Mededeling

Collapse
No announcement yet.

Zeer traag opstarten

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Zeer traag opstarten

    Het duurt 5 minuten voordat IE opstart. Je moet dikwijls 2 maal klikken voordat de computer reageert. Mijn zoon heeft 2 startsites opstaan als internet start nl:tribalwar.nl en kapi regnum.Is dit wel handig en veilig?

    Wil je nazien welke site er best verwijdert worden.

    Vriendelijke groeten

    Cramba

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:06, on 2008-03-14
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Comodo\Firewall\cfp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wbsecsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tribalwars.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Search - ?p=ZR
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kittenandkatsloverboy.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143284348140
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Belgium Identity Card Service (BELGIUM_ID_CARD_SERVICE) - Unknown owner - C:\WINDOWS\system32\Belpic PCSC Service.exe (file missing)
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe

    --
    End of file - 9349 bytes

  • #2
    Hallo,

    Mijn zoon heeft 2 startsites opstaan als internet start nl:tribalwar.nl en kapi regnum.
    Lijkt me eigen keus.
    Leeg je Temp-mappen (Let op : de mappen leegmaken, niet verwijderen !!):


    Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties...
    Controleer onder Weergave de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    C:\Windows\Temp
    C:\Documents and Settings\<user>\Local Settings\Temp
    C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files
    C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\content.ie5
    <user> staat hier voor je profielnaam !!
    Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er \content.ie5 achter in de adresbalk en klik enter.

    Maak je prullenbak leeg.



    Download Java Runtime Environment (JRE) 6u5.
    • Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 5".
    • Klik op de "Download" knop aan de rechterkant.
    • Vink aan: "Accept License Agreement", en klik op Continue.
    • De pagina zal herladen.
    • Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 5 en bewaar het op je Bureaublad.
    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
    • Herhaal dit tot alle oudere versies verdwenen zijn.
    • Na het verwijderen van alle oudere versies, herstart je pc.
    • Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.



    Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

    Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
    Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    succes

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      de logresultaten van combo en hijack

      ComboFix 08-03-21.2 - mathias 2008-03-22 11:55:58.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.115 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\mathias\Bureaublad\ComboFix.exe
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      D:\Autorun.inf

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))
      .

      2008-03-20 17:57 . 2008-03-20 18:03 <DIR> d-------- C:\Program Files\Windows Live
      2008-03-20 17:57 . 2008-03-20 17:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-03-20 17:56 . 2008-03-20 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-03-19 15:27 . 2008-03-19 15:27 <DIR> d-------- C:\Program Files\Core Design
      2008-03-15 12:10 . 2008-03-15 12:10 754 --a------ C:\WINDOWS\WORDPAD.INI
      2008-03-15 11:51 . 2008-03-15 11:53 <DIR> d-------- C:\Program Files\CrossLoop
      2008-03-14 18:57 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-03-14 18:55 . 2008-03-14 18:57 <DIR> d-------- C:\Program Files\Java
      2008-03-14 18:55 . 2008-03-14 18:55 <DIR> d-------- C:\Program Files\Common Files\Java
      2008-03-14 17:05 . 2008-03-14 17:05 <DIR> d-------- C:\Program Files\Trend Micro
      2008-03-14 17:01 . 2008-03-14 17:01 <DIR> d-------- C:\hijack
      2008-03-14 16:36 . 2008-03-22 10:44 <DIR> dr-h----- C:\Documents and Settings\mathias\Onlangs geopend
      2008-03-14 16:08 . 2008-03-14 16:08 <DIR> d-------- C:\Program Files\CCleaner
      2008-03-14 09:51 . 2008-03-14 09:51 <DIR> d--h----- C:\WINDOWS\PIF
      2008-03-03 21:07 . 2008-03-03 21:11 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
      2008-03-03 21:02 . 2008-03-03 21:02 <DIR> d-------- C:\Documents and Settings\mathias\Application Data\DAEMON Tools
      2008-03-03 21:02 . 2008-03-03 21:02 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
      2008-02-23 13:24 . 2008-02-23 13:24 <DIR> d-------- C:\Documents and Settings\mathias\Application Data\Ahead

