Mededeling

Collapse
No announcement yet.

Virus genaamd 'JS/Psyme.QM'

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus genaamd 'JS/Psyme.QM'

    AVG virusscanner geeft aan tijdens het scannen dat er een virus is gevonden genaamd 'JS/Psyme.QM'.
    Ik heb een eigen fansite van een band op internet gemaakt een jaar terug, en daar is nu ook ineens de index pagina en de main pagina veranderd en mensen kunnen niet meer op mijn site komen. Daar heeft het virus zich zeker ook verspreid ??
    AVG is nu dus nog bezig met scannen.
    Hopelijk verwijderd/hersteld AVG er het grootste gedeelte van, maar ik post toch nog even een HijackThis Logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:55:50, on 29-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Grisoft\AVG7\avgwb.dat
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Snelstart HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184167922142
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 7481 bytes

  • #2
    Nadat de AVG scan klaar was stond er dat er 1 thread (JS/Psyme.QM) gevonden was en er stond bij 1 file healed, dus dat is alvast goed .. denk ik.
    Hier even een nieuwe Hijack This log, want misschien is er wat veranderd na het scannen:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:57:29, on 29-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Snelstart HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184167922142
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 7304 bytes

    Comment


    • #3
      zie eigenlijk niet veel bijzonders in het logje,


      * Download Malwarebytes' Anti-Malware via hier of hier.

      Dubbelklik mbam-setup.exe om het programma te installeren.
      • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
      • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
      • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
      • Het scannen kan een tijdje duren, dus wees geduldig.
      • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
      • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
      • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
      • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
      • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

      Extra Nota:
      Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.


      succes

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        Bedankt voor je reactie Juisterr !
        Het logje wat ik postte was van mijn eigen pc, maar ben tot de ontdekking gekomen gister avond dat de pc van mijn vader de boosdoender is want die pc is er veel slechter aan toe dan mijn pc.
        Op mijn vaders pc vind AVG maar liefst 8 virussen waarvan het herstellen van 6 virussen mislukt is ... ook hier gaat het om het virus 'JS/Psyme', de startpagina van internet is veranderd en er zijn programma's geinstalleerd die 'Online Security Guide' en 'Security Troubleshooting' heten.
        Dus ik denk dat de ene pc het virus heeft overgedragen naar mijn pc, want beide pc's zijn op dezelfde router aangesloten.
        Nu wil ik eerst ff de pc van mijn vader in orde maken en daarna pas die van mij.
        Hier het logje van de "pc van mijn vader":

        Logfile of HijackThis v1.99.1
        Scan saved at 11:30:41, on 30-3-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Ahead\InCD\InCDsrv.exe
        E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\NetProject\scit.exe
        C:\Program Files\NetProject\sbmntr.exe
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\Program Files\Ahead\InCD\InCD.exe
        E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
        C:\Program Files\Common Files\TerraTec\Scheduler\TTTimer.exe
        C:\WINDOWS\system32\ctfmon.exe
        E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
        E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
        E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\Program Files\CyberLink\Shared Files\RichVideo.exe
        C:\WINDOWS\system32\slserv.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Onze Bestanden en Mappen\NIEUW\Nieuwe PC - Bestanden\Kevin\Spyware en Andere Problemen\HijackThis\HijackThis.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
        O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
        O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
        O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [TerraTec Scheduler] C:\Program Files\Common Files\TerraTec\Scheduler\TTTimer.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
        O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
        O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194809609859
        O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195164594125
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
        O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - I:\Player\__CDS2.dll (file missing)
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
        O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
        O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
        O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
        O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

        Comment


        • #5
          rogue scanner ,



          Fix blijft dezelfde,


          * Download Malwarebytes' Anti-Malware via hier of hier.

          Dubbelklik mbam-setup.exe om het programma te installeren.
          • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
          • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
          • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
          • Het scannen kan een tijdje duren, dus wees geduldig.
          • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
          • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
          • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
          • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
          • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

          Extra Nota:
          Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.


          plaats het nieuwe hjt logje wel gemaakt met de juiste versie aub.

