Volledige versie bekijken : Log als gevolg van diverse problemen.
t896743 5 October 2008, 12:49 Hieronder mijn logje. U merkt dat dit genomen is met een eerdere versie van Hijackthis nl 1.99.1. Wanneer ik naar de link ga die op het forum voorkomt om recentste versie te downloaden, geraak ik niet op die pagina.Het is namelijk zo dat ik er niet meer in slaag om online virusscan te doen bijvoorbeeld door gebruik te maken van de linken op het forum beveiliging. Ik slaag er tevens niet meer in om updates van Spybot en Crapcleaner binnen te halen. Tevens kan ik mijn Avast antivirus niet meer updaten. Mijn computer is zeer traag en heeft om de haverklap de gekste meldingen. Er zit zeker één en ander fout. IK heb de indruk dat het complete systeem naar de knoppen aan het gaan is.
Het enige wat ik me herinner dat mogelijks een aanleiding kan zijn van de problemen, is het feit dat op een gegeven ogenblik een scherm geopend werd van "MVA- antivirus" of zoiets in die aard. Ik heb de indruk dat vanaf dan de problemen begonnen zijn. Sorry, maar ik ben niet de grote computerkenner. Hopelijk kunnen jullie mij helpen en wat raad geven.
---------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:39:10, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\nieuwe bestanden\avast!\aswUpdSv.exe
C:\nieuwe bestanden\avast!\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\NIEUWE~1\avast!\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\nvsvc32.exe
N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpohmr08.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpotdd01.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpoevm08.exe
C:\nieuwe bestanden\avast!\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\nieuwe bestanden\avast!\ashWebSv.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\nieuwe bestanden\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\nieuwe bestanden\Techsmit Snagit 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll (file missing)
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\NIEUWE~1\avast!\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\nieuwe bestanden\clonecd\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.be/static/download/pixacodndupload.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h20264.www2.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1115.cab
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - file://C:\Documents and Settings\Guido\Mijn documenten\Mijn video's\MediaShow.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125930738515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1118.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\nieuwe bestanden\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\nieuwe bestanden\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\nieuwe bestanden\avast!\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\nieuwe bestanden\avast!\ashWebSv.exe" /service (file missing)
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\nieuwe bestanden\Tune utilities 2006\WinStylerThemeSvc.exe
Roelof 6 October 2008, 12:29 Hoi,
We krijgen je pc wel weer aan de praat.
Je hebt een namaak spyware scanner te pakken.
1) Start HijackThis op.
- Kies nu voor "Do a system scan only..
- Zet nu een vinkje voor de volgende items:
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll (file missing)
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll (file missing)
- Sluit nu alle vensters behalve die van HijackThis en kies nu voor "fix checked".
2) Herstart je computer.
3) Download MalwareBytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen, indien er gevraagd wordt om je computer te herstarten moet je dit toestaan.
Dit is namelijk noodzakelijk om sommige infecties te kunnen verwijderen
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma. Post dit logje in je volgende reactie te samen met een nieuw Hiajckthis logje (graag de nieuwste versie).
4) Hoe is het nu met je problemen ?
Roelof
t896743 6 October 2008, 22:17 Roelof,
Fantastisch man. Pc doet weer een stuk normaler. Avast functioneert terug, ik kan de updates van ccrapcleaner en spybot terug binnen trekken. Ziet er heel goed uit. Van harte bedankt. Klasse !!!!!
Hieronder een log van Malwarebytes en Hijackthis.
Ik stel wel vast dat ik geen schijfdefragmentatie kan doen!!!!!!
PS : In al mijn ijver als leek om mijn probleem op te lossen heb ik wel een bestand "Windows 32\tds.dll" (of iets in die aard) verwijderd daar avast mij signaleerde dat dit bestand geïnfecteerd was. Ik heb het spijtig genoeg verwijderd ipv in de kluis te plaatsen. Ik weet niet of dat er iets mee te maken kan hebben.
Mijn pc draait al een tijdje zonder er veel naar om te kijken, ziet u nog optimalisaties mogelijk in de hijackthislog?
Fijn om mij te helpen.
Gemeende groeten,
---------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.28
Database versie: 1234
Windows 5.1.2600 Service Pack 2
6/10/2008 21:19:26
mbam-log-2008-10-06 (21-19-26).txt
Scan type: Snelle Scan
Objecten gescand: 58869
Verstreken tijd: 5 minute(s), 24 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 8
Registerwaarden geïnfecteerd: 2
Registerdata bestanden geïnfecteerd: 3
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 9
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y456.y456mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y456.y456mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MSx (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\antivirus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windowsisearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
C:\WINDOWS\system32\848700 (Trojan.BHO) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\Program Files\MSX\MSx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSx.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MSX\msx1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSX\MSX.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSX\msx.ooo (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Start\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Start\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
-----------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:48, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\nieuwe bestanden\avast!\aswUpdSv.exe
C:\nieuwe bestanden\avast!\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
N:\Nieuwe bestanden\SPYWARE\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\nieuwe bestanden\avast!\ashMaiSv.exe
C:\nieuwe bestanden\avast!\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\NIEUWE~1\avast!\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpohmr08.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpotdd01.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpoevm08.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
N:\Nieuwe bestanden\mbam-setup\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\nieuwe bestanden\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\nieuwe bestanden\Techsmit Snagit 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - N:\NIEUWE~1\SPYWARE\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - N:\NIEUWE~1\SPYWARE\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\NIEUWE~1\avast!\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\nieuwe bestanden\clonecd\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - N:\NIEUWE~1\SPYWARE\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.be/static/download/pixacodndupload.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h20264.www2.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1115.cab
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - file://C:\Documents and Settings\Guido\Mijn documenten\Mijn video's\MediaShow.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125930738515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1118.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\nieuwe bestanden\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\nieuwe bestanden\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\nieuwe bestanden\avast!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\nieuwe bestanden\avast!\ashWebSv.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - N:\Nieuwe bestanden\SPYWARE\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\nieuwe bestanden\Tune utilities 2006\WinStylerThemeSvc.exe
--
End of file - 11766 bytes
--------------------------------------------------------------------------------
Roelof 7 October 2008, 08:07 Hoi,
Ik zie dat je twee virusscanners draait nl. Avast en NOD32.
