Mededeling

Collapse
No announcement yet.

system 32 opent bij opstarten

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • system 32 opent bij opstarten

    Bij opstarten van de pc, maar ook bij wisselen van gebruikers, opent sinds een paar dagen de map:"system 32" steeds. Vast bedankt voor de hulp!
    Hier volgt het logje van HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:05:10, on 5-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    E:\WINDOWS\system32\spoolsv.exe
    F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    E:\WINDOWS\system32\inetsrv\inetinfo.exe
    E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\WINDOWS\system32\tcpsvcs.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\UAService7.exe
    E:\WINDOWS\system32\mqsvc.exe
    E:\WINDOWS\system32\mqtgsvc.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    E:\WINDOWS\system32\RUNDLL32.EXE
    E:\WINDOWS\system32\ctfmon.exe
    F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    E:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    E:\WINDOWS\NCLAUNCH.EXe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] -startup
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NCLaunch] E:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - E:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - E:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\WINDOWS\system32\shdocvw.dll
    O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NBService - Unknown owner - F:\Program Files\Nero 7\Nero 7\Nero BackItUp\NBService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - E:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - E:\WINDOWS\system32\UAService7.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - E:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

    --
    End of file - 8186 bytes

  • #2
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopi?er (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      system 32 opent bij opstarten

      Deckard's System Scanner v20071014.68
      Run by Lucie on 2008-04-06 11:58:21
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 2 Restore Point(s) --
      2: 2008-04-06 09:58:33 UTC - RP1666 - Deckard's System Scanner Restore Point
      1: 2008-04-05 18:26:03 UTC - RP1665 - Made by Registry Mechanic O


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Lucie.exe) -----------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:02:13, on 6-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      E:\WINDOWS\System32\smss.exe
      E:\WINDOWS\system32\winlogon.exe
      E:\WINDOWS\system32\services.exe
      E:\WINDOWS\system32\lsass.exe
      E:\WINDOWS\system32\svchost.exe
      E:\WINDOWS\System32\svchost.exe
      F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      E:\WINDOWS\Explorer.EXE
      E:\WINDOWS\system32\spoolsv.exe
      E:\WINDOWS\system32\RUNDLL32.EXE
      F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      E:\WINDOWS\system32\inetsrv\inetinfo.exe
      E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
      E:\WINDOWS\system32\nvsvc32.exe
      E:\WINDOWS\system32\tcpsvcs.exe
      E:\WINDOWS\System32\svchost.exe
      E:\WINDOWS\system32\UAService7.exe
      E:\WINDOWS\system32\ctfmon.exe
      E:\WINDOWS\NCLAUNCH.EXe
      E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Bureaublad\dss.exe
      F:\PROGRA~1\TRENDM~1\HIJACK~1\Lucie.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
      O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
      O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
      O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] -startup
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [NCLaunch] E:\WINDOWS\NCLAUNCH.EXe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - E:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - E:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\WINDOWS\system32\shdocvw.dll
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\WINDOWS\system32\shdocvw.dll
      O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
      O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: NBService - Unknown owner - F:\Program Files\Nero 7\Nero 7\Nero BackItUp\NBService.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: ServiceLayer - Nokia. - E:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
      O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - E:\WINDOWS\system32\UAService7.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - E:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

      --
      End of file - 7965 bytes

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R0 Vax347b - e:\windows\system32\drivers\vax347b.sys
      R0 Vax347s - e:\windows\system32\drivers\vax347s.sys
      R1 cdrbsdrv - e:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
      R2 hwpsgt - e:\windows\system32\drivers\hwpsgt.sys
      R2 lemsgt - e:\windows\system32\drivers\lemsgt.sys
      R2 litsgt - e:\windows\system32\drivers\litsgt.sys
      R2 tansgt - e:\windows\system32\drivers\tansgt.sys
      R3 pcouffin (VSO Software pcouffin) - e:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

