SSL-certificaat van Xolphin Powered by Cloud VPS - High Availability Cloud Servers Steun Nucia, doneer!
Pagina 1 van de 3 123 LaatsteLaatste
Resultaten 1 tot 20 van de 42
  1. #1

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    AVG
    Firewall
    Berichten
    54

    pc start pas 50 min. na aanzetten op

    Hallo, het is eigenlijk precies een jaar geleden dat ik vergelijkbare problemen had. M'n pc komt pas na 50 minuten na het aanzetten met het inlogscherm. Er zijn aanwijzingen dat m'n dochter iets met een msn-foto gedaan heeft. Ik heb alles zo'n beetje opgeschoond aan de hand van jullie zeer duidelijke instructies (bedankt!). Alleen met de kaspersky-scan krijg ik een blauw scherm met een melding dat windows is afgesloten vanwege bescherming tegen schade, dit terwijl ik AVG ge-de´nstalleerd had (kernel).
    Ook zegt m'n AVG dat er mogelijke besmetting is met Win32/DH.BA
    Ook mbam heeft wel wat gevonden en verwijderd, dit logje stuur ik maar mee.
    Na een week schonen blijft het probleem bestaan, als de pc uiteindelijk is opgestart heb ik overigens geen problemen.
    Met de nodige schroom toch maar een hjt-scan gedaan, log bijgevoegd. Kunnen jullie er wat mee? Groet Oscar

    Malwarebytes' Anti-Malware 1.41
    Database versie: 3262
    Windows 5.1.2600 Service Pack 3

    30-11-2009 21:59:51
    mbam-log-2009-11-30 (21-59-51).txt

    Scan type: Snelle Scan
    Objecten gescand: 170266
    Verstreken tijd: 1 hour(s), 57 minute(s), 21 second(s)

    Geheugenprocessen ge´nfecteerd: 0
    Geheugenmodulen ge´nfecteerd: 0
    Registersleutels ge´nfecteerd: 2
    Registerwaarden ge´nfecteerd: 1
    Registerdata bestanden ge´nfecteerd: 3
    Mappen ge´nfecteerd: 1
    Bestanden ge´nfecteerd: 3

    Geheugenprocessen ge´nfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen ge´nfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels ge´nfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-21cx5c574571} (Generic.Bot.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

    Registerwaarden ge´nfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

    Registerdata bestanden ge´nfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.freeart1cile.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

    Mappen ge´nfecteerd:
    C:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Quarantined and deleted successfully.

    Bestanden ge´nfecteerd:
    C:\Documents and Settings\Spel\Local Settings\temp\992.exe (Adware.Mirar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Spel\Local Settings\temp\0916074100000fb066b4gjhjye\992.exe (Adware.Mirar) -> Quarantined and deleted successfully.
    C:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:33:19, on 5-12-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16915)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Firevall Administrating] rndll.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://62.69.169.37/Java/cs4fs095.cab
    O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/ra...gameloader.cab
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://vontjah.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/.../GAME_UNO1.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigm...eUploader4.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://vontjah.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/static...eUploader4.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.co...x/HMAtchmt.ocx
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 10541 bytes

  2. #2

    Technische vaardigheid
    5. Expert
    Firewall
    Berichten
    3.036
    Hoi,

    1. Start Hijackthis, en kies voor 'Do a system scan only'. Vink, indien aanwezig, onderstaande regel aan:

    O4 - HKLM\..\Run: [Firevall Administrating] rndll.exe

    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op 'Fix Checked.'

    Herstart nu je computer

    2. Open MBAM, kies voor updaten en kies daarna voor een snelle scan.

    Post het MBAMlogje samen met een nieuw Hijackthislogje in je volgende antwoord.

    Succes!
    Laatst gewijzigd door Tjibbe; 30-11-11 om 17:22.

  3. #3

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    AVG
    Firewall
    Berichten
    54
    Hoi Tjibbe, bijgaand nieuw hjt-log. Deze alleen, mbam had niiets meer gevonden. Groet van Oscar

    Het opstarten ging overigens nog niet sneller.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:15:37, on 5-12-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16915)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://62.69.169.37/Java/cs4fs095.cab
    O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/ra...gameloader.cab
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://vontjah.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/.../GAME_UNO1.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigm...eUploader4.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://vontjah.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/static...eUploader4.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.co...x/HMAtchmt.ocx
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 10475 bytes

  4. #4

    Technische vaardigheid
    5. Expert
    Firewall
    Berichten
    3.036
    Beste bezoeker van dit topic,

    De gegeven adviezen en gebruikte tooltjes in dit topic zijn uniek aan de computer en het probleem van deze persoon. Het opvolgen van deze unieke adviezen/instructies en programma's wordt ten zeerste afgeraden. Dit kan leiden tot (ernstige) complicaties. Het beste is om, indien je een (soortgelijk) probleem ondervind, je tot de volgende pagina te wenden: http://www.nucia.eu/forum/showthread.php?t=40734.
    We zullen je daarna graag verder helpen in je eigen topic!



    Hallo,

    Dan kijken we even verder!

