Volledige versie bekijken : Pc loopt vast verschillende websites niet bereikbaar
Beake 27 December 2008, 21:00 Sinds enige tijd loopt mijn computer XP vast, enige oplossing is stekker uit stopcontact en opnieuw opstarten.
Ook is AVG niet meer te updaten, zelfs de site van AVG/Grisoft kan ik niet meer bereiken. Ad-Aware site is ook niet bereikbaar. On-line virusscanners eveneens niet te starten of website niet te openen.
Gisteren avond heb ik het web afgezocht via een andere PC en enkele suggesties van een Nederlandse helpdesk gevolgd. Heb er nadien nog contact mee proberen te krijgen maar dit lukt niet.
1. TDSSserv.sys uitgeschakeld. Via start > uitvoeren "devmgmt.msc" ; Beeld > verborgen apparaten weergeven. > Stuurprogramma's die niet Plug and Play-compatibel zijn.
2. Malwarebytes Antimalware laten draaien en daarmee een 7 tal problemen verwijderd.
Internet is daardoor terug bruikbaar en voorlopig lijkt alles redelijk normaal.
Om dan verder Combofix en hijackThis informatie te gaan interpreteren leek me te ver. Hopenlijk kunnen jullie hier helpen.
Hierbij het HijackThis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:14, on 27/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zita.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229816814593
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1230337283_f82b6cf1b71108f1960764 8386c6efea&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 8137 bytes
Roelof 29 December 2008, 13:08 Hoi,
Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.
Roelof
Beake 29 December 2008, 17:34 Hierbij het log. Tijdens het runnen van ComboFix geeft Spybot Search & Destroy wel 2 maal een registerwijziging aan. Moeten deze geaccepteerd worden?
Alvast bedankt voor de hulp.:)
ComboFix 08-12-28.03 - Eddy 2008-12-29 16:03:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.613 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Eddy\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sara\Bureaublad\Antivirus 360.lnk
c:\documents and settings\Sara\Menu Start\Antivirus 360
c:\documents and settings\Sara\Menu Start\Antivirus 360\Antivirus 360.lnk
c:\documents and settings\Sara\Menu Start\Antivirus 360\Help.lnk
c:\documents and settings\Sara\Menu Start\Antivirus 360\Registration.lnk
c:\program files\A360
c:\program files\A360\av360.exe
c:\windows\system32\TDSSmtve.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
(((((((((((((((((((( Bestanden Gemaakt van 2008-11-28 to 2008-12-29 ))))))))))))))))))))))))))))))
.
2008-12-29 10:33 . 2008-12-29 10:33 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-29 10:32 . 2008-12-29 10:32 <DIR> d-------- c:\program files\Real
2008-12-29 10:32 . 2008-12-29 10:33 <DIR> d-------- c:\program files\Common Files\Real
2008-12-29 10:21 . 2008-12-29 10:59 <DIR> d-------- c:\program files\ChrisTV Online
2008-12-29 10:21 . 2008-04-14 18:02 990 --a------ c:\windows\system32\dvida23ty.dll
2008-12-29 09:54 . 2008-12-29 09:54 <DIR> d-------- c:\windows\AidMaker
2008-12-29 09:54 . 2008-12-29 11:22 <DIR> d-------- c:\program files\ChrisTV Lite
2008-12-29 09:54 . 2008-12-29 15:26 <DIR> d-------- c:\program files\AidMaker
2008-12-29 09:54 . 2008-12-29 12:54 <DIR> d-------- c:\documents and settings\Eddy\Application Data\AidMaker
2008-12-29 09:54 . 2008-12-29 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\engodsag.dk
2008-12-28 15:33 . 2008-12-28 15:45 <DIR> d-------- c:\program files\Paint Shop Pro 6
2008-12-28 15:33 . 2000-01-31 06:02 317,952 --a------ c:\windows\system32\Roboex32.dll
2008-12-28 15:33 . 2000-01-31 06:02 60,928 --a------ c:\windows\system32\DC265ser.ocx
2008-12-28 15:33 . 2000-01-31 06:02 59,904 --a------ c:\windows\system32\DC265ifr.ocx
2008-12-28 15:33 . 2000-01-31 06:02 58,368 --a------ c:\windows\system32\DC265usb.ocx
2008-12-28 15:33 . 2000-01-31 06:02 54,784 --a------ c:\windows\system32\Inetwh32.dll
2008-12-28 15:33 . 2000-01-31 06:02 47,104 --a------ c:\windows\system32\Wh2Robo.dll
2008-12-28 15:21 . 2008-12-28 15:21 <DIR> d-------- c:\program files\PC Wizard 2008
2008-12-28 15:21 . 2007-09-15 15:11 27,136 --a------ c:\windows\system32\PCWizard.cpl
2008-12-28 09:57 . 2008-12-28 10:27 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 09:57 . 2008-12-29 09:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 14:43 . 2008-12-29 13:08 <DIR> dr-h----- c:\documents and settings\Eddy\Onlangs geopend
2008-12-27 12:07 . 2008-12-27 12:07 <DIR> d-------- c:\program files\NOS
2008-12-27 12:07 . 2008-12-27 12:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-27 12:04 . 2008-12-27 12:04 <DIR> d-------- c:\documents and settings\Eddy\Application Data\AdobeUM
