Sabrina

8 april 2008

Op het moment dat ik op uitvoeren klik.. lukt me echt niet..

8 april 2008

Ik heb gedaan zoals je hebt gezegt en heb het verwijderd, moet ik nu alsnog combofix opnieuw instaleren?

Ik krijg namelijk de foutmelding C:\ Documents and Settings\Beheerder\Local Settings\Tempory Internet Files\Content.IES\T5LI3FV3\.exe is geen geldige Win32-toepassing. en sluit het programma af zonder iets..

8 april 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:49, on 8-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

C:\Program Files\Microsoft Windows OneCare Live\winss.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\HPQ\shared\hpqwmi.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\NETGEAR\WPN111\wpn111.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zabrina.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162583566234

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159518578687

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://zabrina.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4876/mcfscan.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 11386 bytes

De link wat je me eerder gegeven hebt van Combofix werkt niet meer..

8 april 2008

Als je je XP Home regelmatig van updates voorzien hebt, staan er ondertussen bestanden op je PC die herkend worden als onderdelen van XP Pro. Daarom vraagt men naar de XP Pro-CD. Maar als je altijd blijft doorklikken op YES, moet de XP Home-CD op een bepaald ogenblik toch aanvaard worden. Probeer eens of dit ook bij jou het geval is ?

Hellaas is wordt bij mij niet aanvaard..

Bedankt voor al je goede advies me pc is in iedergeval wel ontdaan van allerlei rotzooi en loopt wel sneller...

maar loopt niet zoals het hoort, blijft om de haver klap nog steeds hangen en verlies mijn werk.. Kan ik weer van voor af aan beginnen!

Ik zal me er dus bij neer moeten leggen kan iemand me advies geven wat ik het best kan ondernemen?

7 april 2008

Hoe vaak ik ook blijf klikken hij accepteerd het niet!

Als ik op meer informatie klik dan krijg ik een venster met: mogelijke redenen voor dit probleem: U hebt de verkeerde cd-rom geplaatst. (een cd-rom met een andere versie van windows dan is geinstaleerd (onmogelijk heb destijds zelf geinstaleerd met deze cd ) Of het cd-rom-station van de computer werkt niet. (die werkt overigens prima!)

7 april 2008

Ik wil je bedanken voor de hulp! Ik waardeer het zéér! THANX!!!

Ik heb het geprobeerd en wordt inderdaad gevraagd naar installatie cd.

De cd met besturingssysteem windows xp home edition service pack 2 word niet geaccepteerd krijg de melding; U hebt de verkeerde cd-rom geplaatst. Plaats windows xp proffesional service pack 2 in het cd-rom station...

Ik begrijp er helemaal niets van want de versie die op mijn pc is geinstaleerd is met deze cd-rom gedaan..

7 april 2008

Hallo!

Ik heb alles gedaan wat je beschreven hebt.

Alles loopt nu veel soepeler en sneller.. Thanx!

Ik had mijn pc onbeheerd aanstaan en zag na een tijdje dat het toch weer was vastgelopen...

7 april 2008

Hoi,

Ik heb het bestand met autobar.exe gevonden en ook verwijderd.

De computer is niet meer uitgevallen en ook klinkt het nu veel rustiger.

Bij deze het log van Combofix.

ComboFix 08-04-06.1 - Beheerder 2008-04-07 16:04:26.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.522 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Beheerder\Mijn documenten\setup bestanden\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))

.

2008-04-07 13:40 . 2008-04-07 13:40 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-02 15:01 . 2008-04-02 15:01 45,292 --a------ C:\WINDOWS\system32\OEMINFO.PNF

2008-04-02 12:01 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys

2008-04-02 12:01 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys

2008-04-02 12:00 . 2008-04-02 12:00 <DIR> d-------- C:\WINDOWS\system32\bits

2008-04-02 12:00 . 2007-07-06 15:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys

2008-04-02 11:58 . 2007-03-29 15:01 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll

2008-04-02 11:58 . 2007-03-29 15:01 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll

2008-04-02 11:37 . 2008-04-07 13:14 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live

2008-03-31 22:26 . 2008-03-31 22:26 <DIR> dr-h----- C:\Documents and Settings\NetworkService\Onlangs geopend

2008-03-30 01:13 . 2008-03-30 01:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-03-13 10:11 . 2008-04-02 11:29 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad

2008-03-13 00:42 . 2008-03-24 14:58 <DIR> d-------- C:\Program Files\PC Doc Pro

2008-03-12 23:41 . 2008-03-30 19:31 <DIR> d-------- C:\Documents and Settings\Beheerder\.housecall6.6

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-07 13:23 --------- d-----w C:\Program Files\Macrogaming

2008-04-07 13:04 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-04-02 18:39 11,224 ----a-w C:\Documents and Settings\Beheerder\Application Data\wklnhst.dat

2008-04-01 13:00 --------- d--h--r C:\Documents and Settings\new\Application Data\yahoo!