    1. Download Combofix naar je Bureaublad.
    Schakel je Antivirus scanner uit alvorens Combofix op te starten. Sommige scanners detecteren Combofix als malware en kunnen componeneten verwijderen. Indien dit gebeurt, download Combofix opnieuw.
    • Dubbelklik op Combofix.exe om het te starten.
    • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    • Indien de Recovery Console niet ge´nstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
    • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    • Klik na afloop terug op Ja om het scannen op malware te starten.
    • Tijdens het runnen van Combofix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    • Wanneer Combofix voltooid is en na herstart, zal de log Combofix.txt openen.

    Post het Combofixlogje samen met een nieuw Hijackthislogje in je volgende antwoord.

    Succes!
    Laatst gewijzigd door Tjibbe; 30-11-11 om 17:23.

  5. #5

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    AVG
    Firewall
    Berichten
    54
    Hoi Tjibbe, bijgaand de results. Combofix.log lijkt niet zo spannend. Alleen begrijp ik niet dat nod32 nog ergens rondwaart. Na het opnieuw opstarten kreeg ik een melding dat combofix iets niet had kunnen doen omdat er een file geblokkeerd was, volgens mij CF7382.cfxxe. Ik denk dat dit door Armor Online komt, ik denk dat ik die maar weer verwijder en gewoon windows firewall aanzet.
    Ik hoor het wel weer, het opstarten gaat nog niet echt sneller
    Groet van Oscar

    ComboFix 09-12-06.07 - Spel 06-12-2009 21:15:54.5.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.256 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Spel\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: ESET NOD32 antivirus systeem 0.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
    .

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:31:07, on 6-12-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16915)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKLM\..\Run: [combofix] C:\ComboFix\CF7382.cfxxe /c C:\ComboFix\Combobatch.bat
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://62.69.169.37/Java/cs4fs095.cab
    O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/ra...gameloader.cab
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://vontjah.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/.../GAME_UNO1.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigm...eUploader4.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://vontjah.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/static...eUploader4.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.co...x/HMAtchmt.ocx
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 10756 bytes

  6. #6

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    AVG
    Firewall
    Berichten
    54
    Dag Tjibbe, na de firewall verwijderd te hebben moest ik opnieuw opstarten, waarna zowaar het combofix log, dus zie hieronder. voor de zekerheid ook nog maar een hjt.log

    ComboFix 09-12-06.07 - Spel 06-12-2009 21:15.5.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.256 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Spel\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: ESET NOD32 antivirus systeem 0.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\application data \sacache\5\c1.log
    c:\documents and settings\All Users\application data \sacache\nowin.log
    c:\documents and settings\All Users\application data \sys001.log
    c:\documents and settings\All Users\application data \sys002.log
    c:\documents and settings\All Users\application data \sys004.log
    c:\documents and settings\All Users\application data \sys007.log
    c:\documents and settings\Spel\eula.txt
    c:\documents and settings\Spel\Mijn documenten\ZbThumbnail.info
    c:\documents and settings\yvonne\Mijn documenten\ZbThumbnail.info
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll
    c:\program files\WinConfig
    c:\program files\WinConfig\npf_mgm.exe
    c:\windows\CoD-Wallhack
    c:\windows\CoD-Wallhack \uninstall.exe
    c:\windows\Downloaded Program Files\RdxIE.dll
    c:\windows\system32\clrviddc.dll
    c:\windows\system32\NTSVc.ocx
    c:\windows\system32\web.dat
    c:\documents and settings\All Users\application data . . . . konden niet verwijderd worden

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-11-06 to 2009-12-06 ))))))))))))))))))))))))))))))
    .

    2009-12-06 20:06 . 2009-12-06 20:06 -------- d-----w- c:\documents and settings\Spel\Application Data\AVG9
    2009-12-05 12:44 . 2009-12-05 12:44 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-03 19:38 . 2009-12-06 22:55 -------- d--h--r- c:\documents and settings\Spel\Onlangs geopend
    2009-12-03 19:32 . 2009-12-03 19:32 -------- d-----w- c:\program files\CCleaner
    2009-12-02 21:10 . 2009-10-16 11:12 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2009-12-02 21:05 . 2009-12-03 17:39 -------- d-----w- C:\$AVG
    2009-12-02 21:05 . 2009-12-02 21:05 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-12-02 21:05 . 2009-12-02 21:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-12-02 21:04 . 2009-12-02 21:04 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-12-02 21:04 . 2009-12-02 21:04 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-12-02 21:04 . 2009-12-06 22:37 -------- d-----w- c:\windows\system32\drivers\Avg
    2009-12-02 21:04 . 2009-12-02 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-12-02 21:04 . 2009-12-06 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2009-11-30 18:53 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-30 18:53 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-30 18:53 . 2009-12-05 12:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-30 00:24 . 2009-11-30 00:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2009-11-26 13:22 . 2008-09-26 23:00 230752 ----a-w- c:\windows\patchw32.dll
    2009-11-26 13:22 . 2008-09-26 23:00 118176 ----a-w- c:\windows\patchw.dll
    2009-11-26 13:05 . 2009-11-26 13:05 -------- d-----w- c:\program files\Outspark
    2009-11-26 12:19 . 2009-11-30 00:20 -------- d-----w- c:\program files\Pando Networks
    2009-11-23 22:26 . 2009-11-23 22:26 -------- d-----w- c:\windows\system32\wbem\Repository
    2009-11-10 13:18 . 2009-11-10 13:18 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
    2009-11-10 11:43 . 2009-11-10 11:47 -------- d-----w- c:\windows\.mpr_file_store_32
    2009-11-10 11:31 . 2009-11-10 11:34 -------- d-----w- C:\Ballscapev4Cache
    2009-11-10 11:13 . 2009-11-10 12:06 -------- d-----w- c:\documents and settings\Spel\Application Data\FOG Downloader
    2009-11-10 11:13 . 2009-11-10 11:13 -------- d-----w- c:\program files\runes of magic

