Mededeling

Collapse
No announcement yet.

pc doet raar

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • pc doet raar

    Hallo helper.

    Sinds een tijdje wil msn niet meer werken, ik kan me niet meer aanmelden... ik denk dat het te maken heeft met malware op de pc. Ook loopt alles vrij langzaam zou je er misschien even naar willen kijken ?

    Hieronder mijn log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:28:56, on 1-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\UPC SmartGuard\Anti-Virus\fsgk32st.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\UPC SmartGuard\Common\FSMA32.EXE
    C:\Program Files\UPC\bin\sprtcmd.exe
    C:\Program Files\UPC SmartGuard\Anti-Virus\FSGK32.EXE
    C:\Program Files\UPC SmartGuard\Common\FSM32.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\UPC SmartGuard\Common\FSMB32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\UPC SmartGuard\Common\FCH32.EXE
    C:\Program Files\UPC SmartGuard\Common\FAMEH32.EXE
    C:\Program Files\UPC SmartGuard\Anti-Virus\fsqh.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\UPC SmartGuard\FSPC\fspc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\UPC SmartGuard\FSGUI\fsguidll.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\Program Files\UPC SmartGuard\Anti-Virus\fssm32.exe
    C:\Program Files\UPC SmartGuard\FSAUA\program\fsaua.exe
    C:\Program Files\UPC SmartGuard\FWES\Program\fsdfwd.exe
    C:\Program Files\UPC SmartGuard\FSAUA\program\fsus.exe
    C:\Program Files\UPC SmartGuard\Anti-Virus\fsav32.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Carel\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.arnhem.chello.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F3 - REG:win.ini: load=
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Bit Comet\BitComet\tools\BitCometBHO_1.1.11.30.dll
    O2 - BHO: (no name) - {6F95F33A-A81B-4BD4-87EE-5094AE2AE9D0} - (no file)
    O2 - BHO: (no name) - {708AAA89-DC5F-467B-90E9-9C02C1428512} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [UPC] "C:\Program Files\UPC\bin\sprtcmd.exe" /P UPC
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\UPC SmartGuard\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\UPC SmartGuard\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Bit Comet\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Bit Comet\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Bit Comet\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\UPC SmartGuard\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\UPC SmartGuard\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\UPC SmartGuard\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\Bit Comet\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
    O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll (file missing)
    O20 - Winlogon Notify: ssqnkij - ssqnkij.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\UPC SmartGuard\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\UPC SmartGuard\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\UPC SmartGuard\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\UPC SmartGuard\Common\FSMA32.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O24 - Desktop Component 0: (no name) - http://www.golya.nl/template/golya/no_rightbar/images/header_right3.gif

    --
    End of file - 7779 bytes

  • #2
    Hai,


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {6F95F33A-A81B-4BD4-87EE-5094AE2AE9D0} - (no file)
    O2 - BHO: (no name) - {708AAA89-DC5F-467B-90E9-9C02C1428512} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
    O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll (file missing)
    O20 - Winlogon Notify: ssqnkij - ssqnkij.dll (file missing)

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

    Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
    Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Hallo Juisterr

      Ik hoopte dat iemand zou snel zou reageren op mijn post zodat ik in de 2 dagen die ik nog bij de computer van vrienden was de boel kon fixen en een nieuw logje kon plaatsen.

      Ik heb gezeg hoe mijn vrienden van wie de pc is de boel konden fixen maar ik zal binnenkort zelf even een nieuw logje plaatsen en combofix runnen, wat ik niet aandrufde om door hun zelf te laten doen.

      Tot binnenkort,
      Groeten, tieme

      Comment


      • #4
        Ik hoor het wel.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Hallo

          Ik heb combofix gebruikt hieronder de log ervan:

          ComboFix 08-03-23.2 - Administrator 2008-03-23 19:30:16.1 - FAT32x86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.376 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
          .

          ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
          C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
          C:\WINDOWS\system32\Cache
          C:\WINDOWS\system32\mcrh.tmp

          ----- BITS: Possible infected sites -----

          hxxp://pcrtprddnanl01.upc.nl
          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          -------\Legacy_IPRIP
          -------\Service_Iprip


          ((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
          .