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-21 17:27 5,024 ----a-w C:\Documents and Settings\mathias\Application Data\wklnhst.dat
      2008-03-20 17:28 --------- d-----w C:\Program Files\MSN Messenger
      2008-03-15 11:10 --------- d-----w C:\Program Files\EA GAMES
      2008-03-14 16:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-03-14 16:23 --------- d-----w C:\Program Files\SpywareBlaster
      2008-03-14 15:44 --------- d-----w C:\Program Files\PestPatrol
      2008-03-14 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-14 09:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-14 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
      2008-03-04 17:52 --------- d-----w C:\Program Files\Yahoo!
      2008-02-27 16:46 --------- d-----w C:\Program Files\QuickTime
      2008-02-23 12:09 --------- d-----w C:\Documents and Settings\mathias\Application Data\LimeWirePlus
      2008-02-09 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-02-09 16:48 691,545 ----a-w C:\WINDOWS\unins000.exe
      2008-01-29 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2007-02-10 09:55 32 ----a-r C:\Documents and Settings\All Users\hash.dat
      2004-06-08 15:16 61,440 ----a-w C:\Program Files\CamRes2.dll
      2004-06-08 13:01 53,248 ----a-w C:\Program Files\MClick2.dll
      2004-05-05 11:57 2,018 ----a-w C:\Program Files\readme.txt
      2004-04-22 10:38 3,274 ----a-w C:\Program Files\agreement.txt
      2003-01-07 12:42 53 ----a-w C:\Program Files\HomePage.url
      1999-06-24 10:49 587 ----a-w C:\Program Files\8-44100d.wav
      1999-06-24 10:49 421 ----a-w C:\Program Files\8-44100u.wav
      1999-06-24 10:47 317 ----a-w C:\Program Files\8-22050d.wav
      1999-06-24 10:47 225 ----a-w C:\Program Files\8-22050u.wav
      1999-06-24 10:46 183 ----a-w C:\Program Files\8-11025d.wav
      1999-06-24 10:46 135 ----a-w C:\Program Files\8-11025u.wav
      1999-06-24 10:44 127 ----a-w C:\Program Files\8-8000u.wav
      1999-06-24 10:43 151 ----a-w C:\Program Files\8-8000d.wav
      1999-06-24 10:41 220 ----a-w C:\Program Files\16-8000u.wav
      1999-06-24 10:40 260 ----a-w C:\Program Files\16-8000d.wav
      1999-06-24 10:38 956 ----a-w C:\Program Files\16-44100u.wav
      1999-06-24 10:37 1,186 ----a-w C:\Program Files\16-44100d.wav
      1999-06-24 10:34 652 ----a-w C:\Program Files\16-22050d.wav
      1999-06-24 10:34 442 ----a-w C:\Program Files\16-22050u.wav
      1999-06-24 09:54 340 ----a-w C:\Program Files\16-11025d.wav
      1999-06-24 09:50 326 ----a-w C:\Program Files\16-11025u.wav
      2006-04-10 07:50 8 --sh--r C:\WINDOWS\system32\C316EEBDEB.sys
      2006-04-10 07:50 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond


      Nu de hyjackthislog
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:23:48, on 22/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Comodo\Firewall\cmdagent.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\WINDOWS\system32\wbsecsvc.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kapi-regnum.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: &Search - ?p=ZR
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O15 - Trusted Zone: http://toolbar.imageshack.us
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kittenandkatsloverboy.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143284348140
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
      O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
      O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Belgium Identity Card Service (BELGIUM_ID_CARD_SERVICE) - Unknown owner - C:\WINDOWS\system32\Belpic PCSC Service.exe (file missing)
      O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe

      --
      End of file - 9323 bytes

      Comment


      • #4
        Ik mis een stuk tekst van de combofix uitslag, mag ik die ook zien aub

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          volledige combi fix

          ComboFix 08-03-21.2 - mathias 2008-03-23 10:09:42.2 - NTFSx86
          Gestart vanuit: C:\Documents and Settings\mathias\Bureaublad\ComboFix.exe
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))
          .