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-05 18:29 . 2009-04-04 11:29 117760 ----a-w- c:\documents and settings\Spel\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-05 18:28 . 2008-12-12 00:20 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-03 21:00 . 2004-08-30 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-12-03 20:11 . 2004-08-30 22:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-03 18:15 . 2007-01-06 00:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-12-02 21:04 . 2009-09-01 20:40 -------- d-----w- c:\program files\AVG
    2009-11-29 23:56 . 2008-06-12 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2009-11-29 23:50 . 2004-02-13 18:49 -------- d-----w- c:\program files\Microsoft Works
    2009-11-29 22:21 . 2004-08-26 19:59 -------- d-----w- c:\program files\spel
    2009-11-29 21:59 . 2004-12-05 08:00 -------- d-----w- c:\program files\EA GAMES
    2009-11-29 21:32 . 2004-02-13 13:19 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-11-29 21:30 . 2007-07-14 07:00 -------- d-----w- c:\program files\LimeWire
    2009-11-27 09:40 . 2009-09-09 15:40 63 ----a-w- c:\documents and settings\Spel\jagex_runescape_preferences2.dat
    2009-11-27 09:39 . 2008-07-02 08:58 38 ----a-w- c:\documents and settings\Spel\jagex_runescape_preferences.dat
    2009-11-26 09:46 . 2004-11-28 15:51 56132 ----a-w- c:\documents and settings\Spel\Application Data\wklnhst.dat
    2009-11-23 14:37 . 2009-05-11 10:21 -------- d-----w- c:\documents and settings\Spel\Application Data\PC Suite
    2009-11-19 22:28 . 2007-07-14 07:10 -------- d-----w- c:\documents and settings\Spel\Application Data\LimeWire
    2009-11-10 13:18 . 2009-08-20 16:16 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-11-10 13:18 . 2009-08-20 16:16 138056 ----a-w- c:\documents and settings\Spel\Application Data\PnkBstrK.sys
    2009-11-10 13:18 . 2009-08-20 16:16 138056 ----a-w- c:\documents and settings\Spel\Application Data\PnkBstrK.sys
    2009-11-10 13:18 . 2007-04-28 08:34 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-11-10 11:41 . 2009-11-02 15:12 -------- d-----w- c:\documents and settings\Spel\Application Data\godzHell
    2009-11-10 11:23 . 2004-08-06 10:37 -------- d-----w- c:\program files\Activision
    2009-11-06 00:25 . 2009-09-16 05:40 -------- d-----w- c:\program files\Windows Live
    2009-11-06 00:03 . 2007-07-14 07:06 -------- d-----w- c:\program files\Java
    2009-11-02 15:25 . 2009-11-02 15:25 17 ----a-w- c:\documents and settings\Spel\Application Data\godzHell\jag2png.bat
    2009-10-31 01:32 . 2007-04-28 08:34 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2009-10-28 18:33 . 2004-02-13 13:18 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-10-28 18:31 . 2009-08-14 15:06 -------- d-----w- c:\program files\DNA
    2009-10-28 17:39 . 2005-06-16 17:13 -------- d-----w- c:\program files\Rockstar Games
    2009-10-28 17:28 . 2009-10-28 17:28 -------- d-----w- c:\program files\Cod4
    2009-10-25 18:50 . 2004-02-14 06:40 504620 ----a-w- c:\windows\system32\perfh013.dat
    2009-10-25 18:50 . 2004-02-14 06:40 89526 ----a-w- c:\windows\system32\perfc013.dat
    2009-10-11 03:17 . 2008-12-11 22:34 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-10 09:46 . 2008-07-14 21:09 -------- d-----w- c:\program files\TomTom HOME 2
    2009-09-16 05:49 . 2004-08-30 16:16 69560 -c--a-w- c:\documents and settings\Spel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-11 14:20 . 2004-02-14 06:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-08 17:53 . 2009-08-20 16:15 794408 ----a-w- c:\windows\system32\pbsvc.exe
    2006-03-18 23:28 . 2006-03-18 23:29 774144 -c--a-w- c:\program files\RngInterstitial.dll
    2005-09-12 10:37 . 2005-09-12 10:37 124 -c--a-w- c:\program files\Warez P2P ClientIPGUARD.LOG
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-10-16 11:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2009-12-05 2001648]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-07-22 77824]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-02 2020120]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-12-05 18:28 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-12-02 21:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Spel^Menu Start^Programma's^Opstarten^Xfire.lnk]
    backup=c:\windows\pss\Xfire.lnkStartup