          2008-03-21 21:54 . 2008-03-21 21:54 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
          2008-03-17 23:13 . 2008-03-17 23:13 <DIR> d-------- C:\Program Files\Easy Computing
          2008-03-02 19:51 . 2008-03-22 21:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
          2008-03-02 19:51 . 2008-03-02 19:52 1,409 --a------ C:\WINDOWS\QTFont.for
          2008-03-01 21:59 . 2008-03-01 21:59 0 --a------ C:\WINDOWS\nsreg.dat
          2008-03-01 14:17 . 2008-03-01 14:17 244 --ah----- C:\sqmnoopt19.sqm
          2008-03-01 14:17 . 2008-03-01 14:17 232 --ah----- C:\sqmdata19.sqm
          2008-03-01 13:24 . 2008-03-01 13:24 256 --ah----- C:\sqmdata18.sqm
          2008-03-01 13:24 . 2008-03-01 13:24 244 --ah----- C:\sqmnoopt18.sqm

          .
          (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-03-17 10:38 51,072 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
          2008-03-17 10:38 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
          2008-02-19 22:15 --------- d-----w C:\Program Files\Avira
          2008-02-19 22:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
          2008-02-19 19:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GlarySoft
          2008-02-19 19:48 --------- d-----w C:\Program Files\Registry Repair
          2008-02-19 15:38 --------- d-----w C:\Program Files\FreshDevices
          2008-02-18 23:01 23,112 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
          2008-02-13 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
          2008-02-11 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
          2008-02-11 19:43 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
          2007-02-19 08:42 80 --sh--r C:\WINDOWS\system32\2B1057E88D.dll
          2007-07-03 21:09 962,354 --sh--w C:\WINDOWS\system32\svvwa.bak1
          2007-07-04 15:53 942,471 --sh--w C:\WINDOWS\system32\svvwa.bak2
          2007-07-25 23:25 731,901 --sh--w C:\WINDOWS\system32\nmllm.bak1
          2007-07-05 13:30 960,244 --sh--w C:\WINDOWS\system32\svvwa.ini2
          2007-07-27 12:26 732,031 --sh--w C:\WINDOWS\system32\nmllm.bak2
          2007-07-27 18:36 718,228 --sh--w C:\WINDOWS\system32\nmllm.ini2
          .

          ------- Sigcheck -------

          2004-08-04 01:03 14336 ab8c6d89a897bacba4657fdf00e344a6 C:\WINDOWS\system32\svchost.exe
          2001-09-07 12:00 12800 133733e07ef4fda582bc56f3b281e0bc C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
          2004-08-04 01:03 14336 ab8c6d89a897bacba4657fdf00e344a6 C:\WINDOWS\ServicePackFiles\i386\svchost.exe

          2007-03-08 17:39 579072 cb18f701a5d55a6308fab8d18322c060 C:\WINDOWS\system32\user32.dll
          2007-03-08 17:39 579072 cb18f701a5d55a6308fab8d18322c060 C:\WINDOWS\system32\dllcache\user32.dll
          2001-09-07 12:00 562688 67641e3974a5ca6247c3dfc498bc9d1b C:\WINDOWS\$NtServicePackUninstall$\user32.dll
          2004-08-04 01:03 578560 8e5d344fd717d35ee7ed1c8e0ad0cbe6 C:\WINDOWS\ServicePackFiles\i386\user32.dll
          2005-03-02 20:19 578560 a9f2ebfc6ef9c1fb38cedcf747162b6c C:\WINDOWS\$NtUninstallKB925902$\user32.dll
          2005-03-02 20:21 578560 0b62745ce93e8c6f56547f70269dbabc C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
          2007-03-08 17:51 579584 fa35431e333943f4b2a6d33fa4ee3ce9 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
          2004-08-04 01:03 578560 8e5d344fd717d35ee7ed1c8e0ad0cbe6 C:\WINDOWS\$NtUninstallKB890859$\user32.dll

          2004-08-04 01:03 82944 06ebcbe58321e924980148b7e3dbd753 C:\WINDOWS\system32\ws2_32.dll
          2001-09-07 12:00 75264 3ea6edc08bb3f373839060ea8b40ce72 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
          2004-08-04 01:03 82944 06ebcbe58321e924980148b7e3dbd753 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll

          2007-04-18 14:33 662016 6b755e9d272af1daa6fa618329d2ab18 C:\WINDOWS\system32\wininet.dll
          2007-04-18 14:33 662016 6b755e9d272af1daa6fa618329d2ab18 C:\WINDOWS\system32\dllcache\wininet.dll
          2006-06-23 13:17 662016 91a1532762382c31da0103946b4a20d3 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
          2001-09-07 12:00 596992 f99220a43c95e191cef098069143556e C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
          2004-08-04 01:03 659456 6c7e1322898378c30bcd9f779a2621ee C:\WINDOWS\ServicePackFiles\i386\wininet.dll
          2006-10-23 16:19 662016 e30ad3b3927b33d894486efaccd48014 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
          2006-09-14 09:40 662016 75c38dd0613b2f170f8f6b2dcbdd6343 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
          2007-01-04 14:57 662016 366ec67e75f81d891adfcc9941f1de45 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
          2007-02-19 17:05 662016 55be69a43120fda4cfb7c0c1f305db1a C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
          2006-06-23 13:27 667648 0960fa973421ff4630d024843341509e C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
          2006-09-14 09:37 667648 0d3a915a798cd9568abdbbe55489dd51 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
          2006-03-04 05:01 666624 b81cf479b43ed1ca2df12c878b596b2e C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
          2006-10-23 16:36 667648 7693ccdd13b082985ca0ac2862cbcaf7 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
          2007-01-04 15:05 668160 243988bb76262d72a48e8312bf8a0231 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
          2007-02-19 17:23 668672 48e1c53ba8c6267bb97925ef729bde90 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
          2007-04-18 14:46 668672 b2219d7af938de9372eb159c68ff83b5 C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
          2004-08-04 01:03 659456 6c7e1322898378c30bcd9f779a2621ee C:\WINDOWS\$NtUninstallKB918899$\wininet.dll

          2007-11-13 22:19 359808 388520f998df810a7db90af05d1229a4 C:\WINDOWS\system32\drivers\tcpip.sys
          2007-11-13 22:19 359808 388520f998df810a7db90af05d1229a4 C:\WINDOWS\system32\dllcache\tcpip.sys
          2001-09-07 12:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
          2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
          2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
          2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

          2004-08-04 01:03 504832 732ed791711df9c9dd15e5515bc681b8 C:\WINDOWS\system32\winlogon.exe
          2001-09-07 12:00 432640 97bd8031d69c148d396d6d34f57b06f7 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
          2004-08-04 01:03 504832 732ed791711df9c9dd15e5515bc681b8 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

          2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
          2001-09-07 12:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
          2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys

          2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
          2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys

          2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\system32\ntkrnlpa.exe
          2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
          2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
          2001-09-07 12:00 1901056 4a50338a962a84e1bb692090c704c32d C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
          2005-03-02 20:09 2061184 c6cf1974acdb8329daf9d001c0937cb0 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
          2004-08-04 00:58 2061184 e0399688d466b7c3afdffb5a2ed9f351 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
          2006-12-19 19:25 2061952 6d080ddc482e83a69c9a862c247fa50d C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
          2005-03-02 20:14 2061312 c26d84b802567e629d42861a11c7ec04 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
          2006-12-19 19:47 2063744 4bf54c0431a9bb0bce6c821cd4018f7d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
          2007-02-28 18:09 2063744 f51b8d8b0703518349096604e788b83e C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
          2004-08-04 00:58 2061184 e0399688d466b7c3afdffb5a2ed9f351 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe

          2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\ntoskrnl.exe
          2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
          2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
          2001-09-07 12:00 1986560 c97bd142ee63e0bc97ddc1f61cdd1b86 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
          2005-03-02 20:09 2183680 281a1e82f5f8fc0b2f4b57ef296a4240 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
          2004-08-04 00:58 2185344 87aaea3908e069fb1be37380c895dfb8 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
          2006-12-19 19:25 2184704 f609063bae4d058a4019c4d99a1fd8dd C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
          2005-03-02 20:15 2183936 5db3e8dec987b5d350e4a105dceaee6a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
          2006-12-19 19:47 2186368 4cb6c3b16587971c56aaa8a9b0511bc7 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
          2007-02-28 18:09 2186496 59dca97dc201792c1ccf9fe621ee5ed7 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
          2004-08-04 00:58 2185344 87aaea3908e069fb1be37380c895dfb8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

          2004-08-04 01:03 1035776 a1d7304a87fc3093150f5e3cc7b0f338 C:\WINDOWS\explorer.exe
          2001-09-07 12:00 1004544 5cb9a44a47fd7260348cddfb36a7dd14 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
          2004-08-04 01:03 1035776 a1d7304a87fc3093150f5e3cc7b0f338 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
          .
          ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-01-13 15:07 155648]
          "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-01-13 14:53 114688]
          "UPC"="C:\Program Files\UPC\bin\sprtcmd.exe" [2005-08-16 07:12 192512]
          "F-Secure Manager"="C:\Program Files\UPC SmartGuard\Common\FSM32.exe" [2007-04-26 19:12 183208]
          "F-Secure TNB"="C:\Program Files\UPC SmartGuard\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
          "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-19 23:16 249896]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
          Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

