-11-14.02 - Kim 15-11-2010 12:20:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.959.494 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Kim\Bureaublad\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-10-15 to 2010-11-15 ))))))))))))))))))))))))))))))
.
2010-11-14 16:16 . 2010-11-15 09:27 -------- d--h--r- c:\documents and settings\Kim\Onlangs geopend
2010-11-11 20:49 . 2010-11-11 20:49 -------- d-----w- c:\program files\Fisher
2010-11-11 20:49 . 1998-02-06 20:37 299520 ----a-w- c:\windows\uninst.exe
2010-11-11 20:48 . 2010-11-11 20:48 -------- d-----w- c:\documents and settings\Kim\WINDOWS
2010-11-11 19:36 . 2010-11-12 21:07 -------- d-----w- c:\program files\Fontastic
2010-11-11 19:30 . 2010-11-11 19:30 -------- d-----w- c:\documents and settings\Kim\Application Data\Free&Easy Font Viewer
2010-10-25 20:25 . 2010-10-25 20:25 -------- d-----w- c:\program files\Recuva
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-18 10:23 . 2004-08-04 00:03 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 00:03 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-11 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-11 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2004-08-04 00:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-04 00:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:52 . 2004-08-04 00:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:52 . 2004-08-04 00:01 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2004-08-03 23:56 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2004-08-04 00:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:55 . 2004-08-04 00:03 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-03 22:14 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:13 . 2004-08-04 00:03 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 00:03 58880 ----a-w- c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-11-25 3176408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"FLMOFFICE4DMOUSE"="c:\program files\Office Mouse\moffice.exe" [2009-03-03 806912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-18 15:53 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 20:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 20:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 12:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 03:42 577536 ----a-r- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2-2-2010 20:41 218592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys [10-5-2010 22:39 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys [10-5-2010 22:39 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctg ntdi.sys [2-2-2010 20:41 233136]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2-2-2010 20:52 632792]
S3 ATMEPVCP;Microsoft Ethernet PVC - RFC2684;c:\windows\system32\drivers\atmepvc.sys [11-9-2002 13:00 31360]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\Dr mCAudio.sys [19-11-2009 21:55 23096]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctpls g.sys [2-2-2010 20:41 63360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2-2-2010 20:41 366840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNe tMon.sys [10-5-2010 22:39 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
mSearch Bar =
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.151.42.188:443/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Kim\Application Data\Mozilla\Firefox\Profiles\61cxyoyg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -
Toolbar-Locked - (no file)
WebBrowser-{F3540318-A817-4255-91B1-A9C34A127A54} - (no file)

************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 12:28
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(780)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
- - - - - - - > 'explorer.exe'(3660)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Office Mouse\MOUDL32A.DLL
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Office Mouse\MOUSE32A.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\windows\system32\devldr32.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-11-15 12:31:42 - machine werd herstart
ComboFix-quarantined-files.txt 2010-11-15 11:31
Pre-Run: 65.347.010.560 bytes beschikbaar
Post-Run: 65.272.426.496 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 4C349E3A1230E5B043640F8AC79FD75C

En Kim hoe gaat het nu?

Tot nog toe goed:bow::good:
Hij zei wel toen ik internet explorer starte dat dat niet mijn standaard browser was,en of ik hem wilde instellen als standaard browser.

Dat is aan jou natuurlijk of je dat wil.

Als we jullie toch niet hadden:D:good:
De kanjers van minatica:bow:
Bedankt

Kanjers :shy:


Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.

Voorbeeld:

http://home.kpn.nl/stefsmeenk/CFUninstall.PNG

Uitvoeren kan ook gestart worden door de toetsencombinatie http://home.kpn.nl/stefsmeenk/W+R.jpg

Oh jee nu krijg ik dit:shy:
http://i36.photobucket.com/albums/e8/kapstertje/opgelet.jpg

Serious ? Dat zou zeker vervelend zijn, staat combofix nu nog op je pc ? Zo ja, verwijder die dan handmatig en niet die uninstal gebruiken.

Download hem opnieuw volgens de vorige richtlijnen, zet aub die vreselijke spyware doctor uit, bijzonder irri geval die ik beslist niet op mijn pc wil hebben.