    [HKLM\~\startupfolder\C:^WINDOWS^system32^WinSvc32^Adobe Reader Snelle start.lnk]
    backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^WINDOWS^system32^WinSvc32^BlueSoleil.lnk]
    backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-07-14 14:09 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    2008-04-14 17:03 110592 ----a-w- c:\windows\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
    2004-02-05 12:45 510464 -c----w- c:\windows\mHotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    2004-01-07 14:14 2453504 -c----w- c:\windows\CMICNFG.CPL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 17:02 15360 ------w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
    2004-02-03 16:15 5794816 -c----w- c:\windows\CNYHKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
    2002-03-29 02:44 794112 ------w- c:\windows\system32\LXSUPMON.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    2006-11-02 19:26 190024 -c--a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2006-01-17 12:03 53248 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2004-02-19 09:09 61440 -c----w- c:\program files\Home Cinema\PowerCinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    2007-03-23 11:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
    2002-03-29 02:44 36864 -c----w- c:\windows\system32\spool\drivers\w32x86\3\printray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2004-07-22 10:11 77824 ------w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2005-08-21 07:02 180269 -c----w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "x10nets"=3 (0x3)
    "WMPNetworkSvc"=3 (0x3)
    "PnkBstrB"=3 (0x3)
    "PnkBstrA"=2 (0x2)
    "MDM"=2 (0x2)
    "LexBceS"=2 (0x2)
    "IDriverT"=3 (0x3)
    "dnetc"=2 (0x2)
    "C-DillaCdaC11BA"=2 (0x2)
    "Brother XP spl Service"=2 (0x2)
    "BlueSoleil Hid Service"=2 (0x2)
    "WinDefend"=2 (0x2)
    "CCALib8"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2-12-2009 22:04 333192]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2-12-2009 22:05 360584]
    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4-7-2008 16:05 15424]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [4-12-2008 13:50 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4-12-2008 13:50 74480]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2-12-2009 22:04 285392]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16-9-2009 6:47 54752]
    R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [27-2-2005 16:48 2368]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
    R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [3-2-2004 7:28 24704]
    R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [3-2-2004 7:28 380736]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4-12-2008 13:50 7408]
    R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [13-2-2004 15:13 11672]
    R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [13-2-2004 14:38 19928]
    S0 uefbwsw;uefbwsw;c:\windows\system32\drivers\zxod.sys --> c:\windows\system32\drivers\zxod.sys [?]
    S3 CA504AV;MegaCam, WDM Video Capture;c:\windows\system32\drivers\ca504av.sys [18-8-2004 19:17 517941]
    S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [13-2-2004 14:27 13440]
    S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 21:48 704864]
    S3 Sunplus;MegaCam Still Image Capture, Sunplus Version 1.00;c:\windows\system32\drivers\Bulk504.sys [18-8-2004 19:21 10952]
    S3 XDva281;XDva281; [x]
    .
    ------- Bijkomende Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uStart Page = hxxp://www.startpagina.nl/
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    DPF: ChatSpace Full Java Client 2.1.0.95 - hxxp://62.69.169.37/Java/cs4fs095.cab
    DPF: DirectAnimation Java Classes
    DPF: Microsoft XML Parser for Java
    DPF: RaptisoftGameLoader - hxxp://www.raptisoft.com/webgames/raptisoftgameloader.cab
    DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
    DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab
    .
    .
    ------- Bestandsassociaties -------
    .
    txtfile="%WinDir%\system32\NOTEPAD.EXE" %1
    .
    - - - - ORPHANS VERWIJDERD - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-TkBellExe - realsched.exe
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-AVG Anti-Spyware Guard
    MSConfigStartUp-Dit - Dit.exe
    AddRemove-RealArcade 1.2 - c:\program files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
    AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-07 00:54
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    @DACL=(02 0000)
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(908)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(1352)
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
    c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_dut.nlr
    c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\windows\system32\LEXBCES.EXE
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\windows\system32\LEXPPS.EXE
    c:\windows\System32\SCardSvr.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\windows\System32\locator.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-12-07 01:22 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-12-07 00:22
    ComboFix2.txt 2009-04-04 12:16
    ComboFix3.txt 2008-12-19 20:21
    ComboFix4.txt 2008-12-17 00:36
    ComboFix5.txt 2009-12-06 20:12

    Pre-Run: 38.110.154.752 bytes beschikbaar
    Post-Run: 38.761.103.360 bytes beschikbaar

    - - End Of File - - 6AA3AD150B3EC222EC9B63AA981532EC

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:07:18, on 7-12-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16915)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://62.69.169.37/Java/cs4fs095.cab
    O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/ra...gameloader.cab
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://vontjah.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/.../GAME_UNO1.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigm...eUploader4.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://vontjah.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/static...eUploader4.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.co...x/HMAtchmt.ocx
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 10039 bytes

  7. #7

    Technische vaardigheid
    5. Expert
    Firewall
    Berichten
    3.036
    Beste bezoeker van dit topic,

    De gegeven adviezen en gebruikte tooltjes in dit topic zijn uniek aan de computer en het probleem van deze persoon. Het opvolgen van deze unieke adviezen/instructies en programma's wordt ten zeerste afgeraden. Dit kan leiden tot (ernstige) complicaties. Het beste is om, indien je een (soortgelijk) probleem ondervind, je tot de volgende pagina te wenden: http://www.nucia.eu/forum/showthread.php?t=40734.
    We zullen je daarna graag verder helpen in je eigen topic!



