SSL-certificaat van Xolphin Powered by Cloud VPS - High Availability Cloud Servers Steun Nucia, doneer!
Resultaten 1 tot 14 van de 14
  1. #1
    Schermafbeelding van Cyberio
    Technische vaardigheid
    2. Redelijk ervaren
    Besturingssysteem
    Windows 7 Home Premium 32
    Antivirus
    TrendMicro
    Firewall
    Windows Firewall
    Berichten
    188
    Ja Hijackthis heb ik er op staan

    Hier mijn logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:26:04, on 17-12-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\Config\csrss.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Documents and Settings\Eigenaar\Mijn documenten\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [DmwClient] "dmwclient.exe"
    O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\RunOnce: [TSC] "C:\WINDOWS\temp\tismsi\tsc.exe" /HD
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Flashpaste] C:\Program Files\Flashpaste\flashpaste.exe
    O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\~tmpb.exe
    O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-583907252-706699826-839522115-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Gast')
    O4 - HKUS\S-1-5-21-583907252-706699826-839522115-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Gast')
    O4 - HKUS\S-1-5-21-583907252-706699826-839522115-501\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (User 'Gast')
    O4 - HKUS\S-1-5-21-583907252-706699826-839522115-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Gast')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: achromatic - {61d70260-527c-44e8-bb23-2243e93808d3} - C:\WINDOWS\system32\gtckad.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
    O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
    O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - (no file)

    --
    End of file - 11762 bytes

    crash edit:
    Ik heb je tweede bericht verwijderd. Wcht gedulidg tot een expert je met je logje helpt. Na 72 uur(drie dagen) mag je een bericht achter laten om je logje onder de aandacht te brengen.
    Laatst gewijzigd door Crash; 17-12-08 om 19:48.

  2. #2
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Download Combofix naar je Bureaublad.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    • Dubbelklik op Combofix.exe om het te starten.
    • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    • Klik op OK in het "NirCmd" venstertje.
    • Indien de Recovery Console niet ge´nstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
    • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    • Klik na afloop terug op Ja om het scannen op malware te starten.
    • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

    Post dit logje in je volgende antwoord.

  3. #3
    Schermafbeelding van Cyberio
    Technische vaardigheid
    2. Redelijk ervaren
    Besturingssysteem
    Windows 7 Home Premium 32
    Antivirus
    TrendMicro
    Firewall
    Windows Firewall
    Berichten
    188
    Hij gaf wel een melding van Activiteit Rootkit.

    Hier mijn combofix logje:

    ComboFix 08-12-17.01 - Eigenaar 2008-12-18 10:17:09.1 - NTFSx86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1023.770 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix2.bat
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Eigenaar\Bureaublad\681D8AFCD73E82D8\
    c:\documents and settings\Eigenaar\Bureaublad\681D8AFCD73E82D8\\681D8AFCD73E82D8.x86
    c:\documents and settings\Eigenaar\Bureaublad\681D8AFCD73E82D8\681D8AFCD73E82D8
    c:\documents and settings\Eigenaar\Mijn documenten\My Documents.url
    c:\program files\avrlabs
    c:\program files\avrlabs\uninst.exe
    c:\windows\Downloaded Program Files\setup.inf
    c:\windows\system\oeminfo.ini

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-11-18 to 2008-12-18 ))))))))))))))))))))))))))))))
    .