          [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^Scheduler.lnk]
          backup=C:\WINDOWS\pss\Scheduler.lnkStartup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
          backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
          backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare software.lnk]
          backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
          --a------ 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
          --a------ 2007-05-16 09:27 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
          G:\Programma's\RAM zuivering\FreeRAM XP Pro 1.40.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
          --a------ 2005-01-12 14:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
          --a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
          --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
          --a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "C:\\WINDOWS\\System32\\mqsvc.exe"=
          "%windir%\\system32\\sessmgr.exe"=
          "E:\\BitComet\\BitComet.exe"=
          "C:\\Program Files\\Bit Comet\\BitComet\\BitComet.exe"=
          "C:\\WINDOWS\\System32\\mshta.exe"=
          "C:\\Program Files\\LimeWire\\LimeWire.exe"=
          "C:\\Program Files\\SiSoftware Sandra 2002 Standard\\sandra.exe"=
          "C:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
          "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
          "C:\\Program Files\\MSN Messenger\\msnmgr.exe"=
          "C:\\Program Files\\FrostWire\\FrostWire.exe"=
          "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
          "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
          "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
          "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
          "C:\\Program Files\\MSN Messenger\\livecall.exe"=

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
          "13268:TCP"= 13268:TCP:BitComet 13268 TCP
          "13268:UDP"= 13268:UDP:BitComet 13268 UDP
          "17971:TCP"= 17971:TCP:BitComet 17971 TCP
          "17971:UDP"= 17971:UDP:BitComet 17971 UDP

          R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-17 11:38]
          R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\UPC SmartGuard\HIPS\fshs.sys [2008-02-13 20:32]
          R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2002-08-07 05:34]
          R2 NetAlrt;NetAlrt;C:\WINDOWS\System32\drivers\NetAlrt.sys [2002-05-07 16:05]
          R2 PlatAlrt;PlatAlrt;C:\WINDOWS\System32\drivers\PlatAlrt.sys [2002-05-07 16:06]
          R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-04 01:03]
          R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\UPC SmartGuard\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
          S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys
          S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-10-10 04:18]
          S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 04:18]
          S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\UPC SmartGuard\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
          S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\UPC SmartGuard\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]

          .
          Contents of the 'Scheduled Tasks' folder
          "2008-02-20 02:30:02 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
          - C:\Program Files\RegClean\RegClean.ex
          - C:\Program Files\RegClean
          "2008-01-24 02:00:02 C:\WINDOWS\Tasks\RegCure.job"
          - C:\Program Files\RegCure\RegCure.exe
          "2008-03-23 18:34:40 C:\WINDOWS\Tasks\RegCure Program Check.job"
          - C:\Program Files\RegCure\RegCure.exe
          "2008-02-01 07:52:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-02-19 23:14:10 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
          - C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registr ation_7.5.30.2.sxt [email protected]
          "2008-03-23 00:03:40 C:\WINDOWS\Tasks\Scheduled scanning task.job"
          - C:\PROGRA~1\UPCSMA~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\UPCSMA~1\ANTI-V~1\report.txt
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-03-23 19:38:19
          Windows 5.1.2600 Service Pack 2 FAT NTAPI

          scanning hidden processes ...

          scanning hidden autostart entries ...

          scanning hidden files ...

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
          C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
          C:\Program Files\UPC SmartGuard\Anti-Virus\fsgk32st.exe
          C:\Program Files\UPC SmartGuard\Common\FSMA32.EXE
          C:\Program Files\UPC SmartGuard\Anti-Virus\FSGK32.EXE
          C:\Program Files\UPC SmartGuard\Common\FSMB32.EXE
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\System32\msdtc.exe
          C:\Program Files\UPC SmartGuard\Common\FCH32.EXE
          C:\WINDOWS\system32\HPZipm12.exe
          C:\WINDOWS\System32\tcpsvcs.exe
          C:\WINDOWS\System32\snmp.exe
          C:\Program Files\UPC SmartGuard\Common\FAMEH32.EXE
          C:\Program Files\UPC SmartGuard\Anti-Virus\fsqh.exe
          C:\Program Files\UPC SmartGuard\FSPC\fspc.exe
          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          C:\WINDOWS\System32\mqsvc.exe
          C:\WINDOWS\System32\mqtgsvc.exe
          C:\Program Files\UPC SmartGuard\FSAUA\program\fsaua.exe
          C:\Program Files\UPC SmartGuard\Anti-Virus\fssm32.exe
          C:\Program Files\UPC SmartGuard\FWES\Program\fsdfwd.exe
          C:\Program Files\UPC SmartGuard\FSAUA\program\fsus.exe
          C:\Program Files\UPC SmartGuard\Anti-Virus\fsav32.exe
          C:\Program Files\UPC SmartGuard\FSGUI\fsguidll.exe
          .
          **************************************************************************
          .
          Completion time: 2008-03-23 19:43:40 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-03-23 18:43:18
          .
          2007-07-10 18:45:01 --- E O F ---

          En dit is mijn Hijackthislogje!