          * Download Trend Micro Hijack This™
          Dubbelklik HJTInstall.exe om HijackThis te installeren.
          Standaard zal HijackThis in de Program Files\Trendmicro map geïnstalleerd worden en een snelkoppeling zal op je bureaublad komen te staan.
          HijackThis zal openen na het installeren.
          Klik de Scan knop onderaan.
          Dit zal de scan starten en een log openen.
          Kopieer en plak deze log in je volgende post.

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Bedankt, het is gelukt en de meldingen zijn voor zover ik het kan zien weg en de geinstalleerde programma's ook.
            Alleen na het scannen met 'Malwarebytes' kwam er geen melding om opnieuw op te starten, dus heb ik het zelf maar gedaan.

            'Malwarebytes' Log:

            Malwarebytes' Anti-Malware 1.09
            Database versie: 568

            Scan type: Snelle Scan
            Objecten gescand: 172918
            Verstreken tijd: 56 minute(s), 22 second(s)

            Geheugenprocessen geïnfecteerd: 2
            Geheugenmodulen geïnfecteerd: 1
            Registersleutels geïnfecteerd: 28
            Registerwaarden geïnfecteerd: 7
            Registerdata bestanden geïnfecteerd: 0
            Mappen geïnfecteerd: 6
            Bestanden geïnfecteerd: 21

            Geheugenprocessen geïnfecteerd:
            c:\program files\netproject\scit.exe (Trojan.Zlob) -> Unloaded process successfully.
            c:\program files\netproject\sbmntr.exe (Trojan.Zlob) -> Unloaded process successfully.

            Geheugenmodulen geïnfecteerd:
            c:\program files\netproject\sbmdl.dll (Trojan.Zlob) -> Unloaded module successfully.

            Registersleutels geïnfecteerd:
            HKEY_CLASSES_ROOT\CLSID\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\CLSID\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\CLSID\{d70e9b0f-aabc-4066-8176-c6de84d92fa1} (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

            Registerwaarden geïnfecteerd:
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d70e9b0f-aabc-4066-8176-c6de84d92fa1} (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

            Registerdata bestanden geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Mappen geïnfecteerd:
            C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
            C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\375013 (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Eigenaar\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Eigenaar\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

            Bestanden geïnfecteerd:
            c:\program files\netproject\scit.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
            c:\program files\netproject\sbmntr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
            c:\program files\netproject\sbmdl.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\Program Files\NetProject\sbun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\Program Files\NetProject\scu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\Program Files\NetProject\wamdl.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\kknwg.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Eigenaar\Local Settings\Temp\zfe2.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            C:\Program Files\VirusHeat 4.3\vpp.ini (Rogue.VirusHeat) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Eigenaar\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
            C:\Documents and Settings\All Users\Bureaublad\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
            C:\Documents and Settings\All Users\Bureaublad\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
            C:\Documents and Settings\All Users\Menu Start\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
            C:\Documents and Settings\All Users\Menu Start\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Eigenaar\Local Settings\Temp\zfe3.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Eigenaar\Local Settings\Temp\zs0.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Eigenaar\Favorieten\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.


            'HijackThis' Log:

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 14:01:23, on 30-3-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16608)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Ahead\InCD\InCDsrv.exe
            E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\spoolsv.exe
            E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
            C:\Program Files\Ahead\InCD\InCD.exe
            E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
            E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
            C:\Program Files\Common Files\TerraTec\Scheduler\TTTimer.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\Program Files\CyberLink\Shared Files\RichVideo.exe
            C:\WINDOWS\system32\slserv.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
            O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
            O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
            O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
            O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
            O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [TerraTec Scheduler] C:\Program Files\Common Files\TerraTec\Scheduler\TTTimer.exe
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194809609859
            O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195164594125
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
            O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
            O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - I:\Player\__CDS2.dll (file missing)
            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
            O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
            O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
            O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

            --
            End of file - 5749 bytes

            Comment


            • #7
              Gaat lekker zo?

              Nog klachten?

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Nee, geen klachten meer.

                Op mijn eigen pc moet ik het nog uitvoeren, al heb ik zoiezo geen klachten dus misschien is het wel niet nodig ?

                Comment


                • #9
                  Doe toch maar even om zeker te zijn, plaats daar ook nog een nieuw HJT logje van.

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Omdat mijn eigen pc nu in de pc zaak staat en voorzien gaat worden van een nieuw moederbord, is dat HJT logje niet meer nodig.