      S3 iMSPCLOj - e:\docume~1\lucie~3.thu\locals~1\temp\imspcloj.sys (file missing)
      S3 pgfilter - f:\program files\peerguardian2\pgfilter.sys (file missing)
      S3 Ser2pl (MS3303H2 Serial port driver) - e:\windows\system32\drivers\ser2pl.sys <Not Verified; MS3303H; >
      S3 TVICHW32 - e:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 NetFxUpdate_v1.1.4322 (Microsoft .NET Framework v1.1.4322 Update) - e:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe <Not Verified; Microsoft; NetFxUpdate Application>
      R2 UserAccess7 (SecuROM User Access Service (V7)) - e:\windows\system32\uaservice7.exe

      S3 NBService - f:\program files\nero 7\nero 7\nero backitup\nbservice.exe
      S3 ServiceLayer - "e:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
      S3 WLSetupSvc (Windows Live Setup Service) - "e:\program files\windows live\installer\wlsetupsvc.exe" (file missing)


      -- Device Manager: Disabled ----------------------------------------------------

      Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
      Description: PnP BIOS Extension
      Device ID: ROOT\SYSTEM\0003
      Manufacturer: (Standard system devices)
      Name: PnP BIOS Extension
      PNP Device ID: ROOT\SYSTEM\0003
      Service: d347bus


      -- Files created between 2008-03-06 and 2008-04-06 -----------------------------

      2008-04-05 20:09:01 0 dr-h----- E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Onlangs geopend
      2008-04-04 22:56:14 0 dr-h----- E:\Documents and Settings\Jelle.THUIS-4DZIAYT4I\Onlangs geopend
      2008-04-04 15:59:32 0 dr-h----- E:\Documents and Settings\Robin.THUIS-4DZIAYT4I\Onlangs geopend
      2008-04-01 16:13:49 1044480 --a------ E:\WINDOWS\system32\Roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9.2>
      2008-04-01 16:13:49 49152 --a------ E:\WINDOWS\system32\INETWH32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
      2008-04-01 15:08:35 0 dr-h----- E:\Documents and Settings\Jeroen.THUIS-4DZIAYT4I\Onlangs geopend
      2008-03-31 16:37:39 0 d-------- E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\PC Suite
      2008-03-31 16:09:29 0 d-------- E:\Program Files\Nokia
      2008-03-31 15:40:12 0 d-------- E:\Documents and Settings\Jelle.THUIS-4DZIAYT4I\Application Data\PC Suite
      2008-03-31 14:07:43 0 d-------- E:\Program Files\Common Files\Nokia
      2008-03-31 14:06:32 0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
      2008-03-30 18:44:27 0 d-------- E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\WinRAR
      2008-03-29 11:51:19 0 d-------- E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\PlayFirst
      2008-03-29 11:51:19 0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
      2008-03-28 12:08:49 0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\HipSoft
      2008-03-26 17:51:49 0 d-------- E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\Zylom
      2008-03-23 16:29:20 0 d-------- E:\Program Files\Common Files\Gamalgam
      2008-03-21 17:38:54 0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\FireGlow
      2008-03-19 18:02:54 0 d-------- E:\Documents and Settings\Jelle.THUIS-4DZIAYT4I\Application Data\DivX
      2008-03-19 18:02:51 0 d-------- E:\Documents and Settings\Jelle.THUIS-4DZIAYT4I\Application Data\Media Player Classic
      2008-03-18 19:45:45 0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\PlayPond
      2008-03-17 10:44:42 0 d-------- E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\Wildfire
      2008-03-10 17:12:25 0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\DivoGames


