Mededeling

Collapse
No announcement yet.

pc traag en een foutmelding van appcompat txt

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • pc traag en een foutmelding van appcompat txt

    Zou iemand mijn logje even na kunnen kijken pc start traag op en ik krijg zo af en toe een foutmelding appcompat txt ik heb al rondgeneusd op internet en heb een fix gedownload en opnieuwe IE7 moeten instaleren.
    Maar er is mijn verteld dat ik maar een logje hier moest neer zetten om hem te laten nakijken bij deze doe ik dat...
    Alvast bedankt!

    Marleen

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:18:54, on 10-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    E:\Photodex.Proshow producer 3.0\ScsiAccess.exe
    F:\alcohol 120%\Alcohol 120% 1.9.5.3823\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    F:\quickcam\AlbumDB2.exe
    F:\quickcam\FxSvr2.exe
    E:\hijackt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marleendejong.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.nl/s/v/23.21/uploader2.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{620139E6-7BE3-4E76-893B-816A3E6E6295}: NameServer = 192.168.2.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hexago Gateway6 Client (gw6c) - Unknown owner - C:\Program Files\NewsLeecher\Gateway6 Client\gw6c.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScsiAccess - Unknown owner - E:\Photodex.Proshow producer 3.0\ScsiAccess.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

    --
    End of file - 9052 bytes

  • #2
    Download Combofix naar je bureaublad

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.
    Groet,
    Pimmerd

    Comment


    • #3
      combofix log

      ComboFix 08-02.05.3 - Marleen de Jong 2008-02-10 21:01:29.1 - FAT32x86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.564 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Marleen de Jong.PRIVE-WDBBO2D1R\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\Fonts\acrsecB.fon
      C:\WINDOWS\Fonts\acrsecI.fon

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))
      .