Dit is niet handig. Twee scanners kunnen elkaar bijten en daardoor je systeem vertragen en/of onstabiel worden.
Kies een van de twee uit en de-installeer de andere via Start > Instellingen > Configuratiescherm > Software.
Groetjes,
Roelof
t896743 10 October 2008, 09:12 Roelof,
Ik heb NOD verwijderd. Hierbij nog een logje. Zie jij nog zaken die ik kan optimaliseren? Ik vind dat er bij het opstarten van de pc nogal wat programma's lopen. Zijn er een paar welke ik kan uitschakelen?
Als ik wil defragmenteren dan krijg ik de melding "Kan defragmentatie niet starten". Zie jij een oplossing of oorzaak van dit probleem? Ik denk dat ik mijn harde schijf dringend eens moet herfragmenteren.
Nogmaals bedankt voor de geboden hulp.
Vriendelijke groeten,
GD
---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:59, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\nieuwe bestanden\avast!\aswUpdSv.exe
C:\nieuwe bestanden\avast!\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
N:\Nieuwe bestanden\SPYWARE\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\nieuwe bestanden\avast!\ashMaiSv.exe
C:\nieuwe bestanden\avast!\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\NIEUWE~1\avast!\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpohmr08.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpotdd01.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpoevm08.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\nieuwe bestanden\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\nieuwe bestanden\Techsmit Snagit 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - N:\NIEUWE~1\SPYWARE\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - N:\NIEUWE~1\SPYWARE\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\NIEUWE~1\avast!\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\nieuwe bestanden\clonecd\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.be/static/download/pixacodndupload.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h20264.www2.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1115.cab
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - file://C:\Documents and Settings\Guido\Mijn documenten\Mijn video's\MediaShow.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125930738515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1118.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\nieuwe bestanden\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\nieuwe bestanden\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\nieuwe bestanden\avast!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\nieuwe bestanden\avast!\ashWebSv.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - N:\Nieuwe bestanden\SPYWARE\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\nieuwe bestanden\Tune utilities 2006\WinStylerThemeSvc.exe
--
End of file - 9386 bytes
---------------------------------------------------------------------------------
Roelof 10 October 2008, 09:55 Hoi,
Met het opstarten vind ik het wel meevallen.
Voor het defragmanteer probleem heb ik een vraagje :
Hoe groot is jouw harde schijf en hoe groot is nog de vrije ruimte op die harde schijf.
Roelof
t896743 10 October 2008, 10:50 Roelof,
Mijn "C" is 55,8 GB waarvan 43,2 GB gebruikt en 12,6 GB (20 %) beschikbaar. Ik meen me te herinneren dat, indien er plaatsgebrek was op de schijf, ik een melding in die zin kreeg. Nu krijg ik sec de melding "Kan defragmentatie niet starten".
Greetz,
GD
Roelof 10 October 2008, 14:07 Hoi,
Oke, das wel goed. Het is bekend als je schijf bijna vol is dat defragmentatie niet werkt.
Eens even kijken of het programma nog aanwezig is.
Kun je naar Start > Programma's > Bureau-accessoires > Opdrachtprompt.
In het schermpje wat dan verschijnt, vul je "defrag c:" zonder de " in en drukt daarna op oke.
Lukt dit of krijg je ook een foutmelding ?
Roelof
t896743 10 October 2008, 19:39 hoi Roelof,
Idem dito. Ik kreeg de melding "Kan defragmentatie niet starten".
Gtz,
GD
Roelof 10 October 2008, 20:04 Hoi,
Gaan we even verder kijken.
Ga naar Start > Uitvoeren.
Voer daar services.msc in
Zoek daar naar DCOM Server Process Launcher.
Rechtsklik op die naam en kies dan voor eigenschappen.
Staan die op automatisch en gestart ?
Roelof
t896743 10 October 2008, 21:24 Hoi Roelof.
Gecheckt. Staat effectief op automatisch en gestart. Ik denk dat je er evenwel niet ver naast zit, ik meen me eens of andere vroegere foutmelding van die aard te herinneren enige tijd terug. Ik denk dat het woord Launcher daar in voorkwma. Ge zit er niet ver naast, maar wat?
Grtz,
Guido.
t896743 10 October 2008, 21:52 Ik viel in herhaling. Tekst geschrapt.
Greetz,
GD
Roelof 11 October 2008, 09:10 Hoi,
Gaan we even kijken of er geen systeembestanden ontbreken of corrupt zijn geraakt.
Ga naar start --> uitvoeren en typ daar: cmd
In het venster dat opent typ: chkdsk /f
Herstart je computer en onderbreek de schijfcontrole niet.
Heeft het geholpen?
Roelof
t896743 11 October 2008, 14:08 Roelof,
Bij het heropstarten van de computer doet hij geen chkdsk. Ik heb diverse malen geprobeerd, windows wordt gewoon opgestart en er gebeurt verder niets.
Ik heb wel een chkdsk laten lopen maar bij het ingeven van chkdsk/f dien ik te bevestigen dat hij moet lopen bij het heropstarten maar dan gebeurt niets. Of ligt het aan mij?
Groeten,
GD
Roelof 11 October 2008, 14:28 Hoi.
Misschien een domme vraag.
Welk antwoord geeft je op de vraag van het opstarten ?
Roelof
t896743 11 October 2008, 14:39 "J" en dan meldt hij mij dat chkdsk zal uitgevoerd worden bij het heropstarten van de computer.
Greetz.
GD
Roelof 11 October 2008, 14:52 hoi,
Gaan we even eens wat anders proberen.
Download Dial-a-fix-2006 (http://wiki.djlizard.net/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles) en pak beide bestanden in hun eigen map uit naar je Bureaublad.