    2008-12-18 09:46 . 2008-12-18 09:46 <DIR> d-------- c:\windows\LastGood.Tmp
    2008-12-18 00:30 . 2008-12-18 00:30 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Malwarebytes
    2008-12-17 18:33 . 2008-12-17 23:00 <DIR> d-------- c:\program files\a-squared Anti-Malware
    2008-12-17 17:59 . 2008-12-18 01:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-17 17:59 . 2008-12-17 17:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-17 17:59 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-17 17:59 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-16 17:42 . 2008-12-16 17:49 <DIR> d-------- c:\documents and settings\Eigenaar\DoctorWeb
    2008-12-08 23:58 . 2008-12-08 23:58 <DIR> d-------- c:\program files\MSECache
    2008-12-07 19:31 . 2008-12-17 02:36 664 --a------ c:\windows\system32\d3d9caps.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-17 22:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-12-17 22:08 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Skype
    2008-12-05 19:02 --------- d-----w c:\program files\Hitman Pro
    2008-12-05 19:00 --------- d-----w c:\program files\Spyware Doctor
    2008-12-05 18:59 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-04 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
    2008-12-04 15:26 --------- d-----w c:\documents and settings\Eigenaar\Application Data\flashpaste
    2008-11-29 20:57 --------- d-----w c:\program files\Common Files\Symantec Shared
    2008-11-28 14:00 --------- d-----w c:\program files\Norton Security Scan
    2008-11-26 15:22 --------- d-----w c:\program files\TrackMania Nations ESWC
    2008-11-03 13:59 --------- d-----w c:\program files\Common Files\LogiShrd
    2008-11-03 13:54 --------- d-----w c:\program files\BitLord
    2008-11-03 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
    2008-11-03 13:53 --------- d-----w c:\program files\Lavasoft
    2008-11-03 13:53 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-11-03 13:53 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Lavasoft
    2008-11-03 13:34 --------- d-----w c:\program files\Logitech
    2008-11-03 13:34 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
    2008-10-28 16:07 --------- d-----w c:\program files\DMW Client 3
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2007-10-23 10:45 882,000 ----a-w c:\program files\HyCam2.exe
    2007-10-23 10:45 87,400 ----a-w c:\program files\UnHyCam2.exe
    2007-10-22 13:09 106,496 ----a-w c:\program files\CamRes2.dll
    2007-09-27 12:31 5,272 ----a-w c:\program files\HyCam2.tlb
    2007-08-23 00:09 3,655,608 ----a-w c:\program files\FLV PlayerRCATSetup.exe
    2007-08-23 00:07 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
    2007-08-11 16:15 57,344 ----a-w c:\program files\MClick2.dll
    2006-12-14 11:13 113,628 ----a-w c:\program files\HyCam2.chm
    2006-12-14 08:18 3,274 ----a-w c:\program files\agreement.txt
    2006-07-09 03:13 82 ----a-w c:\program files\HomePage.url
    2006-03-02 20:28 49,416 ----a-w c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
    2004-05-05 10:57 2,018 ----a-w c:\program files\readme.txt
    2004-04-16 12:07 675 ----a-w c:\program files\HyCam2.cnt
    1999-06-24 09:49 587 ----a-w c:\program files\8-44100d.wav
    1999-06-24 09:49 421 ----a-w c:\program files\8-44100u.wav
    1999-06-24 09:47 317 ----a-w c:\program files\8-22050d.wav
    1999-06-24 09:47 225 ----a-w c:\program files\8-22050u.wav
    1999-06-24 09:46 183 ----a-w c:\program files\8-11025d.wav
    1999-06-24 09:46 135 ----a-w c:\program files\8-11025u.wav
    1999-06-24 09:44 127 ----a-w c:\program files\8-8000u.wav
    1999-06-24 09:43 151 ----a-w c:\program files\8-8000d.wav
    1999-06-24 09:41 220 ----a-w c:\program files\16-8000u.wav
    1999-06-24 09:40 260 ----a-w c:\program files\16-8000d.wav
    1999-06-24 09:38 956 ----a-w c:\program files\16-44100u.wav
    1999-06-24 09:37 1,186 ----a-w c:\program files\16-44100d.wav
    1999-06-24 09:34 652 ----a-w c:\program files\16-22050d.wav
    1999-06-24 09:34 442 ----a-w c:\program files\16-22050u.wav
    1999-06-24 08:54 340 ----a-w c:\program files\16-11025d.wav
    1999-06-24 08:50 326 ----a-w c:\program files\16-11025u.wav
    2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
    2007-11-30 14:30 80 --sh--r c:\windows\system32\EF787312FD.dll
    2008-08-30 11:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008083020080831\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2005-07-14 1961984]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 376912]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
    "Flashpaste"="c:\program files\Flashpaste\flashpaste.exe" [2008-03-02 587264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-05 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "CaretakerNotifier"="c:\program files\SurfRight\Caretaker\Notifier.exe" [2007-11-26 746744]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2004-07-05 c:\windows\ALCWZRD.EXE]
    "Alcmtr"="ALCMTR.EXE" [2004-07-02 c:\windows\ALCMTR.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax
    "MSACM.CEGSM"= mobilev.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Credence-LimeWire On Startup.lnk]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2003-09-01 11:52 376912 c:\program files\Microsoft ActiveSync\WCESCOMM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "CAILI"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
    "d:\\Backup\\0\\Program Files\\A4Proxy\\A4Proxy.exe"=
    "d:\\Backup\\0\\Program Files\\The All-Seeing Eye\\eye.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\EA GAMES\\MOHAANetDemo\\MOHAANetDemo.exe"=
    "c:\\Program Files\\TmNationsForever\\TmForever.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys [2007-11-26 16512]
    R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
    R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2007-10-27 288848]
    S0 kjyadobt;kjyadobt;c:\windows\system32\drivers\qqnwue.sys
    S2 CaretakerAntispam;Caretaker Antispam Service;"c:\program files\SurfRight\Caretaker\AntispamService.exe" [2007-11-26 132344]
    S2 CaretakerProxy;Caretaker Proxy;"c:\program files\SurfRight\Caretaker\CaretakerProxy.exe" [2007-11-26 570616]
    S2 CaretakerSvc;Caretaker Service;"c:\program files\SurfRight\Caretaker\CaretakerService.exe" [2007-11-26 963832]
    S2 CaretakerUpdate;Caretaker Updater;"c:\program files\SurfRight\Caretaker\CaretakerUpdater.exe" [2007-11-26 128248]
    S2 TmPfw;Trend Micro Personal Firewall;
    S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2007-11-01 1275584]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2007-10-29 742216]
    S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\DRIVERS\SUSCOM.SYS [2005-05-09 40448]
    S3 XDva039;XDva039;
    S4 mchInjDrv;madCodeHook DLL injection driver;\??\c:\windows\system32\Drivers\mchInjDrv.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{052eb702-28de-11dd-9877-0011d8c2eb82}]
    \Shell\AutoRun\command - E:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e86b94e-8fee-11da-b98a-0011d8c2eb82}]
    \Shell\AutoRun\command - I:\setup.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-12-16 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