                    Er zijn wel weer problemen op de pc van mijn vader, niet echt direct merkbaar zoals de vorige keer, maar AVG vond vandaag weer 7 virussen waarvan er 4 verwijderd konden worden.

                    Dus hier weer een nieuw HJT logje:

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 21:33:53, on 4-4-2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Ahead\InCD\InCDsrv.exe
                    E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                    C:\Program Files\Ahead\InCD\InCD.exe
                    E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                    C:\Program Files\Common Files\TerraTec\Scheduler\TTTimer.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                    C:\WINDOWS\system32\slserv.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Internet Explorer\IEXPLORE.EXE
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
                    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
                    O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                    O4 - HKLM\..\Run: [TerraTec Scheduler] C:\Program Files\Common Files\TerraTec\Scheduler\TTTimer.exe
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194809609859
                    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
                    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195164594125
                    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                    O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - I:\Player\__CDS2.dll (file missing)
                    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
                    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
                    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

                    --
                    End of file - 5748 bytes

                    Comment


                    • #11
                      Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

                      Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
                      Is er iets niet duidelijk, dan vraag je het.
                      Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
                      Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        Pff, wat een gedoe.
                        ComboFix staat nu op de pc maar heb het nog niet geopend.
                        Het gaat fout bij de stap 'De herstelconsole installeren en gebruiken in Windows XP'.
                        Zie [url=http://support.microsoft.com/kb/307654]deze pagina, bij mij komt er dus het foutbericht 'De installatie kan niet worden voorgezet omdat de versie van Windows die op uw computer is geïnstalleerd, nieuwer is dan de versie van Windows op de cd-rom'.
                        Als je die melding krijgt wordt je dus doorgestuurd naar [url=http://support.microsoft.com/kb/898594/]deze pagina.
                        Ik heb Methode 3 gekozen, want een XP CD met SP2 heb ik niet en bij methode 2 moet je SP2 pas installeren nadat je die herstelconsole gedaan hebt .. en SP2 staat er namelijk al op, dus ... (of begrijp ik het verkeerd ?).
                        Bij Methode 3 word je naar [url=http://support.microsoft.com/kb/900871/]deze pagina gestuurd.
                        Daar gaat het fout want ik heb gekozen voor Methode 1, het gaat goed t/m stap 8, bij stap 9 komt er [url=http://img241.imageshack.us/img241/3049/foutfr0.jpg]deze foutmelding tijdens het upgraten.

                        Wat moet ik nu doen, of wat doe ik fout ?

                        Comment


                        • #13
                          Al geprobeerd het uit te voeren zonder de herstelconsole te installeren, er is dan alleen geen backup voor het kleine geval dat er iets fout gaat.

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            Ja, heb het programma nu uitgevoerd, en alles lijkt nog te werken, heb de pc alleen nog niet opnieuw opgestart.

                            ComboFix Log:

                            ComboFix 08-04-03.5 - Eigenaar 2008-04-05 16:37:17.1 - NTFSx86
                            Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.507 [GMT 2:00]
                            Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
                            * Nieuw herstelpunt werd aangemaakt

                            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                            .

                            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                            .

                            C:\Documents and Settings\Eigenaar\err.log
                            C:\Documents and Settings\Eigenaar\ResErrors.log

                            .
                            (((((((((((((((((((( Bestanden Gemaakt van 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))
                            .

                            2008-04-05 11:57 . 2008-04-05 12:31 <DIR> d-------- C:\XPSP2
                            2008-04-05 11:56 . 2008-04-05 12:34 <DIR> d-------- C:\XPCD
                            2008-03-30 13:56 . 2008-03-30 13:56 <DIR> d-------- C:\Program Files\Trend Micro
                            2008-03-30 12:29 . 2008-03-30 12:29 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Malwarebytes
                            2008-03-30 12:28 . 2008-03-30 12:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
                            2008-03-30 12:28 . 2008-03-30 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                            2008-03-28 20:30 . 2008-03-28 21:06 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
                            2008-03-12 22:04 . 2008-03-12 22:04 <DIR> d-------- C:\mmiroute

                            .
                            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            2008-04-04 17:51 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
                            2008-03-29 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
                            2008-03-29 14:35 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
                            2008-03-18 17:51 --------- d-----w C:\Documents and Settings\Kevin\Application Data\AVG7
                            2008-02-11 19:37 --------- d-----w C:\Program Files\Davilex
                            2008-01-31 18:25 44,472 ----a-w C:\Documents and Settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
                            2007-12-22 16:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
                            2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
                            .