      -- Find3M Report ---------------------------------------------------------------

      2008-03-14 13:30:14 43520 --a------ E:\WINDOWS\system32\CmdLineExt03.dll
      2008-03-03 14:35:54 668 --a------ E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\vso_ts_preview.xml
      2008-03-02 18:39:56 34 --a------ E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\pcouffin.log
      2008-03-02 18:39:48 47360 --a------ E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
      2008-03-02 18:39:48 1144 --a------ E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\pcouffin.inf
      2008-03-02 18:39:48 7887 --a------ E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\pcouffin.cat
      2008-03-02 18:39:40 0 d-------- E:\Program Files\VSO
      2008-03-01 16:41:52 73216 --a------ E:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
      2008-02-27 08:36:12 0 d-------- E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\Media Player Classic
      2008-02-27 08:32:06 0 d-------- E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\Real
      2008-02-26 15:50:50 547936 --a------ E:\WINDOWS\system32\perfh013.dat
      2008-02-26 15:50:50 111702 --a------ E:\WINDOWS\system32\perfc013.dat
      2008-02-24 19:53:18 0 d-------- E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\Vso
      2008-02-23 12:38:18 0 d-------- E:\Program Files\Microsoft SQL Server Compact Edition
      2008-02-23 12:22:16 0 d--hs---- E:\Program Files\Common Files\WindowsLiveInstaller
      2008-02-23 12:22:06 0 d-------- E:\Program Files\Windows Live
      2008-02-15 16:28:50 3463 --a------ E:\WINDOWS\unins000.dat
      2008-02-15 16:26:50 691545 --a------ E:\WINDOWS\unins000.exe
      2008-02-12 17:28:30 0 d-------- E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\Ahead
      2008-02-07 15:54:58 0 d-------- E:\Documents and Settings\Lucie.THUIS-4DZIAYT4I\Application Data\AVG7
      2008-02-01 15:15:02 4608 --a------ E:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
      2008-02-01 15:15:02 2272 --a------ E:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
      2008-01-10 13:16:20 159839 --a------ E:\WINDOWS\system32\xvidvfw.dll
      2008-01-10 13:15:30 755027 --a------ E:\WINDOWS\system32\xvidcore.dll


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsmqIntCert"="regsvr32 /s mqrt.dll"
      "NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [05-12-2007 01:41]
      "nwiz"="nwiz.exe" [05-12-2007 01:41 E:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [05-12-2007 01:41]
      "AVG7_CC"="F:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-02-2008 15:54]
      "PCSuiteTrayApplication"=" -startup"
      "Share-to-Web Namespace Daemon"="E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [03-07-2001 09:11]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [04-08-2004 09:03]
      "NCLaunch"="E:\WINDOWS\NCLAUNCH.EXe" [23-08-2006 20:22]
      "SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 11:43]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
      "swg"=E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "NoVisualStyleChoice"=0 (0x0)
      "NoColorChoice"=0 (0x0)
      "NoSizeChoice"=0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoRemoteRecursiveEvents"=1 (0x1)
      "LinkResolveIgnoreLinkInfo"=0 (0x0)
      "NoResolveSearch"=1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"=1 (0x1)
      "NoSaveSettings"=0 (0x0)
      "NoSMConfigurePrograms"=1 (0x1)
      "NoRecentDocsMenu"=1 (0x1)
      "NoLowDiskSpaceChecks"=1 (0x1)
      "NoChangeKeyboardNavigationIndicators"=0 (0x0)
      "NoSharedDocuments"=1 (0x1)
      "LinkResolveIgnoreLinkInfo"=0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "appinit_dlls"=MsgPlusLoader.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
      @="Volume shadow copy"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc




      -- Hosts -----------------------------------------------------------------------

      127.0.0.1 www.007guard.com
      127.0.0.1 007guard.com
      127.0.0.1 www.032439.com
      127.0.0.1 032439.com
      127.0.0.1 www.1001-search.info
      127.0.0.1 1001-search.info
      127.0.0.1 www.100888290cs.com
      127.0.0.1 100888290cs.com
      127.0.0.1 www.100sexlinks.com
      127.0.0.1 100sexlinks.com

      7893 more entries in hosts file.


      -- End of Deckard's System Scanner: finished at 2008-04-06 12:03:31 ------------

      Comment


      • #4
        Start Hijackthis op en kies voor 'Do a system scan only'
        Selecteer alleen de items die hieronder zijn genoemd:

        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
        O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
        O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] -startup

        Sluit alle vensters behalve Hijackthis
        Klik op 'Fix checked' om de items te verwijderen.