    2008-12-18 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

    2008-11-28 c:\windows\Tasks\Norton Security Scan.job
    - c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]

    2008-12-05 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
    - c:\program files\RegistrySmart\RegistrySmart.exe

    2008-12-05 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
    - c:\program files\RegistrySmart
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKLM-Run-RegistryMechanic - (no file)
    HKLM-Run-Cmaudio - cmicnfg.cpl
    HKLM-Run-DmwClient - dmwclient.exe


    .
    ------- Bijkomende Scan -------
    .
    uStart Page = about:blank
    uSearch Page = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    uSearch Bar = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    mSearch Bar =
    uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
    FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\7o6d9y21.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nlfficial
    FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-18 10:20:31
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(436)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-12-18 10:22:29 - machine werd herstart
    ComboFix-quarantined-files.txt 2008-12-18 09:22:26

    Pre-Run: 713,789,440 bytes beschikbaar
    Post-Run: 1,131,368,448 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    234 --- E O F --- 2008-11-20 01:16:29


    Ook nog een HijackThis logje posten?
    Laatst gewijzigd door Cyberio; 18-12-08 om 10:42.

  4. #4
    Schermafbeelding van Cyberio
    Technische vaardigheid
    2. Redelijk ervaren
    Besturingssysteem
    Windows 7 Home Premium 32
    Antivirus
    TrendMicro
    Firewall
    Windows Firewall
    Berichten
    188
    Om het probleem nog even op te helderen:

    Ik werk nu in veilige modus met netwerkmogelijkhedenn omdat wanneer ik in normale modus opstart en wil inloggen, blijft die hangen op: Persoonlijke instellingen laden. Nu wilde ik mijn PC Cillin Internet Security 2009 installeren maar dit wilde niet lukken en ik kreeg deze melding:



    Vervolgers de scan uitgevoerd, maar hij voltooid helaas niet. Hij blijft hangen wanneer die ruim over de helft is. Volgende dag zit er nog geen vordering in. Doordat ik de scan niet kan voltooien, kan ik ook niet de software verwijderen wat de installatie onderdrukt.
    Laatst gewijzigd door Cyberio; 18-12-08 om 10:41.