          2008-03-20 17:57 . 2008-03-20 18:03 <DIR> d-------- C:\Program Files\Windows Live
          2008-03-20 17:57 . 2008-03-20 17:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
          2008-03-20 17:56 . 2008-03-20 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
          2008-03-19 15:27 . 2008-03-19 15:27 <DIR> d-------- C:\Program Files\Core Design
          2008-03-15 12:10 . 2008-03-15 12:10 754 --a------ C:\WINDOWS\WORDPAD.INI
          2008-03-15 11:51 . 2008-03-15 11:53 <DIR> d-------- C:\Program Files\CrossLoop
          2008-03-14 18:57 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
          2008-03-14 18:55 . 2008-03-14 18:57 <DIR> d-------- C:\Program Files\Java
          2008-03-14 18:55 . 2008-03-14 18:55 <DIR> d-------- C:\Program Files\Common Files\Java
          2008-03-14 17:05 . 2008-03-14 17:05 <DIR> d-------- C:\Program Files\Trend Micro
          2008-03-14 17:01 . 2008-03-14 17:01 <DIR> d-------- C:\hijack
          2008-03-14 16:36 . 2008-03-22 10:44 <DIR> dr-h----- C:\Documents and Settings\mathias\Onlangs geopend
          2008-03-14 16:08 . 2008-03-14 16:08 <DIR> d-------- C:\Program Files\CCleaner
          2008-03-14 09:51 . 2008-03-14 09:51 <DIR> d--h----- C:\WINDOWS\PIF
          2008-03-03 21:07 . 2008-03-03 21:11 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
          2008-03-03 21:02 . 2008-03-03 21:02 <DIR> d-------- C:\Documents and Settings\mathias\Application Data\DAEMON Tools
          2008-03-03 21:02 . 2008-03-03 21:02 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
          2008-02-23 13:24 . 2008-02-23 13:24 <DIR> d-------- C:\Documents and Settings\mathias\Application Data\Ahead

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-03-21 17:27 5,024 ----a-w C:\Documents and Settings\mathias\Application Data\wklnhst.dat
          2008-03-20 17:28 --------- d-----w C:\Program Files\MSN Messenger
          2008-03-15 11:10 --------- d-----w C:\Program Files\EA GAMES
          2008-03-14 16:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2008-03-14 16:23 --------- d-----w C:\Program Files\SpywareBlaster
          2008-03-14 15:44 --------- d-----w C:\Program Files\PestPatrol
          2008-03-14 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-03-14 09:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-03-14 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
          2008-03-04 17:52 --------- d-----w C:\Program Files\Yahoo!
          2008-02-27 16:46 --------- d-----w C:\Program Files\QuickTime
          2008-02-23 12:09 --------- d-----w C:\Documents and Settings\mathias\Application Data\LimeWirePlus
          2008-02-09 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
          2008-02-09 16:48 691,545 ----a-w C:\WINDOWS\unins000.exe
          2008-01-29 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
          2007-02-10 09:55 32 ----a-r C:\Documents and Settings\All Users\hash.dat
          2004-06-08 15:16 61,440 ----a-w C:\Program Files\CamRes2.dll
          2004-06-08 13:01 53,248 ----a-w C:\Program Files\MClick2.dll
          2004-05-05 11:57 2,018 ----a-w C:\Program Files\readme.txt
          2004-04-22 10:38 3,274 ----a-w C:\Program Files\agreement.txt
          2003-01-07 12:42 53 ----a-w C:\Program Files\HomePage.url
          1999-06-24 10:49 587 ----a-w C:\Program Files\8-44100d.wav
          1999-06-24 10:49 421 ----a-w C:\Program Files\8-44100u.wav
          1999-06-24 10:47 317 ----a-w C:\Program Files\8-22050d.wav
          1999-06-24 10:47 225 ----a-w C:\Program Files\8-22050u.wav
          1999-06-24 10:46 183 ----a-w C:\Program Files\8-11025d.wav
          1999-06-24 10:46 135 ----a-w C:\Program Files\8-11025u.wav
          1999-06-24 10:44 127 ----a-w C:\Program Files\8-8000u.wav
          1999-06-24 10:43 151 ----a-w C:\Program Files\8-8000d.wav
          1999-06-24 10:41 220 ----a-w C:\Program Files\16-8000u.wav
          1999-06-24 10:40 260 ----a-w C:\Program Files\16-8000d.wav
          1999-06-24 10:38 956 ----a-w C:\Program Files\16-44100u.wav
          1999-06-24 10:37 1,186 ----a-w C:\Program Files\16-44100d.wav
          1999-06-24 10:34 652 ----a-w C:\Program Files\16-22050d.wav
          1999-06-24 10:34 442 ----a-w C:\Program Files\16-22050u.wav
          1999-06-24 09:54 340 ----a-w C:\Program Files\16-11025d.wav
          1999-06-24 09:50 326 ----a-w C:\Program Files\16-11025u.wav
          2006-04-10 07:50 8 --sh--r C:\WINDOWS\system32\C316EEBDEB.sys
          2006-04-10 07:50 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
          .