In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
Sluit dit venster na afloop door onderaan op "Exit" te klikken.
Groetjes,
Roelof
t896743 11 October 2008, 15:37 Roelof;
Uitgevoerd. Programma laten lopen.
Ter info : ik heb chkdsk/F en defragmentatie eens geprobeerd. Resultaat idem: geen van beiden doet het momenteel.
GD
Roelof 11 October 2008, 16:30 hoi,
Toch eens verder kijken of er geen malware is, wat we niet gevonden hebben.
Volg deze instructies (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) om Combofix te downloaden. Is er iets niet duidelijk, dan vraag je het.
Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console.
Indien je combofix al eerder gebruikt hebt en de recovery console al geïnstalleerd hebt mag je die stap overslaan.
OPMERKING:
Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe, als Combofix aangeeft dat er een nieuwere versie beschikbaar is, dan sta je toe dat deze gedownload wordt.
Volg de instructies en aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
Groetjes,
Roelof
t896743 11 October 2008, 22:10 Roelof,
Bij het installeren van de XP Recovery Console heb ik een klein probleempje nl sinds deze morgen heb ik Service Pack 3 en er is blijkbaar nog geen download voor een hersteldiskette voor Service Pack 3 voorzien. Combofix draaien zonder hersteldiskette?
Groeten,
GD
Rosty 11 October 2008, 22:26 Neem gewoon die van SP2, die is ook goed.
PS: sorry Roelof voor het antwoorden!!! Had niet gezien dat je online was.
t896743 12 October 2008, 21:01 Roelof,
Wel, ge zijt genen gewonen jij !!!!!!!! Hartstikke bedankt !!! Schijfdefragmentatie doet het weer. Machientje loopt als een trein. Hierbij mijn log van combofix en hijackthis.
Hier komt ie !!!
Fantastisch dat je dit kan en wil doen!
Ook thanks aan Rosty voor zijn tussenkomst.
Hartelijke groeten;
GD
---------------------------------------------------------------------------
ComboFix 08-10-11.04 - Guido 2008-10-12 20:21:23.1 - NTFSx86
gebruikte Opdracht switches :: C:\Documents and Settings\Guido\Bureaublad\WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\buts.bin
C:\WINDOWS\system32\Cache\chart 1.bmp
C:\WINDOWS\system32\Cache\ding.bmp
C:\WINDOWS\system32\Cache\document.bmp
C:\WINDOWS\system32\Cache\msg.bin
C:\WINDOWS\system32\Cache\web app.bmp
C:\WINDOWS\system32\drivers\tdssserv.sys
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\TDSSlog.dll
C:\WINDOWS\system32\TDSSmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssserf1.dll
C:\WINDOWS\system32\tdssservers.dat
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-09-12 to 2008-10-12 ))))))))))))))))))))))))))))))
.
2008-10-11 15:28 . 2008-10-12 18:22 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-10-11 11:22 . 2008-10-11 11:22 <DIR> d-------- C:\WINDOWS\system32\nl
2008-10-11 11:22 . 2008-10-11 11:22 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-11 11:07 . 2008-04-14 19:02 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-10-11 11:07 . 2008-04-14 19:02 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-11 11:07 . 2008-04-14 19:02 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-10-11 11:07 . 2008-04-14 19:02 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-10-11 11:07 . 2008-04-14 19:02 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-10-11 11:07 . 2008-04-14 19:02 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-10-11 11:05 . 2008-04-14 19:02 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-10-07 10:32 . 2008-10-11 15:29 <DIR> dr-h----- C:\Documents and Settings\Guido\Onlangs geopend
2008-10-06 21:19 . 2008-10-06 21:19 61,440 --a------ C:\WINDOWS\system32\drivers\fhuhhiv.sys
2008-10-06 21:08 . 2008-10-06 21:08 <DIR> d-------- C:\Documents and Settings\Guido\Application Data\Malwarebytes
2008-10-06 21:08 . 2008-10-06 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-06 21:08 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-06 21:08 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-05 13:40 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-10-05 13:40 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-09-25 21:53 . 2008-10-06 21:19 <DIR> d-------- C:\Program Files\MSX
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-10-11 09:32 --------- d-----w C:\Program Files\MSN Messenger
2008-10-11 09:28 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd7533.sys
2008-10-10 07:03 --------- d-----w C:\Program Files\Panda Security
2008-10-07 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-06 20:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-05 10:56 --------- d-----w C:\Documents and Settings\Guido\Application Data\Lavasoft
2008-09-06 19:32 --------- d-----w C:\Program Files\Everest Poker
2008-09-06 18:31 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2005-05-29 18:42 10,752 -c----w C:\Documents and Settings\Guido\gcmd5query.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-23 413775]
"TomTomHOME.exe"="N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 7311360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CloneCDTray"="C:\nieuwe bestanden\clonecd\CloneCDTray.exe" [2006-09-28 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
hp psc 1000 series.lnk - C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpohmr08.exe [6-4-2003 1:17:18 147456]
hpoddt01.exe.lnk - C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpotdd01.exe [6-4-2003 1:06:58 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP50"= SP5X_32.DLL
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL
"VIDC.VDOM"= vdowave.drv
"msacm.dvacm"= dvacm.acm
"VIDC.TR20"= tr2032.dll
"vidc.vivo"= ivvideo.dll
"MSACM.CEGSM"= mobilev.acm
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^CreataCard Gold 2 Forget Me Not Reminders.lnk]
backup=C:\WINDOWS\pss\CreataCard Gold 2 Forget Me Not Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Telenet EasyCare.lnk]
backup=C:\WINDOWS\pss\Telenet EasyCare.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Guido^Menu Start^Programma's^Opstarten^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapFax
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xqhkdkl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
-----c--- 2002-09-26 15:49 69632 C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\nieuwe bestanden\clonecd\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 19:02 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--------- 2003-04-23 03:43 413775 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
-----c--- 2003-05-19 11:21 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
-----c--- 2004-04-07 08:05 385024 C:\NIEUWE~1\EasyCare\TELENE~1\SMARTB~1\MotiveSB.ex e
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--------- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--------- 2005-11-11 14:47 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector]
-----c--- 2002-09-10 10:54 28672 C:\nieuwe bestanden\Digitale camera Aldi\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
--------- 2002-08-28 12:43 73728 C:\WINDOWS\Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2005-11-11 14:47 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--------- 2002-08-15 11:46 46592 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"DAEMON Tools"="C:\nieuwe bestanden\deamon tools\DAEMON Tools\daemon.exe" -lang 1033
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"beidsystemtray"=C:\Program Files\Belgium Identity Card\beidsystemtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\nieuwe bestanden\\GameSpy Arcade\\Aphex.exe"=
"C:\\nieuwe bestanden\\C.O.D\\CoDMP.exe"=
"C:\\nieuwe bestanden\\mohaa\\MOHAA.EXE"=
