Mededeling

Collapse
No announcement yet.

Mijn computer doet raar

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Mijn computer doet raar

    Ik heb geloof ik iets verkeerd gedaan wat weet ik niet.
    Mijn bureau blad is blauw geworden en er staat op:
    warning: spyware treat has been detected on pc.
    Your computer has several fatal errors due to spyware activity.
    strongly recommended to install an antispyware software to clos all security vulnerabilities.

    Click here to scan your pc for spyware...
    Als ik op de link druk kom ik bij:
    http://windows-privacy-protection.com/?aid=444.471.
    Ik kom dan op een site waar ik:
    Spymaxx en antispystorm2008, kan kiezen.
    Als ik dat doe geen Nod32 een tread met access denied.

    Ik kan ook niet meer in mijn taakbeheer:
    geeft: Taakbeheer is uitgeschakeld door de systeem beheerder.
    Ik heb adware, Spybot - Search & Destroy, spyhunter 3 en drweb-cureit.exe al gedraaid.
    Ik krijg veel spyware en trojans. Als ik deze verwijder dan zijn ze bij opstarten weer terug.
    Kan iemand mij helpen, ik wordt gek.
    Hier ook een logje.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:58:04, on 27-5-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\winself.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
    O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
    O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
    O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - (no file)
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [gi1820265319] "C:\DOCUME~1\MARTIJ~1\LOCALS~1\Temp\gi15VRE1.exe" /resume:"C:\DOCUME~1\MARTIJ~1\LOCALS~1\Temp\3015VPDD" /exename:"C:\Documents and Settings\Martijn en Nurten\Bureaublad\limewire klaar\HaroDeyv_SpyHunter_Security_Suite_3.4.9.nzb\HaroDeyv_SpyHunter_Security_Suite_3.4.9\spyhunterS .exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O15 - Trusted Zone: http://www.startpagina.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189413775640
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189413764421
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 11371 bytes

  • #2
    Momentje ik ga even kijken.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Download OTMoveIt2.exe en plaats het op je bureaublad:
      • Start OTMoveIt2 door dubbel te klikken op OTMoveIt2.exe
      • Kopieer (selecteren en druk Ctrl-C) de onderstaande, vetgedrukte tekst:

        C:\WINDOWS\winself.exe


      • Plak de gekopieerde tekst (druk Ctrl-V) in het "Paste List of Files/Folders to be moved" venster.
      • Klik daarna op de rode knop MoveIt onderaan.
      • Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in de volgende map: C:\_OTMoveIt\MovedFiles.
      • Post de inhoud daarvan in je volgende bericht.




      Start Hijackthis op en kies voor 'Do a system scan only'
      Selecteer alleen de items die hieronder zijn genoemd:

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
      O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
      O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
      O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
      O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
      O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - (no file)
      O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe

      Sluit alle vensters behalve Hijackthis
      Klik op 'Fix checked' om de items te verwijderen.



      Download Malwarebytes' Anti-Malware via hier of hier.

      Dubbelklik mbam-setup.exe om het programma te installeren.
      • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
      • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
      • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
      • Het scannen kan een tijdje duren, dus wees geduldig.
      • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
      • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
      • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
      • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
      • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

      Extra opmerking:
      Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
      Herstart de computer en plaats ook een nieuw HJT logje

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        re

        File/Folder C:\WINDOWS\winself.exe not found.

        OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05312008_153506

        Malwarebytes' Anti-Malware 1.14
        Database versie: 807

        15:53:17 31-5-2008
        mbam-log-5-31-2008 (15-53-17).txt

        Scan type: Snelle Scan
        Objecten gescand: 36710
        Verstreken tijd: 7 minute(s), 46 second(s)

        Geheugenprocessen geïnfecteerd: 0
        Geheugenmodulen geïnfecteerd: 0
        Registersleutels geïnfecteerd: 2
        Registerwaarden geïnfecteerd: 0
        Registerdata bestanden geïnfecteerd: 0
        Mappen geïnfecteerd: 2
        Bestanden geïnfecteerd: 3

        Geheugenprocessen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Geheugenmodulen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Registersleutels geïnfecteerd:
        HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

        Registerwaarden geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Registerdata bestanden geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Mappen geïnfecteerd:
        C:\Documents and Settings\Martijn en Nurten\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Martijn en Nurten\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