      2008-02-10 20:52 . 2008-02-10 20:52 <DIR> d-------- C:\Program Files\msn live
      2008-02-10 16:27 . 2008-02-10 16:27 3,473 --a------ C:\WINDOWS\unins000.dat
      2008-02-06 00:01 . 2008-02-06 00:01 <DIR> d-------- C:\Program Files\Java
      2008-02-06 00:01 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-02-06 00:00 . 2008-02-06 00:00 <DIR> d-------- C:\Program Files\Common Files\Java
      2008-02-05 23:51 . 2008-02-05 23:51 <DIR> dr-h----- C:\Documents and Settings\Marleen de Jong.PRIVE-WDBBO2D1R\Onlangs geopend
      2008-02-02 16:23 . 2008-02-02 16:23 <DIR> d-------- C:\Local Publish
      2008-02-01 22:30 . 2008-02-01 22:30 <DIR> d-------- C:\Program Files\WYSIWYG Web Builder 5
      2008-01-31 21:37 . 2007-12-10 13:20 40,046 --a------ C:\WINDOWS\Pagelet.ico
      2008-01-31 21:36 . 2008-01-31 21:36 <DIR> d-------- C:\Program Files\Common Files\SourceTec
      2008-01-30 22:56 . 2006-01-27 00:56 938,272 --a------ C:\WINDOWS\system32\wodFtpDLX.OCX
      2008-01-30 21:45 . 2002-07-31 19:55 104 ---hs---- C:\WINDOWS\WSYS049.SYS
      2008-01-30 21:45 . 2001-09-05 12:28 41 ---h----- C:\WINDOWS\trfntw32.cfg
      2008-01-29 20:30 . 2008-01-29 20:30 <DIR> d-------- C:\Program Files\Microsoft Silverlight
      2008-01-29 20:20 . 2008-01-29 20:20 2,869,264 --a------ C:\Program Files\dotNetFx35setup.exe
      2008-01-29 07:58 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
      2008-01-29 07:31 . 2008-01-29 07:31 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
      2008-01-29 07:31 . 2008-01-29 07:56 30,590 --a------ C:\WINDOWS\system32\pavas.ico
      2008-01-29 07:31 . 2008-01-29 07:56 1,406 --a------ C:\WINDOWS\system32\Help.ico
      2008-01-28 23:55 . 2008-01-28 23:55 <DIR> d-------- C:\WINDOWS\BDOSCAN8
      2008-01-28 08:17 . 2008-01-28 08:17 <DIR> d-------- C:\WINDOWS\system32\QuickTime
      2008-01-27 19:51 . 2008-01-27 19:51 <DIR> d-------- C:\Documents and Settings\Marleen de Jong.PRIVE-WDBBO2D1R\Application Data\Thinstall
      2008-01-24 17:30 . 2008-01-24 17:30 <DIR> d-------- C:\Program Files\Virtual Earth 3D
      2008-01-22 15:25 . 2008-01-22 15:25 <DIR> d-------- C:\Documents and Settings\Marleen de Jong.PRIVE-WDBBO2D1R\Application Data\Jasc
      2008-01-21 23:26 . 2008-01-21 23:26 0 --a------ C:\WINDOWS\QuickInstall.INI
      2008-01-18 20:16 . 2006-08-23 11:24 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
      2008-01-16 13:28 . 2008-01-16 13:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-03 19:58 737,280 ----a-w C:\WINDOWS\iun6002.exe
      2008-01-29 19:19 23,510,720 ----a-w C:\Program Files\dotnetfx.exe
      2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
      2008-01-07 14:22 1,122,304 ---h--w C:\WINDOWS\system32\wodfamop.dll
      2008-01-02 01:12 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys
      2007-12-29 13:57 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
      2007-12-28 18:34 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
      2007-12-28 18:34 --------- d-----w C:\Documents and Settings\Marleen de Jong.PRIVE-WDBBO2D1R\Application Data\skypePM
      2007-12-28 18:21 --------- d-----w C:\Documents and Settings\Marleen de Jong.PRIVE-WDBBO2D1R\Application Data\Reallusion
      2007-12-14 18:09 --------- d-----w C:\Documents and Settings\Marleen de Jong.PRIVE-WDBBO2D1R\Application Data\FloodLightGames
      2007-12-14 18:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\FloodLightGames
      2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
      2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
      2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
      2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2007-11-24 13:24 30,437 ----a-w C:\WINDOWS\Fonts\frosty.zip
      2007-11-24 13:23 12,898 ----a-w C:\WINDOWS\Fonts\BradleyTTF.zip
      2007-11-24 13:22 30,275 ----a-w C:\WINDOWS\Fonts\AngloText.zip
      2007-11-24 13:22 27,509 ----a-w C:\WINDOWS\Fonts\teamspir.zip
      2007-11-24 13:21 74,136 ----a-w C:\WINDOWS\Fonts\krchristmascolorme.zip
      2007-11-24 13:20 61,382 ----a-w C:\WINDOWS\Fonts\ExtraOrnamentalNo2.zip
      2007-11-24 13:17 21,262 ----a-w C:\WINDOWS\Fonts\border_corners2.zip
      2007-11-24 13:15 45,815 ----a-w C:\WINDOWS\Fonts\waltograph42ttf.zip
      2007-11-24 13:15 26,796 ----a-w C:\WINDOWS\Fonts\LokiCola.zip
      2007-11-24 13:14 47,675 ----a-w C:\WINDOWS\Fonts\satan2000mg.zip
      2007-11-24 13:13 134,378 ----a-w C:\WINDOWS\Fonts\Carobtn_.zip
      2007-11-24 13:12 105,800 ----a-w C:\WINDOWS\Fonts\Beyond_Wonderland.zip
      2007-11-05 18:55 34,931 ----a-w C:\WINDOWS\Fonts\black_chancery.zip
      2007-11-05 18:54 20,279 ----a-w C:\WINDOWS\Fonts\youarewhatyoueat.zip
      2007-11-05 18:53 15,843 ----a-w C:\WINDOWS\Fonts\Fiddums_Family.zip
      2007-11-05 18:52 34,035 ----a-w C:\WINDOWS\Fonts\littlelo.zip