          Logfile of Trend Micro HijackThis v2.0.0 (BETA)
          Scan saved at 19:54:36, on 23-3-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
          C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
          C:\Program Files\UPC SmartGuard\Anti-Virus\fsgk32st.exe
          C:\Program Files\UPC SmartGuard\Common\FSMA32.EXE
          C:\Program Files\UPC SmartGuard\Anti-Virus\FSGK32.EXE
          C:\WINDOWS\System32\inetsrv\inetinfo.exe
          C:\Program Files\UPC SmartGuard\Common\FSMB32.EXE
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\Program Files\UPC SmartGuard\Common\FCH32.EXE
          C:\WINDOWS\system32\HPZipm12.exe
          C:\WINDOWS\System32\tcpsvcs.exe
          C:\WINDOWS\System32\snmp.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\UPC SmartGuard\Common\FAMEH32.EXE
          C:\Program Files\UPC SmartGuard\Anti-Virus\fsqh.exe
          C:\Program Files\UPC SmartGuard\FSPC\fspc.exe
          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          C:\Program Files\Intel\ASF Agent\ASFAgent.exe
          C:\WINDOWS\System32\mqsvc.exe
          C:\WINDOWS\System32\mqtgsvc.exe
          C:\Program Files\UPC SmartGuard\FSAUA\program\fsaua.exe
          C:\Program Files\UPC SmartGuard\Anti-Virus\fssm32.exe
          C:\Program Files\UPC SmartGuard\FWES\Program\fsdfwd.exe
          C:\Program Files\UPC SmartGuard\FSAUA\program\fsus.exe
          C:\Program Files\UPC SmartGuard\Anti-Virus\fsav32.exe
          C:\WINDOWS\System32\hkcmd.exe
          C:\Program Files\UPC\bin\sprtcmd.exe
          C:\Program Files\UPC SmartGuard\Common\FSM32.EXE
          C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\UPC SmartGuard\FSGUI\fsguidll.exe
          C:\WINDOWS\explorer.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Documents and Settings\Administrator\Bureaublad\HiJackThis_v2.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.arnhem.chello.nl:8080
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
          O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
          O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Bit Comet\BitComet\tools\BitCometBHO_1.1.11.30.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
          O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
          O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
          O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
          O4 - HKLM\..\Run: [UPC] "C:\Program Files\UPC\bin\sprtcmd.exe" /P UPC
          O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\UPC SmartGuard\Common\FSM32.EXE" /splash
          O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\UPC SmartGuard\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
          O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Bit Comet\BitComet\BitComet.exe/AddLink.htm
          O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Bit Comet\BitComet\BitComet.exe/AddVideo.htm
          O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Bit Comet\BitComet\BitComet.exe/AddAllLink.htm
          O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\UPC SmartGuard\FSPC\fspcmsie.dll
          O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\UPC SmartGuard\FSPC\fspcmsie.dll
          O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\UPC SmartGuard\FSPC\fspcmsie.dll
          O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
          O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\Bit Comet\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
          O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorie├źn - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
          O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
          O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
          O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\UPC SmartGuard\Anti-Virus\fsgk32st.exe
          O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\UPC SmartGuard\FSAUA\program\fsaua.exe
          O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\UPC SmartGuard\FWES\Program\fsdfwd.exe
          O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\UPC SmartGuard\Common\FSMA32.EXE
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          O24 - Desktop Component 0: (no name) - http://www.golya.nl/template/golya/no_rightbar/images/header_right3.gif

          --
          End of file - 7763 bytes


          Enorm bedankt alvast! Het zal misschien even duren voordat ik weer reageer maar ik kan niet altijd bij deze computer.

          Vriendelijke groet,

          Tieme

          Comment


          • #6
            Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

            • File::
              C:\WINDOWS\system32\svvwa.bak1
              C:\WINDOWS\system32\svvwa.bak2
              C:\WINDOWS\system32\nmllm.bak1
              C:\WINDOWS\system32\svvwa.ini2
              C:\WINDOWS\system32\nmllm.bak2
              C:\WINDOWS\system32\nmllm.ini2




            Sla dit op op je Bureaublad als CFScript.txt.

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.

            Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
            Ook weer een Hijackthis logje aub.

            Windows 10 opstarten in Veilige Modus

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X