        Bestanden geïnfecteerd:
        C:\Documents and Settings\Martijn en Nurten\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Martijn en Nurten\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
        C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 15:55:27, on 31-5-2008
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.17184)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\CTsvcCDA.exe
        C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\IoctlSvc.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\MsPMSPSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\SpywareGuard\sgmain.exe
        C:\Program Files\SpywareGuard\sgbhp.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
        O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
        O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
        O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
        O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
        O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
        O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
        O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
        O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
        O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
        O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
        O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
        O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
        O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
        O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
        O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
        O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
        O15 - Trusted Zone: http://www.startpagina.nl
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
        O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189413775640
        O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - http://www.acclaim.com/cabs/acclaim_v4.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189413764421
        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
        O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
        O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
        O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
        O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
        O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
        O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
        O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
        O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

        --
        End of file - 10696 bytes

        Alles gedaan.

        Comment


        • #5
          Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

          Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
          Is er iets niet duidelijk, dan vraag je het.
          Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
          Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.


          succes

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            re (combofix)

            ComboFix 08-05-29.1 - Martijn en Nurten 2008-06-01 16:10:48.1 - NTFSx86
            Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1611 [GMT 2:00]
            Gestart vanuit: C:\Documents and Settings\Martijn en Nurten\Bureaublad\ComboFix.exe
            * Nieuw herstelpunt werd aangemaakt
            * Resident AV is active


            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\Documents and Settings\Martijn en Nurten\Application Data\inst.exe
            C:\kmd.exe
            C:\WINDOWS\Downloaded Program Files\setup.inf
            C:\WINDOWS\mainms.vpi
            C:\WINDOWS\megavid.cdt
            C:\WINDOWS\muotr.so
            C:\WINDOWS\system32\bvbtybav.ini
            C:\WINDOWS\system32\cnwnmdnf.ini
            C:\WINDOWS\system32\MSINET.oca
            C:\WINDOWS\system32\rqtss.ini

            .
            ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            -------\Legacy_MSSECURITY1.209.4


            (((((((((((((((((((( Bestanden Gemaakt van 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))
            .

            2008-05-31 15:40 . 2008-05-31 15:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
            2008-05-31 15:40 . 2008-05-31 15:40 <DIR> d-------- C:\Documents and Settings\Martijn en Nurten\Application Data\Malwarebytes
            2008-05-31 15:40 . 2008-05-31 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
            2008-05-31 15:40 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
            2008-05-31 15:40 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
            2008-05-31 15:35 . 2008-05-31 15:35 <DIR> d-------- C:\_OTMoveIt
            2008-05-28 12:20 . 2008-05-28 12:20 <DIR> d-------- C:\Documents and Settings\Martijn en Nurten\Application Data\PC Tools
            2008-05-28 12:20 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
            2008-05-28 12:20 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
            2008-05-28 12:20 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
            2008-05-28 12:20 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
            2008-05-28 10:17 . 2008-05-28 10:17 123 --a------ C:\WINDOWS\rootkitno.ini
            2008-05-27 22:39 . 2008-05-27 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
            2008-05-27 22:37 . 2008-05-27 22:40 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
            2008-05-27 20:37 . 2008-05-27 20:38 16 --a------ C:\WINDOWS\system32\coh.cache
            2008-05-27 20:32 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\patchw32.dll
            2008-05-27 20:30 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\pw32a.dll
            2008-05-27 20:26 . 2008-05-27 20:26 <DIR> d-------- C:\Documents and Settings\Martijn en Nurten\Application Data\Symantec
            2008-05-27 19:53 . 2006-11-03 19:33 636,568 -r------- C:\WINDOWS\system32\NSRSte.dll
            2008-05-27 19:51 . 2008-05-27 22:05 <DIR> d-------- C:\Program Files\Norton AntiVirus
            2008-05-27 19:45 . 2008-05-27 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
            2008-05-27 19:44 . 2008-05-27 22:12 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
            2008-05-27 16:48 . 2008-05-27 16:48 <DIR> d-------- C:\Program Files\Enigma Software Group
            2008-05-27 14:50 . 2008-05-27 14:50 <DIR> d-------- C:\Program Files\Lavasoft
            2008-05-27 14:46 . 2008-05-27 14:46 16,128 --a------ C:\WINDOWS\cpan.dll
            2008-05-27 14:26 . 2008-05-27 14:26 <DIR> d-------- C:\Program Files\Trend Micro
            2008-05-27 13:59 . 2008-05-27 13:59 10,752 --a------ C:\WINDOWS\astctl32.ocx
            2008-05-27 13:16 . 2008-05-27 13:16 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
            2008-05-27 13:16 . 2008-05-27 13:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\IEPro
            2008-05-27 13:16 . 2008-05-27 13:16 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
            2008-05-23 21:28 . 2008-05-23 21:28 <DIR> d-------- C:\Program Files\Reality Pump
            2008-05-20 12:01 . 2008-05-29 11:27 <DIR> dr-h----- C:\Documents and Settings\Martijn en Nurten\Onlangs geopend
            2008-05-16 18:44 . 2008-05-16 18:44 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
            2008-05-16 18:32 . 2008-05-16 18:32 <DIR> d-------- C:\WINDOWS\ServicePackFiles
            2008-05-16 18:28 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003124_.tmp
            2008-05-16 18:25 . 2008-05-16 18:25 <DIR> d-------- C:\WINDOWS\EHome
            2008-05-13 18:13 . 2007-08-30 20:03 46,456 --a------ C:\WINDOWS\system32\exitwx.exe
            2008-05-13 17:07 . 2008-05-13 17:07 <DIR> d-------- C:\WINDOWS\LocalSSL
            2008-05-10 17:29 . 2008-05-10 17:29 <DIR> d-------- C:\Program Files\TeamViewer3
            2008-05-10 17:29 . 2008-05-10 17:29 <DIR> d-------- C:\Documents and Settings\Martijn en Nurten\Application Data\TeamViewer
            2008-05-10 17:28 . 2008-05-10 17:28 <DIR> d-------- C:\Documents and Settings\Martijn en Nurten\temp
            2008-05-10 15:15 . 2008-05-10 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
            2008-05-09 16:55 . 2008-05-09 16:55 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
            2008-05-09 16:54 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
            2008-05-09 15:04 . 2008-05-09 15:04 <DIR> d-------- C:\Program Files\Axis Communications

