[OPGELOST] formateren of niet ?

[rob]

Hello ,

Mijn problemen met windows IE 6 raken niet opgelost !

Meermaals bij het surfen stopt mijn cursor en kan ik voor een tijdje niets meer doen --wel nog afsluiten en terug opstarten

Ik krijg dat probleem ok al met Firfox

Ik heb een hijjackthis logje gemaakt op aanraden van Joke --

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:32:01, on 14/10/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\WINDOWS\System32\beidservicecrl.exe

C:\WINDOWS\System32\beidservicepcsc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Belgium Identity Card\beidsystemtray.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\WordWeb\wweb32.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = zita home

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = zita home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll

O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] (User 'Default user')

O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Statusvenster.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219

O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.merriam-webster.com/downloads/toolbar/webinstall.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\System32\beidservicecrl.exe

O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\System32\beidservicepcsc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)

O23 - Service: InCD Helper (read only) (InCDsrvR) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 12884 bytes

Ik hoop iemand kan me helpen

[Yannick]

ik heb deze verplaatst naar de spyware en virus zone.

daar zal onze HjT expert het logje eens bekijken

[kape]

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] (User 'Default user')

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.merriam-webster.com/downl...webinstall.cab

Klik op 'Fix checked' om de items te verwijderen.

Download Combofix en zet het op je Bureaublad.

Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Hang het log van Combofix aan je volgende bericht, samen met een nieuw HijackThis log.

[rob]

Bedankt --ik ga er aan werken !!

[rob]

Hello , hier de bewuste combo fix log en de nieuwe scan van Hijjack !!

Ik hoop dat ik het goe heb uit gevoerd

BTW. zijn er scholen waar ge dit kunt leren

ComboFix 08-10-14.01 - Freddy 2008-10-14 20:53:31.1 - NTFSx86

Gestart vanuit: C:\Documents and Settings\Freddy\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\INSTALL.LOG

C:\setup.exe

C:\WINDOWS\system32\_000029_.tmp.dll

C:\WINDOWS\system32\_000033_.tmp.dll

C:\WINDOWS\system32\_000034_.tmp.dll

C:\WINDOWS\system32\_000035_.tmp.dll

C:\WINDOWS\system32\_000036_.tmp.dll

C:\WINDOWS\system32\_000037_.tmp.dll

C:\WINDOWS\system32\_000041_.tmp.dll

C:\WINDOWS\system32\_000042_.tmp.dll

C:\WINDOWS\system32\_000044_.tmp.dll

C:\WINDOWS\system32\_000046_.tmp.dll

C:\WINDOWS\system32\_000049_.tmp.dll

C:\WINDOWS\system32\_000051_.tmp.dll

C:\WINDOWS\system32\_000053_.tmp.dll

C:\WINDOWS\system32\_000058_.tmp.dll

C:\WINDOWS\system32\_000060_.tmp.dll

C:\WINDOWS\system32\_000061_.tmp.dll

C:\WINDOWS\system32\_000063_.tmp.dll

C:\WINDOWS\system32\_000064_.tmp.dll

C:\WINDOWS\system32\_000065_.tmp.dll

C:\WINDOWS\system32\_000067_.tmp.dll

C:\WINDOWS\system32\_000068_.tmp.dll

C:\WINDOWS\system32\_000070_.tmp.dll

C:\WINDOWS\system32\_000071_.tmp.dll

C:\WINDOWS\system32\_000072_.tmp.dll

C:\WINDOWS\system32\_000074_.tmp.dll

C:\WINDOWS\system32\_000075_.tmp.dll

C:\WINDOWS\system32\_000076_.tmp.dll

C:\WINDOWS\system32\_000083_.tmp.dll

C:\WINDOWS\system32\_000084_.tmp.dll

C:\WINDOWS\system32\_000085_.tmp.dll

C:\WINDOWS\system32\_000086_.tmp.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-09-14 to 2008-10-14 ))))))))))))))))))))))))))))))

.

2008-10-14 14:28 . 2008-10-14 14:28 <DIR> d-------- C:\Program Files\Trend Micro

2008-10-11 19:53 . 2001-08-23 14:00 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll

2008-10-11 19:53 . 2001-08-23 14:00 44,544 --a------ C:\WINDOWS\system32\hticons.dll

2008-10-10 21:33 . 2008-10-10 21:33 <DIR> d-------- C:\WINDOWS\system32\Logfiles

2008-10-10 21:27 . 2008-10-14 21:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-10-10 21:27 . 2008-10-14 20:58 1,409 --a------ C:\WINDOWS\QTFont.for

2008-10-01 00:04 . 2008-10-14 17:58 4,625 --a------ C:\WINDOWS\imsins.BAK

2008-09-30 21:40 . 2008-09-30 21:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SACore