      2007-10-17 21:43 725,384 ----a-w C:\Program Files\WindowsXP-KB935448-x86-NLD.exe
      2007-07-08 08:45 2,585,872 ----a-w C:\Program Files\WindowsInstaller-KB893803-v2-x86.exe
      2007-05-29 22:29 390,235 ----a-w C:\Program Files\GoogleVideoUploaderInstaller.exe
      2005-09-23 23:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 12:03 579072]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 17:29 7700480]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 17:41 219136]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
      backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
      backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
      backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Google Updater.lnk]
      backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^HotSync Manager.lnk]
      backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
      backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^HP Photosmart Premier Snelstart.lnk]
      backup=C:\WINDOWS\pss\HP Photosmart Premier Snelstart.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
      backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
      backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^PCzapper Media Manager.lnk]
      backup=C:\WINDOWS\pss\PCzapper Media Manager.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Pinnacle Scheduler.lnk]
      backup=C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]
      backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Marleen de Jong.PRIVE-WDBBO2D1R^Menu Start^Programma's^Opstarten^palmOne Registration.lnk]
      backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^Marleen de Jong.PRIVE-WDBBO2D1R^Menu Start^Programma's^Opstarten^Registration-PCTV.lnk]
      backup=C:\WINDOWS\pss\Registration-PCTV.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
      --a------ 2005-09-06 11:10 450560 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
      --a------ 2004-08-04 01:03 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
      --a------ 2005-12-10 16:57 133016 E:\daemontools 403x86\DAEMON Tools\daemon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
      --a------ 2005-02-08 06:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
      --a------ 2007-08-15 22:45 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
      --a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
      --a------ 2005-09-24 00:08 49152 F:\HP foto toestel\HP Software Update\HPWuSchd2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyvesKwekker]
      --a------ 2007-04-06 11:12 1588736 E:\kwekker\Hyves Kwekker\HyvesDesktop_2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
      --a------ 2006-05-16 11:58 213936 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
      --a------ 2006-05-16 11:58 213936 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
      --a------ 2006-05-16 11:58 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
      --a------ 2003-12-16 21:37 188416 F:\quickcam\ISStart.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
      --a------ 2003-12-16 21:39 77824 F:\quickcam\LogiTray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lycosInside]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
      --a------ 2007-11-20 19:37 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      --a------ 2006-11-17 17:29 7700480 C:\WINDOWS\system32\NvCpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      --a------ 2006-11-17 17:29 86016 C:\WINDOWS\system32\NvMcTray.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2006-11-17 17:29 1622016 C:\WINDOWS\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamCleaner]
      --a------ 2007-10-13 17:26 71680 E:\RamCleaner.6.0\RamCleaner\ramcore.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RssReader]
      --a------ 2007-08-07 21:38 1448448 C:\Documents and Settings\Marleen de Jong.PRIVE-WDBBO2D1R\Application Data\Qlikworld\RSSReader\RSSReader.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
      --a------ 2006-12-08 04:28 1253376 C:\Program Files\Windows Sidebar\sidebar.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
      --a------ 2007-06-06 19:22 4067792 E:\Auslogics Disk Defrag\IObit SmartDefrag Beta 3\IObit SmartDefrag\IObit SmartDefrag.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
      --a------ 2004-11-15 12:20 77824 C:\WINDOWS\soundman.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
      --a------ 2006-02-05 21:00 195584 F:\FTD POST TWEAK XP\uitgegepakt\TopDesk\topdesk.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
      --a------ 2006-09-07 19:19 15872 E:\unlocker\UnlockerAssistant.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]
      --a------ 2007-07-04 04:51 1023624 F:\XP repair 2007\XPRepairPro.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