  5. #5
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Het is natuurlijk maar de vraag of die scan het probleem kan oplossen

    Open Kladblok, kopiŰer en plak het volgende (blauwe tekst) in een leeg venster:



    Driver::
    kjyadobt
    XDva039
    mchInjDrv
    TmPfw




    Sla dit op op je Bureaublad als CFScript.txt

    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



    Dit zal ComboFix doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de Combofix.txt in je volgende antwoord.

  6. #6
    Schermafbeelding van Cyberio
    Technische vaardigheid
    2. Redelijk ervaren
    Besturingssysteem
    Windows 7 Home Premium 32
    Antivirus
    TrendMicro
    Firewall
    Windows Firewall
    Berichten
    188
    Done

    Hier het nieuwe logje:

    ComboFix 08-12-17.01 - Eigenaar 2008-12-18 12:12:06.2 - NTFSx86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1023.770 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix2.bat
    gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MCHINJDRV
    -------\Legacy_TMPFW
    -------\Legacy_XDVA039
    -------\Service_kjyadobt
    -------\Service_mchInjDrv
    -------\Service_TmPfw
    -------\Service_XDva039


    (((((((((((((((((((( Bestanden Gemaakt van 2008-11-18 to 2008-12-18 ))))))))))))))))))))))))))))))
    .