                            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            REGEDIT4
                            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
                            "PowerBar"=""

                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 16:10 56928]
                            "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 23:55 54832]
                            "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-14 04:06 1397760]
                            "AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 21:44 579072]
                            "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
                            "TerraTec Scheduler"="C:\Program Files\Common Files\TerraTec\Scheduler\TTTimer.exe" [2003-07-21 15:57 499712]

                            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                            "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
                            "AVG7_Run"="E:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-16 16:01 219136]

                            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
                            "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= C:\WINDOWS\system32\ieframe.dll [2007-12-07 04:18 6066176]

                            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                            "vidc.iv41"= C:\WINDOWS\system32\Ir41_32.ax
                            "MSVideo8"= VfWWDM32.dll
                            "msacm.l3acm"= l3codeca.acm

                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                            "EnableFirewall"= 0 (0x0)

                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                            "%windir%\\system32\\sessmgr.exe"=
                            "E:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
                            "E:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
                            "E:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
                            "E:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
                            "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                            "C:\\Program Files\\Messenger\\msmsgs.exe"=
                            "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

                            R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-12-14 18:56]
                            R3 Cap7134;Cinergy 200 TV Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-08-08 11:36]
                            R3 TTTv200;Cinergy 200 TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTvTune.sys [2003-08-01 15:38]
                            S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-05-21 12:40]
                            S3 cdb0820b-4205-49b1-9cc1-52cd368d9e8f;cdb0820b-4205-49b1-9cc1-52cd368d9e8f;I:\Player\cds300.dll
                            S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
                            S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 17:10]

                            .
                            **************************************************************************

                            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                            Rootkit scan 2008-04-05 16:39:35
                            Windows 5.1.2600 Service Pack 2 NTFS

                            scannen van verborgen processen ...

                            scannen van verborgen autostart items ...

                            HKCU\Software\Microsoft\Windows\CurrentVersion\Run
                            PowerBar = [email protected][email protected][email protected][email protected]????? ???????????W?<~??9~??????9~K?9~x???????[?9~???????? ??????????????|x???0???????????? [email protected][email protected]?????Q?:[email protected][email protected][email protected][email protected]?3??s?????????????????? [email protected][email protected][email protected]

                            scannen van verborgen bestanden ...

                            Scan succesvol afgerond
                            verborgen bestanden: 0

                            **************************************************************************
                            .
                            Voltooingstijd: 2008-04-05 16:42:05
                            ComboFix-quarantined-files.txt 2008-04-05 14:42:03
                            Pre-Run: 136,491,814,912 bytes beschikbaar
                            Post-Run: 136,485,130,240 bytes beschikbaar
                            .
                            2008-03-13 20:48:17 --- E O F ---


                            HJT Log:

                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 16:48:11, on 5-4-2008
                            Platform: Windows XP SP2 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                            Boot mode: Normal

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\Program Files\Ahead\InCD\InCDsrv.exe
                            E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                            C:\Program Files\Ahead\InCD\InCD.exe
                            C:\Program Files\Common Files\TerraTec\Scheduler\TTTimer.exe
                            C:\WINDOWS\system32\ctfmon.exe
                            E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                            E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                            E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                            C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                            C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                            C:\WINDOWS\System32\svchost.exe
                            E:\Program Files\Grisoft\AVG7\avgcc.exe
                            C:\WINDOWS\explorer.exe
                            C:\Program Files\Internet Explorer\IEXPLORE.EXE
                            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                            O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                            O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                            O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
                            O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
                            O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                            O4 - HKLM\..\Run: [TerraTec Scheduler] C:\Program Files\Common Files\TerraTec\Scheduler\TTTimer.exe
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                            O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                            O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194809609859
                            O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
                            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195164594125
                            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                            O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                            O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - I:\Player\__CDS2.dll (file missing)
                            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                            O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                            O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
                            O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
                            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                            O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                            O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

                            --
                            End of file - 5838 bytes

                            Comment


                            • #15
                              vertel even hoe het gaat als je opnieuw opgestart hebt.

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X