    Hoi,

    Deinstalleer ESET maar via deze removal tool; http://www.nod32.nl/download/tool/nod32removal.exe

    Er zijn inderdaad nog restjes aanwezig

    1. Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

    Code:
    Driver::
    uefbwsw
    File::
    c:\windows\system32\drivers\zxod.sys
    Sla het kladblokbestand op als CFScript.txt

    Sleep vervolgens CFScript.txt in Combofix.exe zoals in het plaatje hieronder weergeven.


    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.

    Post het logje in je volgende antwoord en laat weten of je nog problemen ondervind
    Laatst gewijzigd door Tjibbe; 30-11-11 om 17:23.

  8. #8

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    AVG
    Firewall
    Berichten
    54
    Hoi Tjibbe, tijdens het starten meldde combofis dat er een update beschikbaar was, ik heb dit toegestaan. Combofis startte daarna zichzelf opnieuw. Is dit nu MET het script of niet? Groet van Oscar

  9. #9

    Technische vaardigheid
    5. Expert
    Firewall
    Berichten
    3.036
    Als het goed is zou het script nog gewoon door Combofix meegenomen worden
    Laatst gewijzigd door Tjibbe; 30-11-11 om 17:23.

  10. #10

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    AVG
    Firewall
    Berichten
    54
    ok, had even op de bovenste rand van het venster geklikt om screensaver op te heffen, en dan hangt ie hŔ. klein uurtje opnieuw opstarten, klein uurtje scannen, klein uurtje opnieuw opstarten .....zzzzzzzzzzzzz

  11. #11

    Technische vaardigheid
    5. Expert
    Firewall
    Berichten
    3.036
    Als je de computer opnieuw opstart en hier kijkt: C:\Combofix.txt zie je dan een nieuw logje?

    Laat anders Combofix nogmaals draaien. Indien deze het niet doet zonder het CFScript.

    Laat maar weten of het is gelukt.
    Laatst gewijzigd door Tjibbe; 30-11-11 om 17:24.

  12. #12

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    AVG
    Firewall
    Berichten
    54
    Dag Tjibbe, na een uur tegen het intel-inside scherm aan te hebben gekeken ging m'n scherm over in zwart met de cursor linksboven knipperend, nu ook al bijna 3 kwartier, mag ik ctrl-alt-del geven voor een herstart? Gr. Oscar

  13. #13

    Technische vaardigheid
    5. Expert
    Firewall
    Berichten
    3.036
    Hallo Oscar,

    Ik neem aan dat je dat onderhand al hebt gedaan

    Hoe staat het er nu voor?
    Laatst gewijzigd door Tjibbe; 30-11-11 om 17:24.

  14. #14

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    AVG
    Firewall
    Berichten
    54
    idd Tjibbe, maar dat vond ie niet echt leuk. Na de herstartbleef hij weer hangen. PC nog maar eens uit gezet. Daarna weer aan en zo af en toe hoorde ik de hd rammelen. Ben naar bed gegaan en vanmorgen stond gelukkig gewoon het opstartscherm in beeld. Helaas geen combolog, en ook het script was van m'n bureaublad verdwenen.
    Net een uur geleden pas de gelegenheid om de hele riedel opnieuw te doen, dus hij loopt nog. Groet Oscar

  15. #15

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    AVG
    Firewall
    Berichten
    54
    Dag Tjibbe, daar is tie dan. zal zo de pc nog eens herstarten om te kijken of dat nu sneller gaat. Wat was eigenlijk het hoofdprobleem? Groet van Oscar

    ComboFix 09-12-08.03 - Spel 08-12-2009 21:25:50.7.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.311 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Spel\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Spel\Bureaublad\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: ESET NOD32 antivirus systeem 0.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    FILE ::
    "c:\windows\system32\drivers\zxod.sys"
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\application data
    c:\documents and settings\Spel\Menu Start\Programma's\CoD-Wallhack
    c:\documents and settings\All Users\application data . . . . konden niet verwijderd worden

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_uefbwsw
    -------\Service_uefbwsw


    (((((((((((((((((((( Bestanden Gemaakt van 2009-11-08 to 2009-12-08 ))))))))))))))))))))))))))))))
    .

    2009-12-06 20:06 . 2009-12-06 20:06 -------- d-----w- c:\documents and settings\Spel\Application Data\AVG9
    2009-12-03 19:38 . 2009-12-08 13:11 -------- d--h--r- c:\documents and settings\Spel\Onlangs geopend
    2009-12-03 19:32 . 2009-12-03 19:32 -------- d-----w- c:\program files\CCleaner
    2009-12-02 21:05 . 2009-12-03 17:39 -------- d-----w- C:\$AVG
    2009-12-02 21:05 . 2009-12-02 21:05 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-12-02 21:05 . 2009-12-02 21:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-12-02 21:04 . 2009-12-02 21:04 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-12-02 21:04 . 2009-12-02 21:04 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-12-02 21:04 . 2009-12-08 17:42 -------- d-----w- c:\windows\system32\drivers\Avg
    2009-12-02 21:04 . 2009-12-02 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-12-02 21:04 . 2009-12-06 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2009-11-30 18:53 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-30 18:53 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-30 18:53 . 2009-12-05 12:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-30 00:24 . 2009-11-30 00:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2009-11-26 13:22 . 2008-09-26 23:00 230752 ----a-w- c:\windows\patchw32.dll
    2009-11-26 13:22 . 2008-09-26 23:00 118176 ----a-w- c:\windows\patchw.dll
    2009-11-26 13:05 . 2009-11-26 13:05 -------- d-----w- c:\program files\Outspark
    2009-11-26 12:19 . 2009-11-30 00:20 -------- d-----w- c:\program files\Pando Networks
    2009-11-23 22:26 . 2009-11-23 22:26 -------- d-----w- c:\windows\system32\wbem\Repository
    2009-11-10 13:18 . 2009-11-10 13:18 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
    2009-11-10 11:43 . 2009-11-10 11:47 -------- d-----w- c:\windows\.mpr_file_store_32
    2009-11-10 11:31 . 2009-11-10 11:34 -------- d-----w- C:\Ballscapev4Cache
    2009-11-10 11:13 . 2009-11-10 12:06 -------- d-----w- c:\documents and settings\Spel\Application Data\FOG Downloader
    2009-11-10 11:13 . 2009-11-10 11:13 -------- d-----w- c:\program files\runes of magic