    2008-12-18 09:46 . 2008-12-18 09:46 <DIR> d-------- c:\windows\LastGood.Tmp
    2008-12-18 00:30 . 2008-12-18 00:30 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Malwarebytes
    2008-12-17 18:33 . 2008-12-17 23:00 <DIR> d-------- c:\program files\a-squared Anti-Malware
    2008-12-17 17:59 . 2008-12-18 01:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-17 17:59 . 2008-12-17 17:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-17 17:59 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-17 17:59 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-16 17:42 . 2008-12-16 17:49 <DIR> d-------- c:\documents and settings\Eigenaar\DoctorWeb
    2008-12-08 23:58 . 2008-12-08 23:58 <DIR> d-------- c:\program files\MSECache
    2008-12-07 19:31 . 2008-12-17 02:36 664 --a------ c:\windows\system32\d3d9caps.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-17 22:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-12-17 22:08 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Skype
    2008-12-05 19:02 --------- d-----w c:\program files\Hitman Pro
    2008-12-05 19:00 --------- d-----w c:\program files\Spyware Doctor
    2008-12-05 18:59 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-04 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
    2008-12-04 15:26 --------- d-----w c:\documents and settings\Eigenaar\Application Data\flashpaste
    2008-11-29 20:57 --------- d-----w c:\program files\Common Files\Symantec Shared
    2008-11-28 14:00 --------- d-----w c:\program files\Norton Security Scan
    2008-11-26 15:22 --------- d-----w c:\program files\TrackMania Nations ESWC
    2008-11-03 13:59 --------- d-----w c:\program files\Common Files\LogiShrd
    2008-11-03 13:54 --------- d-----w c:\program files\BitLord
    2008-11-03 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
    2008-11-03 13:53 --------- d-----w c:\program files\Lavasoft
    2008-11-03 13:53 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-11-03 13:53 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Lavasoft
    2008-11-03 13:34 --------- d-----w c:\program files\Logitech
    2008-11-03 13:34 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
    2008-10-28 16:07 --------- d-----w c:\program files\DMW Client 3
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2007-10-23 10:45 882,000 ----a-w c:\program files\HyCam2.exe
    2007-10-23 10:45 87,400 ----a-w c:\program files\UnHyCam2.exe
    2007-10-22 13:09 106,496 ----a-w c:\program files\CamRes2.dll
    2007-09-27 12:31 5,272 ----a-w c:\program files\HyCam2.tlb
    2007-08-23 00:09 3,655,608 ----a-w c:\program files\FLV PlayerRCATSetup.exe
    2007-08-23 00:07 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
    2007-08-11 16:15 57,344 ----a-w c:\program files\MClick2.dll
    2006-12-14 11:13 113,628 ----a-w c:\program files\HyCam2.chm
    2006-12-14 08:18 3,274 ----a-w c:\program files\agreement.txt
    2006-07-09 03:13 82 ----a-w c:\program files\HomePage.url
    2006-03-02 20:28 49,416 ----a-w c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
    2004-05-05 10:57 2,018 ----a-w c:\program files\readme.txt
    2004-04-16 12:07 675 ----a-w c:\program files\HyCam2.cnt
    1999-06-24 09:49 587 ----a-w c:\program files\8-44100d.wav
    1999-06-24 09:49 421 ----a-w c:\program files\8-44100u.wav
    1999-06-24 09:47 317 ----a-w c:\program files\8-22050d.wav
    1999-06-24 09:47 225 ----a-w c:\program files\8-22050u.wav
    1999-06-24 09:46 183 ----a-w c:\program files\8-11025d.wav
    1999-06-24 09:46 135 ----a-w c:\program files\8-11025u.wav
    1999-06-24 09:44 127 ----a-w c:\program files\8-8000u.wav
    1999-06-24 09:43 151 ----a-w c:\program files\8-8000d.wav
    1999-06-24 09:41 220 ----a-w c:\program files\16-8000u.wav
    1999-06-24 09:40 260 ----a-w c:\program files\16-8000d.wav
    1999-06-24 09:38 956 ----a-w c:\program files\16-44100u.wav
    1999-06-24 09:37 1,186 ----a-w c:\program files\16-44100d.wav
    1999-06-24 09:34 652 ----a-w c:\program files\16-22050d.wav
    1999-06-24 09:34 442 ----a-w c:\program files\16-22050u.wav
    1999-06-24 08:54 340 ----a-w c:\program files\16-11025d.wav
    1999-06-24 08:50 326 ----a-w c:\program files\16-11025u.wav
    2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
    2007-11-30 14:30 80 --sh--r c:\windows\system32\EF787312FD.dll
    2008-08-30 11:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008083020080831\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-18_10.21.58.42 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2005-07-14 1961984]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 376912]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
    "Flashpaste"="c:\program files\Flashpaste\flashpaste.exe" [2008-03-02 587264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-05 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "CaretakerNotifier"="c:\program files\SurfRight\Caretaker\Notifier.exe" [2007-11-26 746744]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2004-07-05 c:\windows\ALCWZRD.EXE]
    "Alcmtr"="ALCMTR.EXE" [2004-07-02 c:\windows\ALCMTR.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax
    "MSACM.CEGSM"= mobilev.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Credence-LimeWire On Startup.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2003-09-01 11:52 376912 c:\program files\Microsoft ActiveSync\WCESCOMM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "CAILI"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
    "d:\\Backup\\0\\Program Files\\A4Proxy\\A4Proxy.exe"=
    "d:\\Backup\\0\\Program Files\\The All-Seeing Eye\\eye.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\EA GAMES\\MOHAANetDemo\\MOHAANetDemo.exe"=
    "c:\\Program Files\\TmNationsForever\\TmForever.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys [2007-11-26 16512]
    R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
    R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2007-10-27 288848]
    S2 CaretakerAntispam;Caretaker Antispam Service;"c:\program files\SurfRight\Caretaker\AntispamService.exe" [2007-11-26 132344]
    S2 CaretakerProxy;Caretaker Proxy;"c:\program files\SurfRight\Caretaker\CaretakerProxy.exe" [2007-11-26 570616]
    S2 CaretakerSvc;Caretaker Service;"c:\program files\SurfRight\Caretaker\CaretakerService.exe" [2007-11-26 963832]
    S2 CaretakerUpdate;Caretaker Updater;"c:\program files\SurfRight\Caretaker\CaretakerUpdater.exe" [2007-11-26 128248]
    S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2007-11-01 1275584]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2007-10-29 742216]
    S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\DRIVERS\SUSCOM.SYS [2005-05-09 40448]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{052eb702-28de-11dd-9877-0011d8c2eb82}]
    \Shell\AutoRun\command - E:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e86b94e-8fee-11da-b98a-0011d8c2eb82}]
    \Shell\AutoRun\command - I:\setup.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-12-16 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

    2008-12-18 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

    2008-11-28 c:\windows\Tasks\Norton Security Scan.job
    - c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]

    2008-12-05 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
    - c:\program files\RegistrySmart\RegistrySmart.exe

    2008-12-05 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
    - c:\program files\RegistrySmart
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = about:blank
    uSearch Page = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    uSearch Bar = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    mSearch Bar =
    uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
    FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\7o6d9y21.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nlfficial
    FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-18 12:15:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(432)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-12-18 12:17:33 - machine werd herstart
    ComboFix-quarantined-files.txt 2008-12-18 11:17:30
    ComboFix2.txt 2008-12-18 09:22:30

    Pre-Run: 1.055.637.504 bytes beschikbaar
    Post-Run: 975,077,376 bytes beschikbaar

    223 --- E O F --- 2008-11-20 01:16:29

  7. #7
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Heb je betaald voor AVG antispyware en voor Spyware Doctor?
    Zo nee, zou je die dan even willen de´nstalleren?