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-05-31 14:00 --------- d-----w C:\Program Files\SpywareGuard
            2008-05-29 18:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
            2008-05-29 15:53 --------- d-----w C:\Program Files\Spyware Doctor
            2008-05-28 09:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2008-05-27 13:43 --------- d-----w C:\Program Files\Quick StartUp
            2008-05-27 12:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
            2008-05-27 12:47 --------- d-----w C:\Program Files\RogueRemover FREE
            2008-05-27 12:13 --------- d-----w C:\Documents and Settings\Martijn en Nurten\Application Data\uTorrent
            2008-05-27 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2008-05-23 11:23 --------- d-----w C:\Program Files\IEPro
            2008-05-22 17:08 --------- d-----w C:\Documents and Settings\Martijn en Nurten\Application Data\Vso
            2008-05-14 13:59 --------- d-----w C:\Program Files\LimeWire
            2008-05-14 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
            2008-05-14 06:51 --------- d-----w C:\Program Files\TuneUp Utilities 2008
            2008-05-13 16:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
            2008-05-06 05:10 --------- d-----w C:\Program Files\Google
            2008-04-30 17:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
            2008-04-30 17:19 22,328 ----a-w C:\Documents and Settings\Martijn en Nurten\Application Data\PnkBstrK.sys
            2008-04-30 16:51 --------- d-----w C:\Program Files\Electronic Arts
            2008-04-27 14:05 --------- d-----w C:\Program Files\DivX
            2008-04-22 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
            2008-04-22 09:40 --------- d-----w C:\Program Files\Ubisoft
            2008-04-21 20:12 --------- d-----w C:\Documents and Settings\Martijn en Nurten\Application Data\InstallShield
            2008-04-19 18:03 --------- d-----w C:\Program Files\AliveMedia
            2008-04-19 16:31 --------- d-----w C:\Program Files\FLV Player
            2008-04-19 16:31 --------- d-----w C:\Program Files\Common Files\SWF Studio
            2008-04-19 15:59 --------- d-----w C:\Program Files\WMR11
            2008-04-14 20:33 70,144 ----a-w C:\WINDOWS\notepad.exe
            2008-04-14 20:33 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
            2008-04-14 20:33 32,866 ------w C:\WINDOWS\slrundll.exe
            2008-04-14 20:33 287,232 ----a-w C:\WINDOWS\winhlp32.exe
            2008-04-14 20:33 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
            2008-04-14 20:33 153,088 ----a-w C:\WINDOWS\regedit.exe
            2008-04-14 20:33 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
            2008-04-14 20:33 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
            2008-04-14 20:33 10,752 ----a-w C:\WINDOWS\hh.exe
            2008-04-14 20:33 1,037,312 ----a-w C:\WINDOWS\explorer.exe
            2008-04-14 20:13 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
            2008-04-14 20:13 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
            2008-04-14 20:13 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
            2008-04-14 20:13 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
            2008-04-14 20:13 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
            2008-04-14 20:10 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
            2008-04-14 20:10 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
            2008-04-14 20:09 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
            2008-04-14 20:09 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
            2008-04-14 20:08 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
            2008-04-14 20:08 37,760 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
            2008-04-14 20:07 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
            2008-04-14 20:07 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
            2008-04-14 20:06 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys
            2008-04-14 20:05 53,504 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
            2008-04-14 20:04 58,112 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
            2008-04-14 20:04 273,536 ------w C:\WINDOWS\system32\drivers\bthport.sys
            2008-04-14 20:04 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
            2008-04-14 20:03 53,504 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
            2008-04-14 20:02 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
            2008-04-14 20:02 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
            2008-04-14 20:02 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
            2008-04-14 20:02 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
            2008-04-14 20:02 327,168 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
            2008-04-14 20:01 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
            2008-04-14 20:00 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
            2008-04-14 20:00 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
            2008-04-14 20:00 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
            2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
            2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
            2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
            2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
            2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
            2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
            2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
            2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
            2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
            2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
            2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
            2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
            2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
            2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
            2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
            2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
            2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
            2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
            2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
            2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
            2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
            2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
            2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
            2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
            2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
            2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
            2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
            2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
            2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
            2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
            2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
            2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
            2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
            2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
            2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:32 15360]
            "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 22:33 1695232]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-29 22:54 1443072]
            "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