"C:\\nieuwe bestanden\\mohaa\\moh_spearhead.exe"=
"C:\\nieuwe bestanden\\C.O.D\\CoDUOMP.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\nieuwe bestanden\\xfire\\Xfire.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\nieuwe bestanden\\NFSPMW\\speed.exe"=
"C:\\nieuwe bestanden\\Bearshare\\BearShare.exe"=
"C:\\nieuwe bestanden\\tony hawk\\Skate3.exe"=
"C:\\nieuwe bestanden\\Age Of Empires 2\\Age of Empires II (Up by X3ris)\\Age Of Empires II\\empires2.exe"=
"C:\\nieuwe bestanden\\Bearflix\\bearflix.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"N:\\kenneth\\nieuwe programmas\\duke nuken!\\prism3d.exe"=
"N:\\Nieuwe bestanden\\battlefield\\BF1942.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr. exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbu s.sys [2003-12-21 140800]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmas scsi.sys [2003-12-20 5504]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-07-19 20560]
R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2006-06-20 225280]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-07-29 424704]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-29 24288]
S2 Ca504av;Mega Camera, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca504av.sys [2002-06-18 516149]
S2 Ca533av;Cam 3200, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 515803]
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 33536]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeA tmPc.sys [ ]
S3 AtmElan;ATM geëmuleerde LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;ATM LAN-emulatie;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2006-06-21 331776]
S3 USBCamera;DSC Still Image Capture (CA100);C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-12-04 11144]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5bcc9639-baa2-11dc-965e-000c415a5208}]
\Shell\AutoRun\command - P:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d0032f80-f5f3-11dc-96bf-000c415a5208}]
\Shell\AutoRun\command - O:\InstallTomTomHOME.exe
.
Inhoud van de 'Gedeelde Taken' map
2008-10-10 C:\WINDOWS\Tasks\Easy Onderhoud.job
- C:\nieuwe bestanden\Tune utilities 2006\SystemOptimizer.exe [2005-12-28 20:13]
2007-07-27 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1176547788.job
- C:\nieuwe bestanden\All-in-one\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
2008-10-10 C:\WINDOWS\Tasks\{552CFD0A-7D40-4E04-A87A-5DF58C9D8C7A}_FAMDESLOOVER_Guido.job
- C:\WINDOWS\system32\mobsync.exe [2008-04-14 19:03]
2008-10-10 C:\WINDOWS\Tasks\{62DA7F63-044D-4E81-952D-263610DE4108}_FAMDESLOOVER_Guido.job
- C:\WINDOWS\system32\mobsync.exe [2008-04-14 19:03]
2008-10-10 C:\WINDOWS\Tasks\{9529E9BE-B287-41FB-83AD-F0D68867688C}_FAMDESLOOVER_Guido.job
- C:\WINDOWS\system32\mobsync.exe [2008-04-14 19:03]
.
- - - - ORPHANS VERWIJDERD - - - -
HKU-Default-Run-wblogon - C:\WINDOWS\system32\algg.exe
HKU-Default-Run-Spyware Doctor - (no file)
ShellExecuteHooks-{03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - (no file)
MSConfigStartUp-gcasServ - C:\nieuwe bestanden\Microsoft Antispy\gcasServ.exe
MSConfigStartUp-Microsoft Works Update Detection - C:\Program Files\Microsoft Works\WkDetect.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
MSConfigStartUp-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-WildTangent CDA - C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll
MSConfigStartUp-WinampAgent - C:\nieuwe bestanden\winamp\winampa.exe
MSConfigStartUp-AME_CSA - amecsa.cpl
.
------- Bijkomende Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.hln.be/
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://www.google.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - %~$path:i
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - %~$path:i
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - %~$path:i
O16 -: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - hxxp://www.pixaco.be/static/download/pixacodndupload.cab
C:\WINDOWS\Downloaded Program Files\PIXACODnDUpload.inf
C:\WINDOWS\Downloaded Program Files\tra2_4_0.rc
C:\WINDOWS\Downloaded Program Files\PIXACODnDUpload.ocx
O16 -: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} - hxxps://img.web.de/v/fotoalbum/activex/upload_1115.cab
C:\WINDOWS\Downloaded Program Files\upload.inf
C:\WINDOWS\System32\msvcrt.dll
C:\WINDOWS\System32\mfc42.dll
C:\WINDOWS\System32\olepro32.dll
C:\WINDOWS\System32\msvcp60.dll
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_jpeg_.dll
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_gif_.dll
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_bmp_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_jpeg_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_ttf_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_lcms_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_xlib_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_Magick++_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_magick_.dll
C:\WINDOWS\Downloaded Program Files\upload.ocx
O16 -: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} - file://C:\Documents and Settings\Guido\Mijn documenten\Mijn video's\MediaShow.cab
C:\WINDOWS\Downloaded Program Files\PresentCtl.dll
O16 -: {D3A7982E-915D-4589-8ECE-249F70D0C941} - hxxp://aaotracker.4players.de/LaunchGame.cab
C:\WINDOWS\Downloaded Program Files\LaunchGame.ocx
O16 -: {DF6504AC-3EFE-4287-B259-FB299B069C95} - hxxps://img.web.de/v/fotoalbum/activex/upload_1118.cab
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\upload.inf
C:\WINDOWS\System32\msvcrt.dll
C:\WINDOWS\System32\mfc42.dll
C:\WINDOWS\System32\olepro32.dll
C:\WINDOWS\System32\msvcp60.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\type.mgk
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\modules.mgk
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\magic.mgk
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\log.mgk
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\delegates.mgk
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\colors.mgk
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IM_MOD_RL_png_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IM_MOD_RL_wbmp_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IM_MOD_RL_psd_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IM_MOD_RL_pict_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IM_MOD_RL_ttf_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IM_MOD_RL_tiff_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IM_MOD_RL_jpeg_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IM_MOD_RL_jp2_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IM_MOD_RL_gif_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IM_MOD_RL_bmp_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CORE_RL_zlib_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CORE_RL_xlib_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CORE_RL_ttf_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CORE_RL_png_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CORE_RL_tiff_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CORE_RL_jpeg_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CORE_RL_lcms_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CORE_RL_bzlib_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CORE_RL_Magick++_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CORE_RL_magick_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\upload.ocx
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 20:38:08
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\m chInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
------------------------ Andere Aktieve Processen ------------------------
.