2008-09-30 21:18 . 2008-09-30 21:45 <DIR> d-------- C:\Program Files\McAfee

2008-09-30 21:18 . 2008-09-30 21:18 <DIR> d-------- C:\Program Files\Common Files\McAfee

2008-09-30 14:31 . 2008-08-17 09:26 1,049,784 --------- C:\WINDOWS\system32\wweb32.dll

2008-09-17 21:37 . 2008-10-03 16:23 <DIR> d-------- C:\Documents and Settings\Freddy\Application Data\Audacity

2008-09-17 21:36 . 2008-09-17 21:44 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)

2008-09-17 21:32 . 2008-09-17 21:32 <DIR> d-------- C:\Program Files\HP

2008-09-17 21:32 . 2008-10-13 18:27 <DIR> d-------- C:\Documents and Settings\Freddy\Application Data\HPAppData

2008-09-17 20:41 . 2008-09-17 20:41 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start

2008-09-17 20:11 . 2008-09-17 20:11 <DIR> d-------- C:\Program Files\YouTube Downloader

2008-09-17 20:07 . 2008-09-30 21:45 <DIR> d-------- C:\Program Files\ThreatFire

2008-09-17 20:07 . 2008-09-17 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools

2008-09-17 20:07 . 2008-04-24 16:52 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-14 16:55 --------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 2

2008-10-13 14:16 --------- d-----w C:\Documents and Settings\Freddy\Application Data\Skype

2008-10-13 14:06 --------- d-----w C:\Documents and Settings\Freddy\Application Data\skypePM

2008-10-03 22:14 3,489,792 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2008-10-01 08:23 1,759,770 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2008-09-30 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor

2008-09-30 19:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-09-30 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee

2008-09-17 18:48 --------- d-----w C:\Program Files\a-squared Anti-Malware

2008-09-05 19:42 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-05 19:42 --------- d-----w C:\Program Files\Belgium Identity Card

2008-08-29 16:39 --------- d-----w C:\Program Files\Java

2008-08-14 20:13 --------- d-----w C:\Program Files\myBabylon

2008-08-14 20:13 --------- d-----w C:\Program Files\Conduit

2004-07-29 00:19 202,240 ----a-w C:\Program Files\lame.exe

2004-07-29 00:19 175,104 ----a-w C:\Program Files\lame_enc.dll

2004-05-12 15:44 5,855 ----a-w C:\Program Files\literals.xml

2004-05-07 14:55 510 ----a-w C:\Program Files\uninst.un2

2004-05-07 14:55 488 ----a-w C:\Program Files\uninst00.log

2004-05-07 14:55 2,444 ----a-w C:\Program Files\mdata.dat

2004-03-23 03:57 30,053 ----a-w C:\Program Files\USAGE

2004-02-15 13:18 242 ----a-w C:\Program Files\course.xml

2003-12-19 02:02 256 ----a-w C:\Program Files\about

2002-01-19 13:52 1,801 ----a-w C:\Program Files\README

2000-12-19 10:16 707 ----a-w C:\Program Files\LICENSE

2000-03-08 05:37 30 ----a-w C:\Program Files\FILE_ID.DIZ

1999-11-24 10:40 25,292 ----a-w C:\Program Files\COPYING

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

2008-08-05 02:13 1610264 --a------ C:\Program Files\myBabylon\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 67128]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 5058560]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-27 77824]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 919016]

"beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-27 67128]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-03-31 450560]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

Statusvenster.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-01-04 802816]

WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2006-09-26 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.SP54"= SP5X_32.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Telenet EasyCare.lnk]

backup=C:\WINDOWS\pss\Telenet EasyCare.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telemeter 3.0

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-07-19 78416]

R2 eID CRL Service;eID CRL Service;C:\WINDOWS\System32\beidservicecrl.exe [2007-02-19 225280]

R2 eID Privacy Service;eID Privacy Service;C:\WINDOWS\System32\beidservicepcsc.exe [2007-02-19 331776]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]

R3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\System32\DRIVERS\a38usb.sys [2006-03-24 33536]

S0 TfFsMon;TfFsMon;C:\WINDOWS\System32\drivers\TfFsMon.sys [ ]

S0 TfSysMon;TfSysMon;C:\WINDOWS\System32\drivers\TfSysMon.sys [ ]

S2 Ca504bv;Icatch(VII) Video Camera Device;C:\WINDOWS\System32\Drivers\Ca504bv.sys [2002-10-21 515803]

S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service [ ]

S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\System32\Drivers\camdrv30.sys [2001-08-17 171264]

S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe [2001-09-07 12800]

S3 krdpdre;krdpdre;C:\DOCUME~1\Freddy\LOCALS~1\Temp\krdpdre.sys [ ]

S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\NSNDIS5.SYS [ ]

S3 TfNetMon;TfNetMon;C:\WINDOWS\System32\drivers\TfNetMon.sys [ ]

S3 USBCamera;Icatch(VII) Still Camera Device;C:\WINDOWS\System32\Drivers\Bulk504B.sys [2002-07-25 10986]

.