2008-03-29 23:25 --------- d--h--r C:\Documents and Settings\Beheerder\Application Data\yahoo!

2008-03-29 22:24 --------- d-----w C:\Program Files\Yahoo!

2008-03-29 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!

2008-03-27 18:14 --------- d-----w C:\Program Files\Google

2008-03-27 09:53 --------- d-----w C:\Program Files\Java

2008-03-24 13:17 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-03-24 12:56 --------- d-----w C:\Program Files\Skype

2008-03-24 10:14 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\skypePM

2008-03-19 08:52 --------- d-----w C:\Program Files\Belastingdienst

2008-03-13 20:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-05 00:30 2,586 ----a-w C:\Documents and Settings\Ansley\Application Data\wklnhst.dat

2008-03-02 15:44 --------- d-----w C:\Program Files\Windows Live

2008-02-29 17:52 --------- d-----w C:\Documents and Settings\Ansley\Application Data\LimeWire

2008-02-27 21:28 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-27 21:28 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\Samsung

2008-02-27 10:23 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition

2008-02-27 10:20 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-02-27 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-25 23:49 --------- d-----w C:\Program Files\Common Files\LightScribe

2008-02-25 21:40 --------- d-----w C:\Program Files\Microsoft ActiveSync

2008-02-25 20:08 --------- d-----w C:\Documents and Settings\new\Application Data\IMVU

2008-02-15 22:19 --------- d-----w C:\Program Files\Screen Recorder

2008-02-15 11:57 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-09 19:13 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\Sony Corporation

2008-02-09 18:41 --------- d-----w C:\Program Files\Sony

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-01-21 23:21 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-12-01 20:20 97,608 ----a-w C:\Documents and Settings\Beheerder\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((( snapshot@2008-04-07_14.58.41,21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-04-07 13:27:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_e8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 19:34 1289000]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 12:36 68856]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]

"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 14:12 102492]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 14:11 692316]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21 794624]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-10 23:27 185896]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

C:\Documents and Settings\Beheerder\Menu Start\Programma's\Opstarten\

Mediacontrole Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-09 20:41:50 344064]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2007-12-13 15:51:35 888930]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.LEAD"= LCODCCMP.DLL

"MSVideo8"= VfWWDM32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Program Files\\NetMeeting\\conf.exe"=

"C:\\Documents and Settings\\Beheerder\\Mijn documenten\\setup bestanden\\mco_installer\\mcoinstall- www.freewinks.net.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 13:10]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 16:39]

R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-05-29 19:00]

S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys []

S3 vmfilter323;323 filter service, Normal;C:\WINDOWS\system32\drivers\vmfilter323.sys [2006-08-08 12:25]

S3 ZSMC326;TIANDE USB2.0 PC Camera(VC0323);C:\WINDOWS\system32\Drivers\usbvm323.sys [2006-12-28 14:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddabf63a-90ff-11db-8320-0014a527bfce}]

\Shell\AutoRun\command - E:\setupSNK.exe

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-31 20:23:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-04-07 11:07:42 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FD924573-C4DA-444B-9392-035DF4739F6D}.job"

- C:\WINDOWS\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-07 16:07:58

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?3?3?0??????? ???B?????????????hLC? ??????

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-07 16:10:22

ComboFix-quarantined-files.txt 2008-04-07 14:10:20

ComboFix2.txt 2008-04-07 12:58:55

Pre-Run: 58,293,166,080 bytes beschikbaar

Post-Run: 58,283,892,736 bytes beschikbaar

.

2008-03-12 20:28:40 --- E O F ---

7 april 2008

Dank je wel voor je snelle reactie,

Ik heb gedaan zoals beschreven, maar tijdens het verwijderen van de laatste 2 bestanden liep alles weer vast. Ik heb toen de pc uitgedaan doormiddel van de knop opnieuw opgestart en ze alsnog verwijderd.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:36, on 7-4-2008