C:\nieuwe bestanden\avast!\aswUpdSv.exe
C:\nieuwe bestanden\avast!\ashServ.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
N:\Nieuwe bestanden\SPYWARE\Spyware Doctor\sdhelp.exe
C:\nieuwe bestanden\avast!\ashMaiSv.exe
C:\nieuwe bestanden\avast!\ashWebSv.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpoevm08.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hposts08.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-10-12 20:48:27 - machine werd herstart
ComboFix-quarantined-files.txt 2008-10-12 18:48:20
ComboFix2.txt 2006-10-08 16:12:02
Pre-Run: 12,410,089,472 bytes beschikbaar
Post-Run: 12,332,527,616 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
327 --- E O F --- 2008-10-11 09:27:38
-----------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:21, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\nieuwe bestanden\avast!\aswUpdSv.exe
C:\nieuwe bestanden\avast!\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
N:\Nieuwe bestanden\SPYWARE\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\nieuwe bestanden\avast!\ashMaiSv.exe
C:\nieuwe bestanden\avast!\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpohmr08.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpotdd01.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpoevm08.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\nieuwe bestanden\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\nieuwe bestanden\Techsmit Snagit 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - N:\NIEUWE~1\SPYWARE\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - N:\NIEUWE~1\SPYWARE\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\nieuwe bestanden\clonecd\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.be/static/download/pixacodndupload.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h20264.www2.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1115.cab
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - file://C:\Documents and Settings\Guido\Mijn documenten\Mijn video's\MediaShow.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125930738515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1118.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\nieuwe bestanden\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\nieuwe bestanden\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\nieuwe bestanden\avast!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\nieuwe bestanden\avast!\ashWebSv.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - N:\Nieuwe bestanden\SPYWARE\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\nieuwe bestanden\Tune utilities 2006\WinStylerThemeSvc.exe
--
End of file - 9219 bytes
------------------------------------------------------------------------------
Roelof 13 October 2008, 08:06 Hoi,
Ik vind nog twee restjes die we gaan verwijderen.
Open Kladblok, kopiëer en plak de onderstaande vette tekst in een leeg venster:
File::
C:\WINDOWS\system32\drivers\fhuhhiv.sys
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xqhkdkl]
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
t896743 13 October 2008, 10:22 Roelof,
Uitgevoerd. Zie hierbij log van combofix en Hijackthis.
Combofix in elk geval "fhuhhiv.sys" verwijderd, of hij ook die registry verwijderd heeft weet ik niet.
Groeten,
GD
---------------------------------------------------------------------------
ComboFix 08-10-11.04 - Guido 2008-10-13 10:00:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.438 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Guido\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: C:\Documents and Settings\Guido\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\WINDOWS\system32\drivers\fhuhhiv.sys
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\fhuhhiv.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-09-13 to 2008-10-13 ))))))))))))))))))))))))))))))
.
2008-10-11 15:28 . 2008-10-12 20:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-10-11 11:22 . 2008-10-11 11:22 <DIR> d-------- C:\WINDOWS\system32\nl
2008-10-11 11:22 . 2008-10-11 11:22 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-11 11:18 . 2008-10-11 11:27 2,711 --a------ C:\WINDOWS\imsins.BAK
2008-10-11 11:07 . 2008-04-14 19:02 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-10-11 11:07 . 2008-04-14 19:02 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-11 11:07 . 2008-04-14 19:02 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-10-11 11:07 . 2008-04-14 19:02 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-10-11 11:07 . 2008-04-14 19:02 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-10-11 11:07 . 2008-04-14 19:02 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-10-11 11:05 . 2008-04-14 19:02 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-10-07 10:32 . 2008-10-13 09:58 <DIR> dr-h----- C:\Documents and Settings\Guido\Onlangs geopend
2008-10-06 21:08 . 2008-10-06 21:08 <DIR> d-------- C:\Documents and Settings\Guido\Application Data\Malwarebytes
2008-10-06 21:08 . 2008-10-06 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-06 21:08 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-06 21:08 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-05 13:40 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-10-05 13:40 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-09-25 21:53 . 2008-10-06 21:19 <DIR> d-------- C:\Program Files\MSX
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-10-11 09:32 --------- d-----w C:\Program Files\MSN Messenger
2008-10-11 09:28 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd7533.sys
2008-10-10 07:03 --------- d-----w C:\Program Files\Panda Security
2008-10-07 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-06 20:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-05 10:56 --------- d-----w C:\Documents and Settings\Guido\Application Data\Lavasoft
2008-09-06 19:32 --------- d-----w C:\Program Files\Everest Poker
2008-09-06 18:31 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-08 14:30 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-22 00:42 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2005-05-29 18:42 10,752 -c----w C:\Documents and Settings\Guido\gcmd5query.dll
