Mededeling

Collapse
No announcement yet.

diverse problemen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • diverse problemen

    Allen, ik hoop dat jullie mij kunnen helpen want ik heb al gedurende enkele maanden problemen.
    Alvast bedankt voor alle mogelijke hulp.

    mvg,

    Tim

    Hier mijn hijacklog:
    Logfile of HijackThis v1.99.1
    Scan saved at 21:37:52, on 8/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\DTV\RemoteControl.exe
    C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\DNA\btdna.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
    C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
    C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
    C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
    C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
    C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
    C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe
    C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
    C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
    C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsus.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\bfu\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\DTV\RemoteControl.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\TIM&IL~1\LOCALS~1\Temp\services.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\telenet internet security pack\fsps\program\fslsp.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

  • #2
    Hallo,

    Wil je onderstaande uitvoeren aub


    * Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

    Extra Nota:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
    Start sowieso opnieuw op en plaats ook een nieuw HJT logje

    succes

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Beste,

      Bedankt voor de reactie. ik heb wel nog niets aan het probleem kunnen doen omwille van drukte. Ik zal hier zondag werk van maken en zien of het probleem opgelost gerraakt

      Comment


      • #4
        Doe maar rustig aan.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Dus ik heb het programmatje laten lopen, het vond 20 geinfecteerde bestanden.
          Hier een nieuwe HJT log:

          Logfile of HijackThis v1.99.1
          Scan saved at 13:43:08, on 20/04/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          C:\Program Files\Launch Manager\QtZgAcer.EXE
          C:\acer\epm\epm-dm.exe
          C:\Program Files\Arcade\PCMService.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\Program Files\DTV\RemoteControl.exe
          C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\Winamp\winampa.exe
          C:\Program Files\DNA\btdna.exe
          C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
          C:\Program Files\Trillian\trillian.exe
          C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
          C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
          C:\Acer\eManager\anbmServ.exe
          C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
          C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
          C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
          C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
          C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
          C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
          C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe
          C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
          C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
          C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsus.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
          C:\bfu\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
          O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
          O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
          O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
          O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
          O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
          O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\DTV\RemoteControl.exe"
          O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
          O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
          O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\TIM&IL~1\LOCALS~1\Temp\services.exe
          O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
          O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
          O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
          O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: BTTray.lnk = ?
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
          O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
          O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
          O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
          O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
          O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
          O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
          O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
          O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
          O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe
          O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
          O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

          Comment


          • #6
            download eerst even de juiste versie van hjt.


            * Download Trend Micro Hijack This™
            Dubbelklik HJTInstall.exe om HijackThis te installeren.
            Standaard zal HijackThis in de Program Files\Trendmicro map geïnstalleerd worden en een snelkoppeling zal op je bureaublad komen te staan.
            HijackThis zal openen na het installeren.
            Klik de Scan knop onderaan.
            Dit zal de scan starten en een log openen.
            Kopieer en plak deze log in je volgende post.


            Doe deze tool even aub.

            Download SDFix en klik op "uitvoeren".
            Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

            Herstart de pc in de veilige modus.
            Safe mode for Windows XP
            Herstart de computer
            Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
            Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
            Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter

            Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
            Typ Y en klik enter om het schoonmaakproces te starten.
            Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
            De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
            De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te be?indigen en je bureaubladiconen weer te laden.
            Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
            Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log

            Plaats ook de uitslag van mbam nog even aub

            succes

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              uistlag mbam:

              Malwarebytes' Anti-Malware 1.11
              Database versie: 660

              Scan type: Snelle Scan
              Objecten gescand: 31366
              Verstreken tijd: 7 minute(s), 19 second(s)

              Geheugenprocessen geïnfecteerd: 0
              Geheugenmodulen geïnfecteerd: 0
              Registersleutels geïnfecteerd: 7
              Registerwaarden geïnfecteerd: 8
              Registerdata bestanden geïnfecteerd: 0
              Mappen geïnfecteerd: 2
              Bestanden geïnfecteerd: 3

              Geheugenprocessen geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Geheugenmodulen geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Registersleutels geïnfecteerd:
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
              HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
              HKEY_CLASSES_ROOT\CLSID\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
              HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
              HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

              Registerwaarden geïnfecteerd:
              HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
              HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
              HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
              HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
              HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

              Registerdata bestanden geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Mappen geïnfecteerd:
              C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
              C:\WINDOWS\system32\215651 (Trojan.BHO) -> Quarantined and deleted successfully.