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-05 18:29 . 2009-04-04 11:29 117760 ----a-w- c:\documents and settings\Spel\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-05 18:28 . 2008-12-12 00:20 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-05 12:44 . 2009-12-05 12:44 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-03 21:00 . 2004-08-30 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-12-03 20:11 . 2004-08-30 22:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-03 18:15 . 2007-01-06 00:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-12-02 21:04 . 2009-09-01 20:40 -------- d-----w- c:\program files\AVG
    2009-11-29 23:56 . 2008-06-12 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2009-11-29 23:50 . 2004-02-13 18:49 -------- d-----w- c:\program files\Microsoft Works
    2009-11-29 22:21 . 2004-08-26 19:59 -------- d-----w- c:\program files\spel
    2009-11-29 21:59 . 2004-12-05 08:00 -------- d-----w- c:\program files\EA GAMES
    2009-11-29 21:32 . 2004-02-13 13:19 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-11-29 21:30 . 2007-07-14 07:00 -------- d-----w- c:\program files\LimeWire
    2009-11-27 09:40 . 2009-09-09 15:40 63 ----a-w- c:\documents and settings\Spel\jagex_runescape_preferences2.dat
    2009-11-27 09:39 . 2008-07-02 08:58 38 ----a-w- c:\documents and settings\Spel\jagex_runescape_preferences.dat
    2009-11-26 09:46 . 2004-11-28 15:51 56132 ----a-w- c:\documents and settings\Spel\Application Data\wklnhst.dat
    2009-11-23 14:37 . 2009-05-11 10:21 -------- d-----w- c:\documents and settings\Spel\Application Data\PC Suite
    2009-11-19 22:28 . 2007-07-14 07:10 -------- d-----w- c:\documents and settings\Spel\Application Data\LimeWire
    2009-11-10 13:18 . 2009-08-20 16:16 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-11-10 13:18 . 2009-08-20 16:16 138056 ----a-w- c:\documents and settings\Spel\Application Data\PnkBstrK.sys
    2009-11-10 13:18 . 2009-08-20 16:16 138056 ----a-w- c:\documents and settings\Spel\Application Data\PnkBstrK.sys
    2009-11-10 13:18 . 2007-04-28 08:34 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-11-10 11:41 . 2009-11-02 15:12 -------- d-----w- c:\documents and settings\Spel\Application Data\godzHell
    2009-11-10 11:23 . 2004-08-06 10:37 -------- d-----w- c:\program files\Activision
    2009-11-06 00:25 . 2009-09-16 05:40 -------- d-----w- c:\program files\Windows Live
    2009-11-06 00:03 . 2007-07-14 07:06 -------- d-----w- c:\program files\Java
    2009-11-02 15:25 . 2009-11-02 15:25 17 ----a-w- c:\documents and settings\Spel\Application Data\godzHell\jag2png.bat
    2009-10-31 01:32 . 2007-04-28 08:34 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2009-10-28 18:33 . 2004-02-13 13:18 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-10-28 18:31 . 2009-08-14 15:06 -------- d-----w- c:\program files\DNA
    2009-10-28 17:39 . 2005-06-16 17:13 -------- d-----w- c:\program files\Rockstar Games
    2009-10-28 17:28 . 2009-10-28 17:28 -------- d-----w- c:\program files\Cod4
    2009-10-25 18:50 . 2004-02-14 06:40 504620 ----a-w- c:\windows\system32\perfh013.dat
    2009-10-25 18:50 . 2004-02-14 06:40 89526 ----a-w- c:\windows\system32\perfc013.dat
    2009-10-16 11:12 . 2009-12-02 21:10 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2009-10-11 03:17 . 2008-12-11 22:34 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-10 09:46 . 2008-07-14 21:09 -------- d-----w- c:\program files\TomTom HOME 2
    2009-09-16 05:49 . 2004-08-30 16:16 69560 -c--a-w- c:\documents and settings\Spel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-11 14:20 . 2004-02-14 06:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2006-03-18 23:28 . 2006-03-18 23:29 774144 -c--a-w- c:\program files\RngInterstitial.dll
    2005-09-12 10:37 . 2005-09-12 10:37 124 -c--a-w- c:\program files\Warez P2P ClientIPGUARD.LOG
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-10-16 11:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-07-22 77824]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-02 2020120]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-12-05 18:28 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-12-02 21:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Spel^Menu Start^Programma's^Opstarten^Xfire.lnk]
    backup=c:\windows\pss\Xfire.lnkStartup