1998-08-24 09:09 10,000 -c----w C:\WINDOWS\inf\unregpn.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-12_20.47.40.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 17:02:53 139,264 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2008-05-09 10:56:23 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-05-09 10:56:23 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2008-05-09 10:56:23 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll
+ 2008-05-09 10:56:23 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2008-05-09 10:56:23 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll
- 2008-04-14 17:02:29 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:56:23 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-04-14 17:02:39 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
+ 2008-05-09 10:56:23 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
- 2008-04-14 17:02:39 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
+ 2008-05-09 10:56:23 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
- 2008-04-14 17:02:44 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2008-05-09 10:56:23 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2008-04-14 17:03:20 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
- 2008-04-14 17:02:45 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
+ 2008-05-09 10:56:23 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
+ 2008-10-13 06:58:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_520.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-23 413775]
"TomTomHOME.exe"="N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 7311360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CloneCDTray"="C:\nieuwe bestanden\clonecd\CloneCDTray.exe" [2006-09-28 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
hp psc 1000 series.lnk - C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP50"= SP5X_32.DLL
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL
"VIDC.VDOM"= vdowave.drv
"msacm.dvacm"= dvacm.acm
"VIDC.TR20"= tr2032.dll
"vidc.vivo"= ivvideo.dll
"MSACM.CEGSM"= mobilev.acm
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^CreataCard Gold 2 Forget Me Not Reminders.lnk]
backup=C:\WINDOWS\pss\CreataCard Gold 2 Forget Me Not Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Telenet EasyCare.lnk]
backup=C:\WINDOWS\pss\Telenet EasyCare.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Guido^Menu Start^Programma's^Opstarten^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapFax
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus2
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
-----c--- 2002-09-26 15:49 69632 C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\nieuwe bestanden\clonecd\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 19:02 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--------- 2003-04-23 03:43 413775 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
-----c--- 2003-05-19 11:21 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
-----c--- 2004-04-07 08:05 385024 C:\NIEUWE~1\EasyCare\TELENE~1\SMARTB~1\MotiveSB.ex e
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--------- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--------- 2005-11-11 14:47 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector]
-----c--- 2002-09-10 10:54 28672 C:\nieuwe bestanden\Digitale camera Aldi\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
--------- 2002-08-28 12:43 73728 C:\WINDOWS\Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2005-11-11 14:47 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--------- 2002-08-15 11:46 46592 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"DAEMON Tools"="C:\nieuwe bestanden\deamon tools\DAEMON Tools\daemon.exe" -lang 1033
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"beidsystemtray"=C:\Program Files\Belgium Identity Card\beidsystemtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\nieuwe bestanden\\GameSpy Arcade\\Aphex.exe"=
"C:\\nieuwe bestanden\\C.O.D\\CoDMP.exe"=
"C:\\nieuwe bestanden\\mohaa\\MOHAA.EXE"=
"C:\\nieuwe bestanden\\mohaa\\moh_spearhead.exe"=
"C:\\nieuwe bestanden\\C.O.D\\CoDUOMP.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\nieuwe bestanden\\xfire\\Xfire.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\nieuwe bestanden\\NFSPMW\\speed.exe"=
"C:\\nieuwe bestanden\\Bearshare\\BearShare.exe"=
"C:\\nieuwe bestanden\\tony hawk\\Skate3.exe"=
"C:\\nieuwe bestanden\\Age Of Empires 2\\Age of Empires II (Up by X3ris)\\Age Of Empires II\\empires2.exe"=
"C:\\nieuwe bestanden\\Bearflix\\bearflix.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"N:\\kenneth\\nieuwe programmas\\duke nuken!\\prism3d.exe"=
"N:\\Nieuwe bestanden\\battlefield\\BF1942.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr. exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbu s.sys [2003-12-21 140800]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmas scsi.sys [2003-12-20 5504]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-07-19 20560]
R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2006-06-20 225280]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-07-29 424704]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-29 24288]
S2 Ca504av;Mega Camera, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca504av.sys [2002-06-18 516149]
S2 Ca533av;Cam 3200, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 515803]
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 33536]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeA tmPc.sys [ ]
S3 AtmElan;ATM geëmuleerde LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;ATM LAN-emulatie;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2006-06-21 331776]
S3 USBCamera;DSC Still Image Capture (CA100);C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-12-04 11144]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5bcc9639-baa2-11dc-965e-000c415a5208}]
\Shell\AutoRun\command - P:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d0032f80-f5f3-11dc-96bf-000c415a5208}]
\Shell\AutoRun\command - O:\InstallTomTomHOME.exe
.