              Bestanden geïnfecteerd:
              C:\WINDOWS\system32\packet.dll (Spyware.Agent) -> Quarantined and deleted successfully.
              C:\WINDOWS\system32\wpcap.dll (Spyware.Agent) -> Quarantined and deleted successfully.
              C:\Documents and Settings\Tim & Ilse\Favorieten\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

              Comment


              • #8
                Nieuwe HJT log...

                SDfix nog te gaan

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 17:23:32, on 20/04/2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                C:\Program Files\Launch Manager\QtZgAcer.EXE
                C:\acer\epm\epm-dm.exe
                C:\Program Files\Arcade\PCMService.exe
                C:\Program Files\QuickTime\qttask.exe
                C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                C:\Program Files\DTV\RemoteControl.exe
                C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
                C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                C:\Program Files\Winamp\winampa.exe
                C:\Program Files\DNA\btdna.exe
                C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
                C:\Program Files\Trillian\trillian.exe
                C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
                C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
                C:\Acer\eManager\anbmServ.exe
                C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
                C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
                C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE
                C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
                C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
                C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
                C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
                C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe
                C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
                C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
                C:\WINDOWS\system32\wscntfy.exe
                C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsus.exe
                C:\Program Files\Mozilla Firefox\firefox.exe
                C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
                C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
                C:\WINDOWS\system32\NOTEPAD.EXE
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
                O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
                O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
                O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
                O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
                O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\DTV\RemoteControl.exe"
                O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
                O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
                O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\TIM&IL~1\LOCALS~1\Temp\services.exe
                O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
                O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
                O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                O4 - Global Startup: BTTray.lnk = ?
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
                O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
                O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
                O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
                O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
                O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
                O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
                O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
                O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
                O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe
                O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
                O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

                --
                End of file - 8300 bytes

                Comment


                • #9
                  SDfix werkt niet goed. als ik het start krijg ik even een dos window en even later reageerd de pc niet meer.

                  Comment


                  • #10
                    Doe deze maar even die zal wel beter gaan.


                    Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

                    Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
                    Is er iets niet duidelijk, dan vraag je het.
                    Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
                    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      Hier het logje van combofix:

                      ComboFix 08-04-20.5 - Tim & Ilse 2008-04-21 18:15:17.1 - NTFSx86
                      Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.625 [GMT 2:00]
                      Gestart vanuit: C:\Documents and Settings\Tim & Ilse\Bureaublad\ComboFix.exe
                      Command switches used :: C:\Documents and Settings\Tim & Ilse\Bureaublad\WinXP_NL_PRO_BF.exe
                      * Nieuw herstelpunt werd aangemaakt
                      * Resident AV is active

                      .

                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      C:\WINDOWS\system32\drivers\npf.sys
                      C:\WINDOWS\system32\pthreadVC.dll

                      .
                      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      -------\Service_NPF


                      (((((((((((((((((((( Bestanden Gemaakt van 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))
                      .