- - - - ORPHANS VERWIJDERD - - - -

Notify-WgaLogon - (no file)

.

------- Bijkomende Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Freddy\Application Data\Mozilla\Firefox\Profiles\tbssw6fg.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://speeddial/content/speeddial.xul

FF -: plugin - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll

FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 2 Beta 2\plugins\np32dsw.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 2 Beta 2\plugins\npLegitCheckPlugin.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 2 Beta 2\plugins\npnul32.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 2 Beta 2\plugins\nppdf32.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 2 Beta 2\plugins\npqtplugin.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 2 Beta 2\plugins\npqtplugin2.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 2 Beta 2\plugins\npqtplugin3.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 2 Beta 2\plugins\npqtplugin4.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 2 Beta 2\plugins\npqtplugin5.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 2 Beta 2\plugins\npqtplugin6.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 2 Beta 2\plugins\NPZoneSB.dll

FF -: plugin - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-14 21:02:00

Windows 5.1.2600 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCES: C:\WINDOWS\explorer.exe

-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\scardsvr.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

.

**************************************************************************

.

Voltooingstijd: 2008-10-14 21:09:41 - machine werd herstart

ComboFix-quarantined-files.txt 2008-10-14 19:09:34

Pre-Run: 56.451.895.296 bytes beschikbaar

Post-Run: 56,193,482,752 bytes beschikbaar

216

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:11:27, on 14/10/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\WINDOWS\System32\beidservicecrl.exe

C:\WINDOWS\System32\beidservicepcsc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Belgium Identity Card\beidsystemtray.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\WordWeb\wweb32.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.standaard.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll

O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Statusvenster.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219

O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\System32\beidservicecrl.exe

O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\System32\beidservicepcsc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)

O23 - Service: InCD Helper (read only) (InCDsrvR) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 11858 bytes

[kape]

Combofix heeft behoorlijk wat opgeruimd. Even vraagje tussendoor : heeft dit enige invloed gehad op je cursor-probleem ?

Dit mag je nog wel uitvoeren op basis van je HJT-log.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

Klik op 'Fix checked' om de items te verwijderen.

En ja ... dit kan je leren. Op het Nederlandse forum HiJackThis.nl kan je je inschrijven voor een cursus met aandacht voor HJT en alle mogelijke programma's die nodig zijn voor het verwijderen/behandelen van spyware/virussen.

[rob]

Done !!

Bedankt Kape !!

En ja , ik had geen enkel probleem met het lezen van uw tips hier , en dat is al een hele verbetering -- windows IE werd niet afgesloten en ik kon verder werken zonder dat de cursor vast kwam te zitten !

Ik laat u nog een bericht als alles in orde is !!

Bedankt ook voor de cursus hint !

Moet ik verder nog iets doen ??

[kape]

Nog enkel zaken om de boel netjes op te ruimen

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That’s it !

[rob]

Bedankt Kape -- alles is uitgevoerd zoals ge aangebracht hebt en het resultaat is een rustig werkende computer tot nu toe

Het enige dat ik niet meer zie is mijn werkende Alvast virusscanner onderaan in de werkbalk !!

Alvast is niet weg van mijn computer , alleen de icon in de werkbalk ?

Een vraagje --hoe kon ik zo een besmette computer krijgen ?

Ik draai elke week een complete scan met ad-aware en Alvast !!

Ik gebruik deze computer ook in hoofdzaak om te communiceren met Skype -Yahoo messenger - en gesproken boodschappen te sturen met Snapvine -- in hoofdzaak om mijn English up to date te houden .

In ieder geval bedankt voor de hulp !!

Groetjes

Rob.

[kape]

Het icoontje zou verwijderd kunnen zijn door de besmetting die je gehad hebt. Ken Avast onvoldoende om te weten waar je dit opnieuw kan instellen, maar dat zou toch moeten kunnen in het programma zelf, denk ik ? Mogelijk lopen hier op het forum wel Avast-kenners rond die je hierbij kunnen helpen.

Hoe loop je zoiets op ? Dat is een beetje "de vraag van 1 miljoen" Door op het foute moment op een fout linkje te klikken ??? Door niet altijd de scanners tijdig te updaten ??? Of gewoon door pech ??? Moeilijk te zeggen. Laat ons het er gewoon bij houden dat het opgelost is ... en dat telt momenteel. Een veilig surfgedrag is de eerste voorwaarde om niet al te veel met dit soort problemen geconfronteerd te worden. Maar misschien heb je dat wel ... en dan is een oorzaak toch niet meer te achterhalen :s