Hier de nieuwe ComboFix

ComboFix 10-11-12.01 - Kim 15-11-2010 16:08:46.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.959.376 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Kim\Bureaublad\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-10-15 to 2010-11-15 ))))))))))))))))))))))))))))))
.
2010-11-14 16:16 . 2010-11-15 13:40 -------- d--h--r- c:\documents and settings\Kim\Onlangs geopend
2010-11-11 20:49 . 2010-11-11 20:49 -------- d-----w- c:\program files\Fisher
2010-11-11 20:49 . 1998-02-06 20:37 299520 ----a-w- c:\windows\uninst.exe
2010-11-11 20:48 . 2010-11-11 20:48 -------- d-----w- c:\documents and settings\Kim\WINDOWS
2010-11-11 19:36 . 2010-11-12 21:07 -------- d-----w- c:\program files\Fontastic
2010-11-11 19:30 . 2010-11-11 19:30 -------- d-----w- c:\documents and settings\Kim\Application Data\Free&Easy Font Viewer
2010-10-25 20:25 . 2010-10-25 20:25 -------- d-----w- c:\program files\Recuva
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-18 10:23 . 2004-08-04 00:03 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 00:03 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-11 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-11 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2004-08-04 00:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-04 00:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:52 . 2004-08-04 00:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:52 . 2004-08-04 00:01 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2004-08-03 23:56 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2004-08-04 00:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:55 . 2004-08-04 00:03 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-03 22:14 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:13 . 2004-08-04 00:03 617472 ----a-w- c:\windows\system32\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-11-25 3176408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"FLMOFFICE4DMOUSE"="c:\program files\Office Mouse\moffice.exe" [2009-03-03 806912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-18 15:53 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 20:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 20:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 12:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 03:42 577536 ----a-r- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2-2-2010 20:41 218592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys [10-5-2010 22:39 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys [10-5-2010 22:39 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctg ntdi.sys [2-2-2010 20:41 233136]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2-2-2010 20:52 632792]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNe tMon.sys [10-5-2010 22:39 33552]
S3 ATMEPVCP;Microsoft Ethernet PVC - RFC2684;c:\windows\system32\drivers\atmepvc.sys [11-9-2002 13:00 31360]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\Dr mCAudio.sys [19-11-2009 21:55 23096]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctpls g.sys [2-2-2010 20:41 63360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2-2-2010 20:41 366840]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - PCTSDInjDriver32
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
mSearch Bar =
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.151.42.188:443/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Kim\Application Data\Mozilla\Firefox\Profiles\61cxyoyg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 16:14
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
c:\program files\Spyware Doctor\TFEngine\TFMon.dll
c:\program files\Spyware Doctor\TFEngine\TFRK.dll
- - - - - - - > 'lsass.exe'(780)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
- - - - - - - > 'explorer.exe'(3448)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Office Mouse\MOUDL32A.DLL
.
Voltooingstijd: 2010-11-15 16:16:44
ComboFix-quarantined-files.txt 2010-11-15 15:16
Pre-Run: 65.337.585.664 bytes beschikbaar
Post-Run: 65.343.139.840 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - BDCAABD4D6FFF030995ADE5EFFD978C8

Je kreeg nu geen melding neem ik aan ?

Nee ,maar dat was net toen ik hem wilde verwijderen.
Zal ik hem nu via uitvoeren deinstalleren?

Even wachten, ik heb hier even melding van gemaakt. Vooralsnog denk ik niet dat er iets aan de hand is.

Even wachten, ik heb hier even melding van gemaakt. Vooralsnog denk ik niet dat er iets aan de hand is.

Laten we het hopen:shy:

Er klopt hier iets niet.
Eerste run van combofix.
ComboFix 10-11-14.02 - Kim 15-11-2010 12:20:19.1.1 - x86

Tweede run.
ComboFix 10-11-12.01 - Kim 15-11-2010 16:08:46.2.1 - x86

De versie van CF bij de tweede run is ouder dan de eerste!

Verwijder nogmaals handmatig combofix en start dan opnieuw op.