          ((((((((((((((((((((((((((((( [email protected]_12.13.43,10 )))))))))))))))))))))))))))))))))))))))))
          .
          + 2008-03-23 08:58:38 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_108.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
          2008-01-14 17:25 1502232 --a------ C:\Program Files\LimewirePlus\tbLim1.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
          "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "C:\Program Files\LimewirePlus\tbLim1.dll" [2008-01-14 17:25 1502232]

          [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
          "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLim1.dll [2008-01-14 17:25 1502232]

          [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360]
          "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-01 21:05 344064]
          "SoundMan"="SOUNDMAN.EXE" [2005-12-14 09:06 577536 C:\WINDOWS\soundman.exe]
          "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-28 08:58 761945]
          "PPMemCheck"="c:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2004-04-02 15:11 148480]
          "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
          "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2007-11-23 18:45 1481984]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-27 17:46 385024]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360]
          "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
          "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
          "AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
          "Dancer"="C:\Program Files\Windows Plus\Dancer\Dancer.exe"

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
          "AGRSMMSG"=AGRSMMSG.exe
          "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          "CookiePatrol"=c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
          "Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
          "PestPatrol Control Center"=c-\PROGRA~1\PESTPA~1\PPControl.exe
          "PestPatrolRegistration"=C:\Program Files\PestPatrol\Register.exe

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "C:\\Program Files\\Messenger\\msmsgs.exe"=
          "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
          "C:\\Program Files\\LimeWire\\LimeWire.exe"=
          "C:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
          "C:\\WINDOWS\\system32\\dplaysvr.exe"=
          "C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
          "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
          "C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
          "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
          "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
          "C:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

          R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-23 18:45]
          R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-23 18:45]
          R1 wbsecdrv;wbsecdrv Protocol Driver;C:\WINDOWS\system32\DRIVERS\wbsecdrv.sys [2005-06-14 14:20]
          R2 wbsecsvc;wbsecsvc;C:\WINDOWS\system32\wbsecsvc.exe [2005-04-30 15:40]
          R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 11:36]
          R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\W33ND.SYS [2005-07-26 18:00]
          S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usbxp.sys [2005-01-18 17:34]
          S3 jnv4_mib;jnv4_mib;C:\DOCUME~1\mathias\LOCALS~1\Temp\jnv4_mib.sys
          S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-02-05 11:30:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2006-06-07 18:06:58 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
          "2008-03-23 09:01:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
          - C:\Program Files\Windows Defender\MpCmdRun.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-03-23 10:25:34
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          --------------------- DLLs Geladen Onder Lopende Processen ---------------------

          PROCESS: C:\WINDOWS\system32\winlogon.exe
          -> C:\WINDOWS\system32\guard32.dll

          PROCESS: C:\WINDOWS\system32\lsass.exe
          -> C:\WINDOWS\system32\guard32.dll
          .
          Voltooingstijd: 2008-03-23 10:28:54
          ComboFix-quarantined-files.txt 2008-03-23 09:28:46
          ComboFix2.txt 2008-03-22 11:14:09
          .
          2008-03-21 17:02:53 --- E O F ---

          Comment


          • #6
            Download Malwarebytes' Anti-Malware op je bureaublad.
            Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
            Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
            Druk daarna op "Finish".
            Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
            Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
            Druk dan op de knop "Start Scan".
            Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
            Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
            Als het programma je computer wil laten herstarten, sta je dit toe.
            Start sowieso opnieuw op.

            Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
            Post deze log in je volgende bericht.

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Log van Malwarebytes' Anti-Malware 1.09

              Malwarebytes' Anti-Malware 1.09
              Database versie: 507

              Scan type: Volledige Scan (C:\|D:\|F:\|)
              Objecten gescand: 202630
              Verstreken tijd: 55 minute(s), 50 second(s)

              Geheugenprocessen geïnfecteerd: 0
              Geheugenmodulen geïnfecteerd: 0
              Registersleutels geïnfecteerd: 14
              Registerwaarden geïnfecteerd: 0
              Registerdata bestanden geïnfecteerd: 0
              Mappen geïnfecteerd: 0
              Bestanden geïnfecteerd: 2

              Geheugenprocessen geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Geheugenmodulen geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Registersleutels geïnfecteerd:
              HKEY_CLASSES_ROOT\Interface\{4340df8e-d7a3-4675-be74-80077b2b3e81} (Trojan.AdWare.AntiSpamBoy) -> Quarantined and deleted successfully.
              HKEY_CLASSES_ROOT\Interface\{5acae4b8-62d9-4124-a58a-9b1258b77e99} (Trojan.AdWare.AntiSpamBoy) -> Quarantined and deleted successfully.
              HKEY_CLASSES_ROOT\Interface\{d12fb216-99da-4eb3-9cc0-c0f760b174a0} (Trojan.AdWare.AntiSpamBoy) -> Quarantined and deleted successfully.
              HKEY_CLASSES_ROOT\Interface\{d56c1af1-3fde-471c-9bc2-c52515f260c1} (Trojan.AdWare.AntiSpamBoy) -> Quarantined and deleted successfully.
              HKEY_CLASSES_ROOT\Interface\{e656b867-992c-4462-a27d-ebe604ec3a48} (Trojan.AdWare.AntiSpamBoy) -> Quarantined and deleted successfully.
              HKEY_CLASSES_ROOT\Interface\{e656b867-aa2c-4462-a27d-ebe604ec3a48} (Trojan.AdWare.AntiSpamBoy) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

              Registerwaarden geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Registerdata bestanden geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Mappen geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Bestanden geïnfecteerd:
              C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
              C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

              Comment


              • #8
                Aardig gelukt zo te zien, mag ik ook een nieuw HJT logje en vertel even hoe het nu gaat.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Hijacklog en startsnelheid

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 15:41:52, on 24/03/2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Windows Defender\MsMpEng.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                  C:\Program Files\Alwil Software\Avast4\ashServ.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\Comodo\Firewall\cmdagent.exe
                  C:\WINDOWS\eHome\ehRecvr.exe
                  C:\WINDOWS\eHome\ehSched.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                  C:\WINDOWS\system32\wbsecsvc.exe
                  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                  C:\WINDOWS\system32\dllhost.exe
                  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                  C:\WINDOWS\SOUNDMAN.EXE
                  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  C:\Program Files\Windows Defender\MSASCui.exe
                  C:\Program Files\Comodo\Firewall\cfp.exe
                  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\internet explorer\iexplore.exe
                  C:\Program Files\internet explorer\iexplore.exe
                  C:\Program Files\internet explorer\iexplore.exe
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                  C:\Program Files\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kapi-regnum.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
                  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
                  O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
                  O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                  O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O8 - Extra context menu item: &Search - ?p=ZR
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O15 - Trusted Zone: http://toolbar.imageshack.us
                  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
                  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kittenandkatsloverboy.spaces.live.com//PhotoUpload/MsnPUpld.cab
                  O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
                  O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143284348140
                  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
                  O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
                  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                  O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
                  O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
                  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                  O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                  O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                  O23 - Service: Belgium Identity Card Service (BELGIUM_ID_CARD_SERVICE) - Unknown owner - C:\WINDOWS\system32\Belpic PCSC Service.exe (file missing)
                  O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                  O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                  O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe

                  --
                  End of file - 9243 bytes


                  Werkt nog traag.
                  Het duurt 1 minuut voordat het welkom scherm verschijnt. Daarna nog een minuut totdat het bureaublad zonder iconen verschijnt, nog een minuut wachten voordat de iconen verschijnen en dan bijna 2 minuten tot de startsite van het internet opent.