      R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]
      R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-09-14 20:47]
      R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:03]
      S2 gw6c;Hexago Gateway6 Client;C:\Program Files\NewsLeecher\Gateway6 Client\gw6c.exe
      S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys
      S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
      S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12]
      S3 HexTunnelDevice;Hexago Multi-Virtual Tunnel Adapter;C:\WINDOWS\system32\DRIVERS\hextun.sys [2007-06-29 16:43]
      S3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 19:52]
      S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp


      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
      "C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
      "C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
      regsvr32 /s C:\VAIO\.\vshellext.dll
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-10 19:58:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
      - C:\Program Files\Windows Defender\MpCmdRun.exe
      "2008-02-07 06:10:56 C:\WINDOWS\Tasks\SmartDefrag.job"
      - E:\Auslogics Disk Defrag\IObit SmartDefrag Beta 3\IObit SmartDefrag\schedule.exe\
      "2008-02-10 19:01:30 C:\WINDOWS\Tasks\Easy Onderhoud.job"
      - E:\TuneUp Utilities\2007\Tuneup2007NL\SystemOptimizer.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-10 21:04:07
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-02-10 21:04:31
      ComboFix-quarantined-files.txt 2008-02-10 20:04:30
      ComboFix2.txt 2008-02-10 19:47:14
      --------------------------------------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:05:46, on 10-2-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      E:\Photodex.Proshow producer 3.0\ScsiAccess.exe
      F:\alcohol 120%\Alcohol 120% 1.9.5.3823\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\explorer.exe
      F:\quickcam\AlbumDB2.exe
      F:\quickcam\FxSvr2.exe
      E:\hijackt\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marleendejong.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: (no name) - - (no file)
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
      O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.nl/s/v/23.21/uploader2.cab
      O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{620139E6-7BE3-4E76-893B-816A3E6E6295}: NameServer = 192.168.2.1
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Hexago Gateway6 Client (gw6c) - Unknown owner - C:\Program Files\NewsLeecher\Gateway6 Client\gw6c.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: ScsiAccess - Unknown owner - E:\Photodex.Proshow producer 3.0\ScsiAccess.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

      --
      End of file - 9026 bytes

      Comment


      • #4
        Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

        R3 - URLSearchHook: (no name) - - (no file)
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

        Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

        Download ATF Cleaner (by Atribune)

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Hoe is het inmiddels met je problemen?
        Groet,
        Pimmerd

        Comment


        • #5
          nou gaat redelijk na die combofix spring steeds mij internet eruit...weet niet of het met het prog. te maken heeft...maar hij is wel sneller nu

          Comment


          • #6
            Deinstalleer Combofix:
            Ga naar start --> uitvoeren en typ daar: combofix /u
            Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

            De Java software op je computer is verouderd.
            Oudere versies hebben lekken die malware de kans geeft om zich te installeren.
            Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren:
            Download Java Runtime Environment (JRE) 6u4.
            • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
            • Klik op de "Download" knop aan de rechterkant.
            • In het uitklapmenu rechts naast Platform, selecteer Windows
            • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
            • De pagina zal herladen.
            • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
            • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
            • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
            • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
            • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
            • Herhaal dit tot alle oudere versies verdwenen zijn.
            • Na het verwijderen van alle oudere versies, herstart je pc.
            • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


            Post als laatste nog een Hijackthis logfile ter controle.
            Problemen nu helemaal over?
            Groet,
            Pimmerd

            Comment


            • #7
              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 8:23:27, on 11-2-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Windows Defender\MsMpEng.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Windows Defender\MSASCui.exe
              C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
              C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              C:\WINDOWS\system32\nvsvc32.exe
              E:\Photodex.Proshow producer 3.0\ScsiAccess.exe
              F:\alcohol 120%\Alcohol 120% 1.9.5.3823\Alcohol 120\StarWind\StarWindService.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\SearchIndexer.exe
              E:\hijackt\HijackThis.exe
              C:\WINDOWS\system32\wuauclt.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marleendejong.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
              O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
              O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
              O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
              O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
              O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
              O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
              O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
              O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
              O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
              O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
              O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
              O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
              O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.nl/s/v/23.21/uploader2.cab
              O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
              O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
              O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
              O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
              O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{620139E6-7BE3-4E76-893B-816A3E6E6295}: NameServer = 192.168.2.1
              O17 - HKLM\System\CCS\Services\Tcpip\..\{EA2EE658-8E21-4B5E-9411-21674841C519}: NameServer = 192.168.2.1
              O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
              O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
              O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: Hexago Gateway6 Client (gw6c) - Unknown owner - C:\Program Files\NewsLeecher\Gateway6 Client\gw6c.exe (file missing)
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: ScsiAccess - Unknown owner - E:\Photodex.Proshow producer 3.0\ScsiAccess.exe
              O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

              --
              End of file - 8875 bytes

              Heb nog geen uitval van internet gehad maar comfix kon ik niet meer vinden in software...beetje vreemd.

              Comment


              • #8
                Heb nog geen uitval van internet gehad maar comfix kon ik niet meer vinden in software...beetje vreemd.
                Dat klopt, Combofix /u is het verwijder command voor Combofix.
                Problemen opgelost nu dus?
                Groet,
                Pimmerd

                Comment


                • #9
                  yep ik denk het wel bedankt voor het bekijken en helpen van mijn logje

                  marleen

                  Comment


                  • #10
                    Graag gedaan Marleen

                    Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
                    Jawwi.nl is een startpagina. Wij bieden een overzicht van alle handige links, en dat op 1 startpagina.
                    Groet,
                    Pimmerd

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X