Download ComboFix van één van deze locaties:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen:)

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Ik heb de eerste keer de eerste link gebruikt en de tweede keer de tweede link, maar dat moet toch niks uitmaken zou je zeggen.

hier komt er nog 1

ComboFix 10-11-15.03 - Kim 15-11-2010 21:55:15.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.959.397 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Kim\Bureaublad\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-10-15 to 2010-11-15 ))))))))))))))))))))))))))))))
.
2010-11-15 16:28 . 2001-09-06 20:27 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-11-15 16:28 . 2008-04-14 18:02 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-11-14 16:16 . 2010-11-15 19:18 -------- d--h--r- c:\documents and settings\Kim\Onlangs geopend
2010-11-11 20:49 . 2010-11-11 20:49 -------- d-----w- c:\program files\Fisher
2010-11-11 20:49 . 1998-02-06 20:37 299520 ----a-w- c:\windows\uninst.exe
2010-11-11 20:48 . 2010-11-11 20:48 -------- d-----w- c:\documents and settings\Kim\WINDOWS
2010-11-11 19:36 . 2010-11-12 21:07 -------- d-----w- c:\program files\Fontastic
2010-11-11 19:30 . 2010-11-11 19:30 -------- d-----w- c:\documents and settings\Kim\Application Data\Free&Easy Font Viewer
2010-10-25 20:25 . 2010-10-25 20:25 -------- d-----w- c:\program files\Recuva
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-18 10:23 . 2004-08-04 00:03 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 00:03 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-11 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-11 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2004-08-04 00:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-04 00:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:52 . 2004-08-04 00:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:52 . 2004-08-04 00:01 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2004-08-03 23:56 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2004-08-04 00:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:55 . 2004-08-04 00:03 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-03 22:14 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:13 . 2004-08-04 00:03 617472 ----a-w- c:\windows\system32\comctl32.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-15_11.28.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-06 18:47 . 2010-11-15 18:32 1942 c:\windows\system32\KGyGaAvL.sys
- 2008-11-06 18:47 . 2010-11-11 18:46 1942 c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-11-25 3176408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"FLMOFFICE4DMOUSE"="c:\program files\Office Mouse\moffice.exe" [2009-03-03 806912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-18 15:53 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 20:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 20:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 12:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 03:42 577536 ----a-r- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2-2-2010 20:41 218592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys [10-5-2010 22:39 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys [10-5-2010 22:39 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctg ntdi.sys [2-2-2010 20:41 233136]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2-2-2010 20:52 632792]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNe tMon.sys [10-5-2010 22:39 33552]
S3 ATMEPVCP;Microsoft Ethernet PVC - RFC2684;c:\windows\system32\drivers\atmepvc.sys [11-9-2002 13:00 31360]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\Dr mCAudio.sys [19-11-2009 21:55 23096]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctpls g.sys [2-2-2010 20:41 63360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2-2-2010 20:41 366840]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - PCTSDInjDriver32
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
mSearch Bar =
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.151.42.188:443/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Kim\Application Data\Mozilla\Firefox\Profiles\61cxyoyg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 22:00
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
c:\program files\Spyware Doctor\TFEngine\TFMon.dll
c:\program files\Spyware Doctor\TFEngine\TFRK.dll
- - - - - - - > 'lsass.exe'(780)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
- - - - - - - > 'explorer.exe'(3160)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Office Mouse\MOUDL32A.DLL
.
Voltooingstijd: 2010-11-15 22:02:49
ComboFix-quarantined-files.txt 2010-11-15 21:02
ComboFix2.txt 2010-11-15 15:16
Pre-Run: 65.351.467.008 bytes beschikbaar
Post-Run: 65.353.961.472 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 60DE383D7E948290E0E4FF57FF95B26A

Pak nu weer de eerste link aub.

Dit was de eerste

Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.

Voorbeeld:

http://home.kpn.nl/stefsmeenk/CFUninstall.PNG

Uitvoeren kan ook gestart worden door de toetsencombinatie http://home.kpn.nl/stefsmeenk/W+R.jpg

Vertel nu even of je nog problemen ondervindt?

pfieuw
hij deed het nu goed:bow:zonder meldingen.
Heel erg bedankt voor alle moeite,en snelle reactie.
:thx::thx::thx:

Geen probleem hoor.