    [HKLM\~\startupfolder\C:^WINDOWS^system32^WinSvc32^Adobe Reader Snelle start.lnk]
    backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^WINDOWS^system32^WinSvc32^BlueSoleil.lnk]
    backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-07-14 14:09 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    2008-04-14 17:03 110592 ----a-w- c:\windows\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
    2004-02-05 12:45 510464 -c----w- c:\windows\mHotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    2004-01-07 14:14 2453504 -c----w- c:\windows\CMICNFG.CPL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 17:02 15360 ------w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
    2004-02-03 16:15 5794816 -c----w- c:\windows\CNYHKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
    2002-03-29 02:44 794112 ------w- c:\windows\system32\LXSUPMON.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    2006-11-02 19:26 190024 -c--a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2006-01-17 12:03 53248 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2004-02-19 09:09 61440 -c----w- c:\program files\Home Cinema\PowerCinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    2007-03-23 11:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
    2002-03-29 02:44 36864 -c----w- c:\windows\system32\spool\drivers\w32x86\3\printray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2004-07-22 10:11 77824 ------w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2005-08-21 07:02 180269 -c----w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "x10nets"=3 (0x3)
    "WMPNetworkSvc"=3 (0x3)
    "PnkBstrB"=3 (0x3)
    "PnkBstrA"=2 (0x2)
    "MDM"=2 (0x2)
    "LexBceS"=2 (0x2)
    "IDriverT"=3 (0x3)
    "dnetc"=2 (0x2)
    "C-DillaCdaC11BA"=2 (0x2)
    "Brother XP spl Service"=2 (0x2)
    "BlueSoleil Hid Service"=2 (0x2)
    "WinDefend"=2 (0x2)
    "CCALib8"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2-12-2009 22:04 333192]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2-12-2009 22:05 360584]
    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4-7-2008 16:05 15424]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [4-12-2008 13:50 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4-12-2008 13:50 74480]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2-12-2009 22:04 285392]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16-9-2009 6:47 54752]
    R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [27-2-2005 16:48 2368]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
    R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [3-2-2004 7:28 24704]
    R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [3-2-2004 7:28 380736]
    R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [13-2-2004 15:13 11672]
    R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [13-2-2004 14:38 19928]
    S3 CA504AV;MegaCam, WDM Video Capture;c:\windows\system32\drivers\ca504av.sys [18-8-2004 19:17 517941]
    S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [13-2-2004 14:27 13440]
    S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 21:48 704864]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4-12-2008 13:50 7408]
    S3 Sunplus;MegaCam Still Image Capture, Sunplus Version 1.00;c:\windows\system32\drivers\Bulk504.sys [18-8-2004 19:21 10952]
    S3 XDva281;XDva281; [x]
    .
    ------- Bijkomende Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uStart Page = hxxp://www.startpagina.nl/
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    DPF: ChatSpace Full Java Client 2.1.0.95 - hxxp://62.69.169.37/Java/cs4fs095.cab
    DPF: DirectAnimation Java Classes
    DPF: Microsoft XML Parser for Java
    DPF: RaptisoftGameLoader - hxxp://www.raptisoft.com/webgames/raptisoftgameloader.cab
    DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
    DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -

    AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe -fc:\windows\orun32.isu
    AddRemove-QuickTime 3.0 - c:\program files\QuickTime\DeIsL7.isu -cc:\windows\system32\QTUninst.dll



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-08 22:32
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    @DACL=(02 0000)
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(932)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3564)
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
    c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_dut.nlr
    c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\Ati2evxx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\windows\system32\LEXPPS.EXE
    c:\windows\System32\SCardSvr.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\windows\System32\locator.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-12-08 22:47:38 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-12-08 21:47
    ComboFix2.txt 2009-12-07 00:22
    ComboFix3.txt 2009-04-04 12:16
    ComboFix4.txt 2008-12-19 20:21
    ComboFix5.txt 2009-12-07 18:58

    Pre-Run: 38.263.996.416 bytes beschikbaar
    Post-Run: 38.607.663.104 bytes beschikbaar

    - - End Of File - - B9A72FF1BBA6C05C682C3363FFFF74F3

  16. #16

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    AVG
    Firewall
    Berichten
    54
    Dag Tjibbe, de reboot duurde toch weer 45 minuten, ik ben toch niet herbesmet ofzo? Voor de zekerheid bjigaand een hjt-log. Groet Oscar

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:48:22, on 8-12-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16915)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://62.69.169.37/Java/cs4fs095.cab
    O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/ra...gameloader.cab
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://vontjah.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/.../GAME_UNO1.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigm...eUploader4.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://vontjah.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/static...eUploader4.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.co...x/HMAtchmt.ocx
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 9903 bytes

  17. #17

    Technische vaardigheid
    5. Expert
    Firewall
    Berichten
    3.036
    Hoi,

    Het probleem is dat hij bepaalde bestanden niet wilt verwijderen

    Ik zie dat je ook met hacks voor spellen bezig bent geweest?