            C:\Documents and Settings\Martijn en Nurten\Menu Start\Programma's\Opstarten\
            SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
            "MSVideo1"= CSvidcap.dll
            "msacm.avis"= ff_acm.acm
            "msacm.l3fhg"= mp3fhg.acm
            "msacm.divxa32"= divxa32.acm
            "VIDC.X264"= x264vfw.dll
            "VIDC.HFYU"= huffyuv.dll
            "VIDC.YMPG"= ympgcdc.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
            "iPod Service"=3 (0x3)

            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
            "DisableMonitoring"=dword:00000001

            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
            "DisableMonitoring"=dword:00000001

            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
            "DisableMonitoring"=dword:00000001

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
            "%windir%\\system32\\sessmgr.exe"=
            "C:\\Program Files\\IEPro\\MiniDM.exe"=
            "D:\\assassins creed\\AssassinsCreed_Dx9.exe"=
            "D:\\assassins creed\\AssassinsCreed_Dx10.exe"=
            "D:\\assassins creed\\AssassinsCreed_Launcher.exe"=
            "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
            "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
            "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
            "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
            "C:\\Program Files\\uTorrent\\uTorrent.exe"=
            "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
            "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
            "C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
            "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
            "C:\\Program Files\\LimeWire\\LimeWire.exe"=
            "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
            "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
            "C:\\WINDOWS\\system32\\mmc.exe"=

            R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-29 22:56]
            R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2007-04-10 04:32]
            R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-04-14 22:33]
            R3 Cap7134;ProVideo Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2005-01-31 01:00]
            R3 PhTVTune;ProVideo WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-03-24 21:21]
            S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-09 16:55]

            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
            UxTuneUp

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
            \Shell\AutoRun\command - M:\LaunchU3.exe

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{292fc954-adac-11dc-af6e-000feab10015}]
            \Shell\AutoRun\command - L:\Setup.exe

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67dfef54-83fb-11dc-aefe-000feab10015}]
            \Shell\AutoRun\command - L:\Autorun.exe

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b8d5716-9488-11dc-af28-000feab10015}]
            \Shell\AutoRun\command - L:\setup\rsrc\Autorun.exe
            \Shell\dinstall\command - L:\Directx\dxsetup.exe

            .
            Inhoud van de 'Gedeelde Taken' map
            "2008-06-01 14:15:32 C:\WINDOWS\Tasks\Easy Onderhoud.job"
            - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
            .
            **************************************************************************

            catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-06-01 16:16:02
            Windows 5.1.2600 Service Pack 3 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************