    Vertel daarna hoe de situatie is.

  8. #8
    Schermafbeelding van Cyberio
    Technische vaardigheid
    2. Redelijk ervaren
    Besturingssysteem
    Windows 7 Home Premium 32
    Antivirus
    TrendMicro
    Firewall
    Windows Firewall
    Berichten
    188
    AVG & Spyware doctor gere´nstalled.
    Het is weer gelukt om in normale modus op te starten!
    Hartelijk dank voor je hulp

    Ik zou gelijk even kijken of ik de installatie van PC Cillin nu wel kan voltooien.

    Als laatste check of alles verder in orde is een HijackThis logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:27:50, on 18-12-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    C:\Program Files\SurfRight\Caretaker\AntispamService.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\SurfRight\Caretaker\Notifier.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Eigenaar\Mijn documenten\HiJackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Flashpaste] C:\Program Files\Flashpaste\flashpaste.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
    O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
    O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

    --
    End of file - 10765 bytes
    Laatst gewijzigd door Cyberio; 18-12-08 om 13:32.

  9. #9
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Citaat Oorspronkelijk geplaatst door Cyberio Bekijk Berichten
    AVG & Spyware doctor gere´nstalled.
    Het is weer gelukt om in normale modus op te starten!
    Hartelijk dank voor je hulp

    Ik zou gelijk even kijken of ik de installatie van PC Cillin nu wel kan voltooien.
    Laat maar weten

    Mijn idee was dat bijvoorbeeld Spyware Doctor het schrijven in het register blokkeerde waardoor je het programma niet installeren kon.

    Logje lijkt mij verder schoon.

  10. #10
    Schermafbeelding van Cyberio
    Technische vaardigheid
    2. Redelijk ervaren
    Besturingssysteem
    Windows 7 Home Premium 32
    Antivirus
    TrendMicro
    Firewall
    Windows Firewall
    Berichten
    188
    Installatie is voltooid
    Bedankt voor je hulp!
    Denk dat ik nucia maar is bedankje moet doen ofzo

    Ben nu aan het scannen met Trend Micro en als die nog wat vindt dat er even afgooien en dan moet het hopelijk allemaal weer in orde wezen!

    Nogmaals dank

  11. #11
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Graag gedaan hoor

    Doe dit nog:

    Je Java software is verouderd.
    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
    • Download Java Runtime Environment (JRE) 6u11(mirror) en bewaar het naar je Bureaublad.
    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
    • Herhaal dit tot alle oudere versies verdwenen zijn.
    • Na het verwijderen van alle oudere versies, herstart je pc.
    • Dubbelklik vervolgens op jre-6u11-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.

    Ga naar Start - Uitvoeren en geef daar het volgende in:
    Combofix /U
    Druk daarna op OK.
    Dit zal Combofix weer doen verwijderen.

    Dan denk ik dat we klaar zijn

  12. #12
    Schermafbeelding van Cyberio
    Technische vaardigheid
    2. Redelijk ervaren
    Besturingssysteem
    Windows 7 Home Premium 32
    Antivirus
    TrendMicro
    Firewall
    Windows Firewall
    Berichten
    188
    Ik denk het ook. Nogmaals dank!

  13. #13
    Schermafbeelding van Cyberio
    Technische vaardigheid
    2. Redelijk ervaren
    Besturingssysteem
    Windows 7 Home Premium 32
    Antivirus
    TrendMicro
    Firewall
    Windows Firewall
    Berichten
    188
    Moet ik deze trouwens ook verwijderen?



  14. #14
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Ja, dat zijn ook oude Java versies

Forum Rechten

  • Je mag geen nieuwe onderwerpen plaatsen
  • Je mag geen reacties plaatsen
  • Je mag geen bijlagen toevoegen
  • Je mag jouw berichten niet wijzigen