                      2008-04-20 17:42 . 2008-04-20 17:42 <DIR> d-------- C:\WINDOWS\ERUNT
                      2008-04-20 17:28 . 2008-04-20 18:04 <DIR> d-------- C:\SDFix
                      2008-04-20 17:23 . 2008-04-20 17:23 <DIR> d-------- C:\Program Files\Trend Micro
                      2008-04-20 13:27 . 2008-04-20 13:27 <DIR> d-------- C:\Documents and Settings\Tim & Ilse\Application Data\Malwarebytes
                      2008-04-20 13:26 . 2008-04-20 13:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
                      2008-04-20 13:26 . 2008-04-20 13:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                      2008-04-16 20:57 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
                      2008-04-16 20:57 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
                      2008-04-16 20:36 . 2008-04-16 20:36 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
                      2008-04-08 21:19 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
                      2008-04-08 21:19 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
                      2008-04-08 21:19 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
                      2008-04-08 21:19 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
                      2008-04-08 21:19 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
                      2008-04-08 21:19 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
                      2008-04-08 21:19 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
                      2008-04-08 21:19 . 2008-04-08 21:23 2,518 --a------ C:\WINDOWS\system32\tmp.reg
                      2008-04-08 21:18 . 2008-04-08 21:18 <DIR> d-------- C:\bintheredunthat
                      2008-04-08 21:07 . 2008-04-20 13:42 <DIR> d-------- C:\bfu
                      2008-04-08 20:00 . 2008-04-08 20:00 148 --a------ C:\342423.bat
                      2008-04-08 19:11 . 2008-04-08 19:11 <DIR> d--h----- C:\WINDOWS\PIF
                      2008-04-04 18:58 . 2008-04-04 18:58 244 --ah----- C:\sqmnoopt04.sqm
                      2008-04-04 18:58 . 2008-04-04 18:58 232 --ah----- C:\sqmdata04.sqm

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-04-21 16:20 --------- d-----w C:\Documents and Settings\Tim & Ilse\Application Data\OpenOffice.org2
                      2008-04-21 16:18 --------- d-----w C:\Documents and Settings\Tim & Ilse\Application Data\DNA
                      2008-04-21 15:55 --------- d-----w C:\Program Files\Mozilla Thunderbird
                      2008-04-20 16:44 --------- d-----w C:\Documents and Settings\Tim & Ilse\Application Data\BitTorrent
                      2008-04-16 18:56 --------- d-----w C:\Program Files\Common Files\Adobe
                      2008-04-11 09:43 --------- d-----w C:\Program Files\Trillian
                      2008-03-21 12:44 --------- d-----w C:\Program Files\Launch Manager
                      2008-03-18 17:47 --------- d-----w C:\Program Files\DNA
                      2008-03-18 17:47 --------- d-----w C:\Program Files\BitTorrent
                      2008-03-18 13:45 --------- d-----w C:\Program Files\Telenet Internet Security Pack
                      2008-03-17 16:02 --------- d-----w C:\Documents and Settings\Tim & Ilse\Application Data\Winamp
                      2008-03-17 15:58 --------- d-----w C:\Program Files\Winamp Remote
                      2008-03-17 13:56 51,072 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
                      2008-03-17 13:56 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
                      .

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 08:43 288576]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 08:44 98394]
                      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 08:43 688218]
                      "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 06:20 319488]
                      "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 19:04 188416]
                      "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 10:13 2880512]
                      "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 19:59 49152]
                      "NWEReboot"=""
                      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
                      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-20 18:46 155648]
                      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 22:05 339968]
                      "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
                      "DTVRemote"="C:\Program Files\DTV\RemoteControl.exe" [2006-02-06 16:44 53248]
                      "F-Secure Manager"="C:\Program Files\Telenet Internet Security Pack\Common\FSM32.exe" [2007-04-26 19:12 183208]
                      "F-Secure TNB"="C:\Program Files\Telenet Internet Security Pack\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
                      "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]

                      C:\Documents and Settings\Tim & Ilse\Menu Start\Programma's\Opstarten\
                      OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
                      Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2007-12-11 01:00:00 1873280]

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                      "EnableFirewall"= 0 (0x0)

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"=
                      "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
                      "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
                      "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
                      "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
                      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
                      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
                      "C:\\Program Files\\DNA\\btdna.exe"=
                      "C:\\Program Files\\BitTorrent\\bittorrent.exe"=

                      R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-17 15:56]
                      R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Telenet Internet Security Pack\HIPS\fshs.sys [2008-02-13 13:07]
                      R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 14:10]
                      R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 17:54]
                      R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Telenet Internet Security Pack\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
                      S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
                      S3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys [2005-08-26 19:06]
                      S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 13:02]
                      S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Telenet Internet Security Pack\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
                      S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Telenet Internet Security Pack\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]