            [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WMPNetworkSvc]
            "ImagePath"="--\"C:\Program Files\Windows Media Player\WMPNetwk.exe\""
            .
            ------------------------ Other Running Processes ------------------------
            .
            C:\WINDOWS\system32\CTSVCCDA.EXE
            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
            C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\WINDOWS\system32\IoctlSvc.exe
            C:\WINDOWS\system32\PnkBstrA.exe
            C:\WINDOWS\system32\MsPMSPSv.exe
            C:\Program Files\SpywareGuard\sgbhp.exe
            .
            **************************************************************************
            .
            Voltooingstijd: 2008-06-01 16:22:58 - machine was rebooted [Martijn en Nurten]
            ComboFix-quarantined-files.txt 2008-06-01 14:22:54
            ComboFix2.txt 2008-03-10 15:22:23

            Pre-Run: 112,970,756,096 bytes beschikbaar
            Post-Run: 112,869,273,600 bytes beschikbaar

            276 --- E O F --- 2008-05-14 14:12:04

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 16:27:50, on 1-6-2008
            Platform: Windows XP SP3 (WinNT 5.01.2600)
            MSIE: Internet Explorer v8.00 (8.00.6001.17184)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\CTsvcCDA.exe
            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
            C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\WINDOWS\system32\IoctlSvc.exe
            C:\WINDOWS\system32\PnkBstrA.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\MsPMSPSv.exe
            C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\SpywareGuard\sgmain.exe
            C:\Program Files\SpywareGuard\sgbhp.exe
            C:\WINDOWS\explorer.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
            O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
            O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
            O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
            O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
            O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
            O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
            O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
            O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
            O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
            O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
            O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
            O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
            O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
            O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
            O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
            O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
            O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
            O15 - Trusted Zone: http://www.startpagina.nl
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
            O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189413775640
            O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - http://www.acclaim.com/cabs/acclaim_v4.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189413764421
            O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
            O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
            O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB
            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
            O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
            O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
            O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
            O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
            O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
            O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
            O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
            O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
            O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
            O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

            --
            End of file - 10597 bytes

            Comment


            • #7
              Run de MBAM tool nogmaals.

              Update je java.


              Download Java Runtime Environment (JRE) 6u6.
              • Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 6".
              • Klik op de "Download" knop aan de rechterkant.
              • Vink aan: "Accept License Agreement", en klik op Continue.
              • De pagina zal herladen.
              • Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 6 en bewaar het op je Bureaublad.
              • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
              • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
              • Herhaal dit tot alle oudere versies verdwenen zijn.
              • Na het verwijderen van alle oudere versies, herstart je pc.
              • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


              vertel even hoe het nu gaat aub.

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                re

                Ik denk dat het nu goed is. Er worden geen virussen meer gevonden. CP loopt weer wat beter.
                Ik denk dat het is opgelost.

                Bedankt voor je hulp.

                Comment


                • #9
                  Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

                  Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U
                  Klik op OK of toets Enter.
                  Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.



                  Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

                  De status van deze thread staat op opgelost.
                  Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                  Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Nog steeds of weer problemen.

                    Als ik in mij taakbeheer kijk zie ik dat er dll39.exe bij staat, volgens Google is dit een trojan. Ik heb al enkel prorammas gedraaid echter komt hij steeds terug. Ook toen ik de pc opstarte kreeg ik een fout melding dat er iets nioet kon worden geopend.
                    wat kan er loos zijn.

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 23:29:10, on 3-6-2008
                    Platform: Windows XP SP3 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\WINDOWS\Installer\{9DD006A5-B484-4ADE-A760-0F217136B8EA}\aticpl32.exe
                    C:\WINDOWS\Installer\{9DD006A5-B484-4ADE-A760-0F217136B8EA}\service.exe
                    C:\WINDOWS\system32\CTsvcCDA.exe
                    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
                    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                    C:\WINDOWS\system32\nvsvc32.exe
                    C:\WINDOWS\system32\IoctlSvc.exe
                    C:\WINDOWS\system32\PnkBstrA.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\system32\MsPMSPSv.exe
                    C:\WINDOWS\system32\wuauclt.exe
                    C:\WINDOWS\system32\wscntfy.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Messenger\msmsgs.exe
                    C:\Program Files\SpywareGuard\sgmain.exe
                    C:\Program Files\SpywareGuard\sgbhp.exe
                    C:\WINDOWS\Installer\{9DD006A5-B484-4ADE-A760-0F217136B8EA}\dll39.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
                    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
                    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
                    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                    O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\system32:Applic32.exe
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
                    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
                    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
                    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
                    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
                    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
                    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
                    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
                    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
                    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
                    O15 - Trusted Zone: http://www.startpagina.nl
                    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
                    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
                    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189413775640
                    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - http://www.acclaim.com/cabs/acclaim_v4.cab
                    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189413764421
                    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
                    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB
                    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
                    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
                    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    O23 - Service: aticpl32 - Unknown owner - C:\WINDOWS\Installer\{9DD006A5-B484-4ADE-A760-0F217136B8EA}\aticpl32.exe
                    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
                    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
                    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
                    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