Inhoud van de 'Gedeelde Taken' map
2008-10-10 C:\WINDOWS\Tasks\Easy Onderhoud.job
- C:\nieuwe bestanden\Tune utilities 2006\SystemOptimizer.exe [2005-12-28 20:13]
2007-07-27 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1176547788.job
- C:\nieuwe bestanden\All-in-one\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
2008-10-13 C:\WINDOWS\Tasks\{552CFD0A-7D40-4E04-A87A-5DF58C9D8C7A}_FAMDESLOOVER_Guido.job
- C:\WINDOWS\system32\mobsync.exe [2008-04-14 19:03]
2008-10-10 C:\WINDOWS\Tasks\{62DA7F63-044D-4E81-952D-263610DE4108}_FAMDESLOOVER_Guido.job
- C:\WINDOWS\system32\mobsync.exe [2008-04-14 19:03]
2008-10-10 C:\WINDOWS\Tasks\{9529E9BE-B287-41FB-83AD-F0D68867688C}_FAMDESLOOVER_Guido.job
- C:\WINDOWS\system32\mobsync.exe [2008-04-14 19:03]
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 10:04:28
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\m chInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Voltooingstijd: 2008-10-13 10:10:16
ComboFix-quarantined-files.txt 2008-10-13 08:10:07
ComboFix2.txt 2008-10-12 18:48:28
ComboFix3.txt 2006-10-08 16:12:02
Pre-Run: 12.248.928.256 bytes beschikbaar
Post-Run: 12,254,613,504 bytes beschikbaar
247 --- E O F --- 2008-10-12 19:00:40
---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:56, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\nieuwe bestanden\avast!\aswUpdSv.exe
C:\nieuwe bestanden\avast!\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
N:\Nieuwe bestanden\SPYWARE\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\nieuwe bestanden\avast!\ashMaiSv.exe
C:\nieuwe bestanden\avast!\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpohmr08.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpotdd01.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpoevm08.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\nieuwe bestanden\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\nieuwe bestanden\Techsmit Snagit 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - N:\NIEUWE~1\SPYWARE\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - N:\NIEUWE~1\SPYWARE\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\nieuwe bestanden\clonecd\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.be/static/download/pixacodndupload.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h20264.www2.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1115.cab
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - file://C:\Documents and Settings\Guido\Mijn documenten\Mijn video's\MediaShow.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125930738515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1118.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\nieuwe bestanden\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\nieuwe bestanden\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\nieuwe bestanden\avast!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\nieuwe bestanden\avast!\ashWebSv.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - N:\Nieuwe bestanden\SPYWARE\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\nieuwe bestanden\Tune utilities 2006\WinStylerThemeSvc.exe
--
End of file - 9171 bytes
--------------------------------------------------------------------------------
Roelof 13 October 2008, 13:11 Hoi,
Alles ziet er weer goed uit.
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U, en Enter.
Dit verwijdert zowel ComboFix als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.
Nog een paar tips om problemen te voorkomen in de toekomst:
Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:
Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Adaware se (http://www.majorgeeks.com/download506.html)
Spybot s&d (http://www.safer-networking.org/en/index.html)
Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.
En kies eventueel een alternatieve browser zoals Opera (http://www.opera.com/) of Firefox (http://www.mozilla.org/products/firefox/).
En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall (http://housecall.trendmicro.com/) en/of Bitdefender (http://nl.bitdefender.com/scan8/). Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!
En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/ (http://windowsupdate.microsoft.com/)
Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer...&mode=dossier# (http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#)
http://www.benedelman.org/spyware/security-111804.wmv (http://www.benedelman.org/spyware/security-111804.wmv)
Meer preventietips zijn ook op volgende sites te vinden:
http://www.bluemedicine.be (http://www.bluemedicine.be/)
http://users.telenet.be/marcvn/spyware (http://users.telenet.be/marcvn/spyware)
How did I get infected in the first place (http://castlecops.com/postitle7736-0-0-.html) (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking (http://www.antispywareoffensief.nl/forum/showthread.php?t=55)
Greetjes,
Roelof
t896743 13 October 2008, 20:26 Roelof,Uitgevoerd. Nogmaals bedankt voor alle moeite. Ik zal in de toekomst met je tips rekening houden.Nog een vraagje : in explorer krijg is de melding "door uw beveiligingsinstellingen mogen websites geen activeX-bestanden gebruiken die op deze computer zijn geïnstalleerd." Hoe breng ik dit in orde?Daarbij spelen een aantal streamingvideos niet af, vermoedelijk iets te maken met javascript of zoiets????Hartelijke groeten,DG
Roelof 14 October 2008, 09:00 Hoi,
Kun je eens kijken of jouw instellingen kloppen met deze ideale instellingen :
Om je computer enigszins te beveiligen tegen deze gevaarlijke ActiveX-componenten, kun je de beveiliging in Internet Explorer ietsje aanpassen, waardoor de uitvoering van ActiveX-componenten wordt beperkt.
1. In internet explorer, klik Extra > Internetopties > Beveiliging
2. Klik op de wereldbol (het Internet) en klik vervolgens op standaard niveau en daarna op toepassen.
3. Klik vervolgens op aangepast niveau
4. In het Active-X gedeelte moet je de instellingen als volgt hebben staan:
- ActiveX besturingselementen die niet zijn gemarkeerd als veilig: Uitschakelen
- ActiveX besturingselementen die zijn gemarkeerd als veilig voor uitvoeren van scripts: Inschakelen
- ActiveX besturingselementen en -invoegtoepassingen uitvoeren: Inschakelen
- ActiveX besturingselementen met handtekening downloaden: Vragen
- ActiveX besturingselementen zonder handtekening downloaden: Uitschakelen
6. Klik op Toepassen en daarna op OK
Groetjes,
Roelof
t896743 18 October 2008, 18:34 Roelof,
Sorry voor de laattijdige reactie. Ik zat een weekje in het buitenland voor mijn job. Heb die instellingen overgenomen maar explorer blijft nog altijd vermelden "door uw beveiligingsinstellingen mogen websites geen activeX-bestanden gebruiken die op deze computer zijn geïnstalleerd."
Groeten,
Guido.
Roelof 19 October 2008, 18:49 Hoi,
Is goed.
Gaan we even wat anders proberen.
1) Voor je trage internet kun je dit (http://www.hitmanpro.nl/iefix.exe) programma gebruiken.
Het probleem kan zijn dat door de worm je internet protocol beschadigd is en dit programma repareert dit probleem.
Neem hiervoor de volgende stappen :
Download het programma en laat het opslaan op het bureaublad.
Start iefix.exe
Daarna krijg je een scherm waarin gevraagd wordt of u wilt doorgaan : kies hier voor ja.
Daarna krijg je een scherm waarin gevraagd wordt of u het internet protocol wilt herstellen: Kies hier voor nee.
Als laatste krijg je een scherm waar staat dat u de computer opnieuw moet starten. Doe dit ook.
Groetjes,
Roelof
t896743 25 October 2008, 20:57 Roelof,
Ik had al geantwoord op 19/10 maar ik zie nu pas dat er blijkbaar iets mislopen is. Bedankt man, dat programmaatje "iefix" heeft alles in orde gebracht. Thanks, nogmaals bedankt voor de vele hulp en hou je haaks.