                      .
                      **************************************************************************

                      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-04-21 18:19:47
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      ------------------------ Other Running Processes ------------------------
                      .
                      C:\WINDOWS\system32\ati2evxx.exe
                      C:\WINDOWS\system32\ati2evxx.exe
                      C:\PROGRA~1\TELENE~1\Common\FSM32.EXE
                      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
                      C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
                      C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
                      C:\Acer\eManager\anbmServ.exe
                      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                      C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
                      C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
                      C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32.exe
                      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                      C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
                      C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
                      C:\WINDOWS\system32\wdfmgr.exe
                      C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
                      C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
                      C:\PROGRA~1\TELENE~1\FSGUI\fsguidll.exe
                      C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe
                      C:\Program Files\Telenet Internet Security Pack\FWES\program\fsdfwd.exe
                      C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
                      C:\WINDOWS\system32\wscntfy.exe
                      C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsus.exe
                      C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
                      C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
                      .
                      **************************************************************************
                      .
                      Voltooingstijd: 2008-04-21 18:25:40 - machine was rebooted
                      ComboFix-quarantined-files.txt 2008-04-21 16:24:50

                      Pre-Run: 15,745,679,360 bytes beschikbaar
                      Post-Run: 15,770,324,992 bytes beschikbaar

                      WinXP_NL_PRO_BF.exe
                      [boot loader]
                      timeout=2
                      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
                      [operating systems]
                      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
                      C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

                      162

                      Comment


                      • #12
                        Mag ik ook een nieuw gemaakt HJT logje aub.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          HJT log:

                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 17:27:27, on 22/04/2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                          Boot mode: Normal

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                          C:\Program Files\Launch Manager\QtZgAcer.EXE
                          C:\acer\epm\epm-dm.exe
                          C:\Program Files\Arcade\PCMService.exe
                          C:\Program Files\QuickTime\qttask.exe
                          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                          C:\Program Files\DTV\RemoteControl.exe
                          C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
                          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                          C:\Program Files\Winamp\winampa.exe
                          C:\Program Files\DNA\btdna.exe
                          C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
                          C:\Program Files\Trillian\trillian.exe
                          C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
                          C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
                          C:\Acer\eManager\anbmServ.exe
                          C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                          C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
                          C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE
                          C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
                          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                          C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
                          C:\WINDOWS\system32\svchost.exe
                          C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
                          C:\WINDOWS\system32\wscntfy.exe
                          C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
                          C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
                          C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
                          C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe
                          C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
                          C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
                          C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsus.exe
                          C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
                          C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
                          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
                          O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                          O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                          O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
                          O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
                          O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
                          O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
                          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                          O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
                          O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\DTV\RemoteControl.exe"
                          O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
                          O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                          O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
                          O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                          O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
                          O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
                          O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                          O4 - Global Startup: BTTray.lnk = ?
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                          O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
                          O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
                          O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
                          O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
                          O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
                          O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                          O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
                          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                          O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
                          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                          O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                          O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
                          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                          O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe
                          O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
                          O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                          O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

                          --
                          End of file - 8385 bytes

                          Comment


                          • #14
                            Als je nu nog steeds problemen hebt wil je dan deze tool runnen aub.

                            Download VundoFix.exe en plaats dat op je bureaublad.
                            • Dubbelklik Vundofix.exe om het te starten.
                            • Klik op scan for Vundo
                            • Als het programma klaar is met scannen dan klik je op remove Vundo
                              Als er een melding komt "want to remove the files", klik dan
                              Yes
                            • Zodra je dat hebt gedaan wordt je bureaublad blank omdat de tool Vundo gaat verwijderen.
                            • Daarna, wordt je geadviseerd je computer af te sluiten
                            • Klik OK
                            • Zet de computer weer aan.
                            • Post de inhoud van C:\vundofix.txt samen met een nieuw HJT log in je volgende post.


                            Note: Het is mogelijk dat vundofix een bestand gevonden heeft dat niet kon verwijderd worden.
                            In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op Scan for Vundo."

                            Windows 10 opstarten in Veilige Modus

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X