                    --
                    End of file - 10751 bytes

                    Comment


                    • #11
                      aanvulling

                      In taakbeheer staat tevens aticpl32.exe. Als ik afsluit krijg ik een foutmelding.
                      Er is iets aan het afsluiten wat een fout geeft, zoals synhost of zoiets.

                      Comment


                      • #12
                        sorry nog een aanvulling

                        Ik heb de fout melding van afsluiten opgeschreven:
                        service.exe fout.
                        msimn.exe initialisatie van dll bestand is mislukt.

                        Comment


                        • #13
                          Start op in veilige modus en verwijder dit dikgedrukte deel.

                          C:\WINDOWS\Installer\{9DD006A5-B484-4ADE-A760-0F217136B8EA}\dll39.exe

                          C:\WINDOWS\Installer\{9DD006A5-B484-4ADE-A760-0F217136B8EA}\service.exe

                          start opnieuw op en vertel of alles gelukt is en plaats ook een nieuw HJT logje aub.
                          Last edited by Juisterr; 04-06-08, 11:11.

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            re

                            Ik heb gezocht op automatisch zoeken en vond de genoemde map. Ik heb gehele map weg gegooid. Echter nadat ik hem had verwijderd, dacht ik, moest ik de hele map wel weg gooien. Ik heb de CP opnieuw opgestart het genoemde is weg. Weer opnieuw opgestart en kreeg geen fout melding meer. CP loop weer goed.
                            Denk dat hij weer schoon is, echter dat zie jij het beste.
                            Ik ben blij dat er mensen zijn zoals jij, die mij kunnen helpen, bedankt.

                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 15:44:57, on 4-6-2008
                            Platform: Windows XP SP3 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v8.00 (8.00.6001.17184)
                            Boot mode: Normal

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\WINDOWS\system32\CTsvcCDA.exe
                            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
                            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
                            C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                            C:\WINDOWS\system32\nvsvc32.exe
                            C:\WINDOWS\system32\IoctlSvc.exe
                            C:\WINDOWS\system32\PnkBstrA.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\system32\MsPMSPSv.exe
                            C:\WINDOWS\system32\wscntfy.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
                            C:\WINDOWS\system32\ctfmon.exe
                            C:\Program Files\Messenger\msmsgs.exe
                            C:\Program Files\SpywareGuard\sgmain.exe
                            C:\Program Files\SpywareGuard\sgbhp.exe
                            C:\WINDOWS\system32\wuauclt.exe
                            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                            O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
                            O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
                            O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                            O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
                            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
                            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                            O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                            O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
                            O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
                            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                            O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
                            O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
                            O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
                            O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
                            O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
                            O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
                            O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
                            O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
                            O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                            O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                            O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                            O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                            O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
                            O15 - Trusted Zone: http://www.startpagina.nl
                            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                            O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                            O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
                            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
                            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189413775640
                            O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - http://www.acclaim.com/cabs/acclaim_v4.cab
                            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189413764421
                            O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
                            O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB
                            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                            O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
                            O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.211.191.32:9999/activex/AMC.cab
                            O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                            O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
                            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            O23 - Service: aticpl32 - Unknown owner - C:\WINDOWS\Installer\{9DD006A5-B484-4ADE-A760-0F217136B8EA}\aticpl32.exe (file missing)
                            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                            O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
                            O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
                            O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
                            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                            O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                            O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                            O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
                            O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                            O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

                            --
                            End of file - 10460 bytes

                            Comment


                            • #15
                              Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

                              De status van deze thread staat op opgelost.
                              Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                              Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X