    1. Ga naar Start - Uitvoeren en geef hier de volgende regel in:
    Combofix /uninstall
    Druk daarna op OK.
    Let op dat je wel een spatie plaatst tussen Combofix en /U
    Hiermee verwijder je alles van Combofix en ook nog de eventuele restanten van de infecties uit je systeemherstel.

    2. Download Dr.Web CureIt en sla het op je bureaublad op.
    • Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
      Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
    • De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
    • Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
    • Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
      • Adware: Verplaats
      • Dialers: Verplaats
      • Jokes: Rapportage
      • Riskware: Rapportage
      • Hacktools: Verplaats
      • Haal dan het vinkje weg bij 'Prompt bij actie'.
    • Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
      Druk vervolgens op Toepassen gevolgd door OK.
    • Eenmaal als de korte scan is beŰindigd vink je aan: Volledige scan.
      Druk daarna op het groene pijltje (start knop) om de scan te starten.
    • Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
    • Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
      Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
    • Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
    • Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

    3. Download Combofix opnieuw en doe een scan zonder het CFScript.

    Post beide logjes in je volgende antwoord.

    Succes!
    Laatst gewijzigd door Tjibbe; 30-11-11 om 17:24.

  18. #18

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    AVG
    Firewall
    Berichten
    54
    Hoi Tjibbe, het gaat nog niet allemaal vanzelf. Ik reageer vast maar even, straks denk je dat ik het op heb gegeven, maar dat doe ik niet hoor.
    Ik heb wel een dr.web-log, maar daar kan ik nu niet bij want de pc is nog aant opstarten na combofix. Ik kreeg weer een blauw scherm met kernel_data_inpage_error, zou iets te maken hebben met atapi.sys. PC uit gedrukt, weer aangezet, na 2 uur nog niet opgestart, weer uitgedrukt, aangezet en na 3 kwartier zou windows opstarten, re-bootte hij zichzelf, dus nu maar weer wachten. Ik houd je op de hoogte. Groet van Oscar

    PS, mijn zoon heeft ooit wallhack gebruikt voor Call of Duty. Niet zo'n goed idee?
    Mijn eigen pc is er 1 van 8 jaar oud, met Windows ME. Niet het meest stabiele besturingssysteem, maar ik ben er rustig mee, niente problemo.

  19. #19

    Technische vaardigheid
    5. Expert
    Firewall
    Berichten
    3.036
    Hallo,

    Zulk soort hacks kunnen (vaak) malware bevatten. Misschien dat het nu niet het geval is maar je kan ook gebanned worden waardoor je niet meer online kan spelen. Altijd oppassen met dit soort programma's.

    Het lijkt erop dat je met een Rootkitinfectie zit... ik krijg een heel groot vermoeden.

    Als je de computer kan opstarten probeer het volgende;

    Ga naar www.jotti.org en laat het volgende bestand scannen; C:\WINDOWS\system32\drivers\atapi.sys

    1. Download mbr.exe
    http://www2.gmer.net/mbr/mbr.exe

    en sla deze op je bureaublad op.
    Dubbelklik op mbr.exe om het programma te starten.
    Mocht er een waarschuwing komen van een beveiligingsprogramma, sta dan toe dat mbr.exe start.
    Er zal even een "DOS schermpje" te zien zijn dat vanzelf weer sluit.
    Daarna staat er een nieuw bestandje op het bureaublad: mbr.log
    Dit is het logbestand, post de inhoud van dat bestand in je volgende bericht.

    2. Ga naar http://www.gmer.net/#files en klik op "Download EXE"

    Pak de bestanden uit naar het bureaublad.

    Let op: Sluit alle openstaande programma's/vensters!

    Open GMER en klik op het Rootkit/Malware tabblad.
    Zorg dat alle vakjes aan de rechterkant zijn aangevinkt, behalve "Show all".

    Klik op Scan (1).

    Wanneer de scan klaar is, klik op Copy en plaats de resultaten in je volgende bericht.

    3. Download SystemLook.exe en plaats het bestand op het Bureaublad.
    Dubbelklik SystemLook.exe om het programma te starten.
    In het venster dat opent kopieer je onderstaande code:
    Code:
    :filefind
    atapi.*
    Klik op de knop "Look" om de scan te activeren.
    Als de scan klaar is opent een tekstbestand (SystemLook.txt).
    Post de inhoud van in dit bestand.

    Post alle logjes in je volgende antwoord.

    Succes!
    Laatst gewijzigd door Tjibbe; 30-11-11 om 17:24.

  20. #20

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    AVG
    Firewall
    Berichten
    54
    Hoi Tjibbe, de pc wil eigenlijk niet meer opstarten, ook niet in veilige modus. Hij bleef zichzelf rebooten.Op dit moment staat hij al ff stil op stap 2 van chkdsk (controleren van indexen) Bij stap 1 (controleren van bestanden) wat wel doorlopen is staan een 13-tal segmenten als onleesbaar.
    Ik denk dat ik het ff niet meer weet. Jij?
    Groet van Oscar

Pagina 1 van de 3 123 LaatsteLaatste

Forum Rechten

  • Je mag geen nieuwe onderwerpen plaatsen
  • Je mag geen reacties plaatsen
  • Je mag geen bijlagen toevoegen
  • Je mag jouw berichten niet wijzigen