        Herstart de computer en meld of het probleem nu is opgelost.

        Comment


        • #5
          system 32 opent bij opstarten

          Het advies opgevolgd en alles uitgevoerd, maar helaas, het probleem is nog niet weg. Zou het uitmaken dat er nog 3 andere bureaubladen zijn?

          Comment


          • #6
            Wat bedoel je met "3 andere bureaubladen"?

            Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

            Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
            Is er iets niet duidelijk, dan vraag je het.
            Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
            Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

            Comment


            • #7
              system 32 opent bij opstarten

              Hallo, ik lees in de tutorial voor het gebruik van Combofix dat ik de XP-cd nodig heb. Die heb ik wel, maar misschien moet ik erbij vermelden dat ik twee besturingssystemen op de pc heb: Windows XP pro met servicepack 2 en op mijn oorspronkelijke c-schijf win98se (vanwege oudere spellen voor mijn zoontje) Win98 staat dus op een andere partitie. Op de bijgezette extra harde schijf is XP gezet. (niet door mij want ik weet er te weinig van) Ik weet niet of deze info er iets toe doet. Ook heb ik bedacht dat het probleem is opgetreden nadat ik voor de Nokia van mijn andere zoon software heb geïnstalleerd, zodat hij kon updaten. De map waar alles naartoe is geïnstalleerd heb ik daarna naar een andere partitie verhuisd, omdat Nokia 'm automatisch op de e-schijf had gezet, en die wilde ik zo leeg mogelijk houden omdat daar de XP-besturing op staat.
              Kan ik toch de instructies opvolgen uit het vorige antwoord? Gaat er dan niks fout als ik die cd inplug?

              Comment


              • #8
                Even goed lezen in de instruktie:

                Indien je echter Windows XP gebruikt en niet in het bezit bent van een Windows CD, dan voorziet ComboFix in een manier om de Windows Recovery console te installeren na het downloaden van een bestand van Microsoft.

                Dat het probleem is onstaan na het verplaatsen van de Nokia software wijst mij ook naar de regel die ik gevraagd heb te fixen:

                O4 - HKLM\..\Run: [PCSuiteTrayApplication] -startup

                Windows heeft een probleem als er een ongeldige regel staat bij de opstart items. Hierbij wordt de verkenner (explorer) gestart met de System32 map.
                Dit wordt dus zeker niet veroorzaakt door een virus.

                Heb je nog geprobeerd om de verplaatste software naar E: terug te zetten? (E: is waar Windows XP op staat)

                Is bovengenoemde regel nu verwijderd en heb je de computer al herstart?

                Comment


                • #9
                  system 32 opent bij opstarten, nu niet meer

                  Hallo, hier ben ik weer met goed nieuws, het probleem is verholpen! Ik heb de map van Nokia teruggezet naar de E-schijf en nogmaals Hijackthis gedraaid. Van de oorspronkelijk aan te vinken items stonden de middelste vier er opnieuw in , dus niet de regel met "PCSuite". Daarna weer pc afgesloten en opgestart en alles is weer in orde! Hartstikke bedankt voor alle hulp!
                  Groetjes, Rosje

                  Comment


                  • #10
                    p.s.

                    Hier wil ik nog aan toevoegen: Spybot gaf daarna melding van een wijziging, en dat ging over die PC Suite. Dat heb ik toegestaan. (dat vond ik wel even wennen, die nieuwe versie van Spybot...)
                    Nogmaals bedankt!

                    Comment


                    • #11
                      Dan zat ik toch op de goede weg.

                      Bij Spybot moet je altijd goed afvragen of de wijziging moet worden toegestaan of niet. Vind ik zelf ook niet altijd duidelijk.

                      Maar goed dat het probleem weer is opgelost.
                      dit onderwerp is nu op "opgelost".

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X