                  Comment


                  • #10
                    Schakel tijdelijk Windows Defender uit
                    Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
                    * Open Windows Defender > Klik Tools
                    * Klik "General Settings"
                    * Scroll naar "Real Time Protection Options"
                    * Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
                    * Sluit Windows Defender
                    (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)

                    Ik zou voorstellen om deze te fixen.

                    Start Hijackthis op en kies voor 'Do a system scan only'
                    Selecteer alleen de items die hieronder zijn genoemd:

                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                    R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
                    O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
                    O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
                    O15 - Trusted Zone: http://toolbar.imageshack.us
                    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab

                    Sluit alle vensters behalve Hijackthis
                    Klik op 'Fix checked' om de items te verwijderen.

                    start opnieuw op en plaats een nieuw HJT logje aub

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      log na fixen

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 19:40:00, on 25/03/2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Windows Defender\MsMpEng.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                      C:\Program Files\Alwil Software\Avast4\ashServ.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Comodo\Firewall\cmdagent.exe
                      C:\WINDOWS\eHome\ehRecvr.exe
                      C:\WINDOWS\eHome\ehSched.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                      C:\WINDOWS\system32\wbsecsvc.exe
                      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                      C:\WINDOWS\system32\dllhost.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                      C:\WINDOWS\SOUNDMAN.EXE
                      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                      C:\Program Files\Windows Defender\MSASCui.exe
                      C:\Program Files\Comodo\Firewall\cfp.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\HijackThis\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kapi-regnum.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
                      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                      O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O8 - Extra context menu item: &Search - ?p=ZR
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
                      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kittenandkatsloverboy.spaces.live.com//PhotoUpload/MsnPUpld.cab
                      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
                      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
                      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143284348140
                      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
                      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                      O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
                      O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
                      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                      O23 - Service: Belgium Identity Card Service (BELGIUM_ID_CARD_SERVICE) - Unknown owner - C:\WINDOWS\system32\Belpic PCSC Service.exe (file missing)
                      O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                      O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
                      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                      O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe

                      --
                      End of file - 8399 bytes

                      Gaat een stuk vlugger. Doet er nu 3 minuten over. Verliest veel tijd om de iconen op te halen en die op het bureaubladachtergrond te plaatsen. Kan daar iets aangedaan worden?

                      Comment


                      • #12
                        Ga naar Start > Uitvoeren en typ (of kopiëer en plak) :
                        sc delete BELGIUM_ID_CARD_SERVICE
                        klik op ok



                        Download en installeer CCleaner
                        (De CCLeaner Yahoo Toolbar is niet nodig)

                        Start Ccleaner.
                        Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
                        Selecteer nu alleen de volgende items:
                        Internet Explorer:
                        - Tijdelijke Internet bestanden
                        Systeem:
                        - Prullenbak leegmaken
                        - Tijdelijke bestanden
                        klik nu in Ccleaner op opschonen (rechts onderaan).


                        gaat het nu beter ?

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Nee
                          Het opladen van de achtergrond bureaublad(eigen natuurfoto) gaat vlot, dan worden de iconen op een zwarte achtergrond opgeladen (duurt een tijdje) en dan worden de iconen op de bureaublad geplaatst (dit duurt dan 40 seconden).
                          Op de andere computer worden de iconen en achtergrond(ook eigen foto)in 1 ruk vlug opgeladen.

                          Comment


                          • #14
                            Hoe groot is je virtueel geheugen op deze PC ?

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Voor het ogenblik 672MB.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X