Groeten,
GD
Roelof 25 October 2008, 21:02 oke,
Blij dat je problemen weer over zijn.
Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) (by OldTimer)
Plaats het bestand op je bureaublad.
Zorg dat er een internetverbinding is en dubbelklik vervolgens OTCleanIt.exe om het programma te starten.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTCleanIt.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
OTCleanIt zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.
Nota: Het gebruik van OTCleanIt zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.
Beveiligings Tips (http://www.jawwi.nl/beveiliging/basis.html)
nog meer tips (http://users.telenet.be/bluepatchy/miekiemoes/tragecomputer.html)
Groetjes,
Roelof
t896743 1 November 2008, 13:05 Hoi Roulof.
I'am back in town van een tijdje buitenland. Heb OT Clean it uitgevoerd. Thanks.
Ik voeg nog eens een logje van Hijack. Computer lijkt mij nu traag bij het opstarten en ook internet gaat trager. Ik heb wat beveiligingsprogrammaatjes geïnstalleerd. Nemen die misschien teveel geheugen? Ziet ge nog iets verdachts?
Groeten en nogmaals bedankt voor uw hulp.
DG
----------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:28, on 1/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
N:\Nieuwe bestanden\Adaware\aawservice.exe
C:\nieuwe bestanden\avast!\aswUpdSv.exe
C:\nieuwe bestanden\avast!\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
N:\Nieuwe bestanden\Comodo BO-clean Anti-malware\BOCORE.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\nieuwe bestanden\avast!\ashMaiSv.exe
C:\nieuwe bestanden\avast!\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
N:\NIEUWE~1\COMODO~1\BOC427.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe
N:\Nieuwe bestanden\Spybot\Spybot - Search & Destroy\TeaTimer.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpohmr08.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpotdd01.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\bin\hpoevm08.exe
C:\nieuwe bestanden\All-in-one\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\nieuwe bestanden\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\nieuwe bestanden\Techsmit Snagit 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - N:\NIEUWE~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\nieuwe bestanden\clonecd\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BOC-427] N:\NIEUWE~1\COMODO~1\BOC427.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "N:\Nieuwe bestanden\TomTomHome\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] N:\Nieuwe bestanden\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\NIEUWE~1\Spybot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\NIEUWE~1\Spybot\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.be/static/download/pixacodndupload.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h20264.www2.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1115.cab
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - file://C:\Documents and Settings\Guido\Mijn documenten\Mijn video's\MediaShow.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125930738515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1118.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - N:\Nieuwe bestanden\Adaware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\nieuwe bestanden\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\nieuwe bestanden\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\nieuwe bestanden\avast!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\nieuwe bestanden\avast!\ashWebSv.exe
O23 - Service: BOCore - COMODO - N:\Nieuwe bestanden\Comodo BO-clean Anti-malware\BOCORE.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\nieuwe bestanden\Tune utilities 2006\WinStylerThemeSvc.exe
--
End of file - 8714 bytes
Roelof 2 November 2008, 16:21 Hoi,
Kun je dit even proberen :"
1) Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad 'Main', plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.
Gebruik je ook Firefox als browser:
Klik op tabblad 'Firefox', plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op 'No'.
(dit verwijdert het vinkje bij 'Firefox saved passwords')
Klik op de knop Empty Selected.
Gebruik je ook Opera als browser:
Klik op tabblad Opera', plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op 'No'.
Klik op de knop Empty Selected.
Ga naar het tabblad 'Main'en klik op de knop Exit om het programma af te sluiten.
2) Voer voor de traagheid dit stappenplan (http://www.hijackthis.nl/forum/viewtopic.php?t=4442) eens uit.
Groetjes,
Roelof
t896743 5 November 2008, 21:32 Hor Roelof,
Uitgevoerd !! Heb stappenplan tevens overlopen.
Bedankt voor alle professionele hulp.
Grtz,
GD
Roelof 5 November 2008, 21:43 Alle problemen opgelost ?
Roelof
t896743 16 November 2008, 20:42 Hoi Roelof,
Sorry voor het late antwoord, pas terug van weggeweest. Pc lijkt mij nu normaal te lopen. Als ik zie vanwaar hij komt en de problemen die er waren, is dit een succes. Ietwat traag maar ja, hij is niet meer van de jongste. Ik voeg volledigheidshalve nog een logje bij.
Nogmaals hartstikke bedankt.
Groeten,
DG
--------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:15, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
N:\Nieuwe bestanden\Adaware\aawservice.exe
C:\nieuwe bestanden\avast!\aswUpdSv.exe
C:\nieuwe bestanden\avast!\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\nieuwe bestanden\avast!\ashMaiSv.exe
C:\nieuwe bestanden\avast!\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\nieuwe bestanden\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\nieuwe bestanden\Techsmit Snagit 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - N:\NIEUWE~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\NIEUWE~1\Spybot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\NIEUWE~1\Spybot\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.be/static/download/pixacodndupload.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h20264.www2.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1115.cab
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - file://C:\Documents and Settings\Guido\Mijn documenten\Mijn video's\MediaShow.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125930738515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://62.100.53.122/activex/AxisCamControl.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1118.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - N:\Nieuwe bestanden\Adaware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\nieuwe bestanden\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\nieuwe bestanden\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\nieuwe bestanden\avast!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\nieuwe bestanden\avast!\ashWebSv.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\nieuwe bestanden\Tune utilities 2006\WinStylerThemeSvc.exe
--
End of file - 7629 bytes
Roelof 16 November 2008, 20:50 Hoi,
Alles ziet er schoon uit.
Alleen je java is verouderd.
Download Java Runtime Environment (JRE) 6 Update 10 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "Java Runtime Environment (JRE) 6u10".
Klik op de "Download" knop aan de rechterkant.
In het uitklapmenu rechts naast Platform, selecteer Windows
Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
De pagina zal herladen.
Klik op de jre-6u10-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u10-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.
Groetjes,
Roelof
|
|