2008-12-26 22:39 . 2008-12-26 22:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 22:39 . 2008-12-26 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-26 22:39 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 22:39 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 21:48 . 2008-12-26 21:53 <DIR> d-------- c:\program files\TweakNow RegCleaner
2008-12-26 21:47 . 2008-12-26 21:47 <DIR> d-------- c:\program files\ToniArts
2008-12-26 21:28 . 2008-12-26 21:28 <DIR> d-------- c:\documents and settings\Eddy\Application Data\Malwarebytes
2008-12-26 17:48 . 2008-12-26 21:47 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner
2008-12-26 16:57 . 2008-12-26 17:16 <DIR> d-------- c:\program files\QUAD Utilities
2008-12-26 16:31 . 2008-12-26 16:31 <DIR> d-------- c:\program files\Lavasoft
2008-12-26 16:31 . 2008-12-26 16:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-26 16:30 . 2008-12-26 16:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-26 14:11 . 2008-12-26 21:51 <DIR> d-------- c:\documents and settings\Eddy\Application Data\LimeWire
2008-12-26 14:08 . 2008-12-26 14:08 <DIR> d-------- c:\windows\Sun
2008-12-26 14:08 . 2008-12-26 14:07 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-26 14:08 . 2008-12-26 14:07 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-26 14:07 . 2008-12-26 14:07 <DIR> d-------- c:\program files\Java
2008-12-25 00:07 . 2008-12-29 10:55 69 --a------ c:\windows\NeroDigital.ini
2008-12-22 17:09 . 2008-12-28 19:56 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-22 11:57 . 2008-12-22 11:57 <DIR> d-------- c:\documents and settings\Sara\Application Data\AdobeUM
2008-12-22 11:42 . 2008-12-22 11:42 <DIR> d-------- c:\documents and settings\Sara\Application Data\CyberLink
2008-12-21 20:06 . 2008-12-21 20:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-12-21 20:05 . 2008-12-21 20:07 <DIR> d-------- c:\program files\Canon
2008-12-21 20:00 . 2008-12-21 20:00 <DIR> d-------- c:\program files\Common Files\Canon
2008-12-21 19:50 . 2008-12-21 19:50 <DIR> d-------- c:\program files\VS Revo Group
2008-12-21 19:43 . 2008-12-21 19:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-12-21 19:29 . 2008-12-21 19:29 <DIR> d-------- c:\documents and settings\Eddy\Application Data\Ahead
2008-12-21 19:27 . 2008-12-21 19:27 <DIR> d-------- c:\program files\Nero
2008-12-21 19:27 . 2008-12-21 19:27 <DIR> d-------- c:\program files\Common Files\Ahead
2008-12-21 18:47 . 2008-12-21 18:47 <DIR> d-------- c:\program files\TechSmith
2008-12-21 17:05 . 2008-12-21 17:14 <DIR> d-------- c:\documents and settings\Sara\Application Data\Skype
2008-12-21 17:03 . 2008-12-21 17:03 <DIR> d-------- c:\program files\Skype
2008-12-21 17:03 . 2008-12-21 17:03 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-21 17:03 . 2008-12-21 18:55 <DIR> d-------- c:\documents and settings\Eddy\Application Data\Skype
2008-12-21 17:03 . 2008-12-21 17:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-21 16:23 . 2008-12-21 19:00 <DIR> d-------- c:\windows\Motive
2008-12-21 16:22 . 2008-12-21 19:01 <DIR> d-------- c:\program files\Motive
2008-12-21 16:21 . 2008-12-21 19:01 <DIR> d-------- c:\program files\Telenet EasyCare
2008-12-21 16:08 . 2008-12-26 16:46 <DIR> d-------- C:\Incomplete
2008-12-21 16:07 . 2008-12-21 16:07 <DIR> d-------- C:\Shared folders
2008-12-21 16:07 . 2008-12-26 19:26 <DIR> d-------- C:\My Shared Folder
2008-12-21 15:54 . 2008-12-21 15:54 <DIR> d-------- c:\documents and settings\Eddy\Application Data\Windows Search
2008-12-21 15:54 . 2008-12-21 15:55 2,640 --a------ c:\windows\DevMgr.ini
2008-12-21 15:48 . 2008-12-21 15:48 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-21 15:48 . 2002-11-20 18:52 90,112 --a------ c:\windows\system32\hpocon09.exe
2008-12-21 15:48 . 2002-11-20 18:52 22,139 --a------ c:\windows\system32\hpocoi08.dll
2008-12-21 15:48 . 2008-12-21 15:48 20 --a------ c:\windows\Hposcv07.INI
2008-12-21 15:47 . 2008-12-21 15:47 <DIR> d-------- c:\windows\AiOTemp
2008-12-21 15:42 . 2008-12-21 15:42 <DIR> d-------- c:\documents and settings\LocalService\Application Data\CyberLink
2008-12-21 15:23 . 2008-12-21 15:23 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-21 15:22 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-21 15:22 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-21 15:22 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-21 14:10 . 2008-12-28 21:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-12-21 14:09 . 2005-10-28 21:54 198,144 --a------ c:\windows\system32\_psisdecd.dll
2008-12-21 14:09 . 2005-10-28 21:54 44,544 --a------ c:\windows\system32\msxml4a.dll
2008-12-21 14:09 . 2000-06-23 12:46 33,314 --a------ c:\windows\WMPrfSve.prx
2008-12-21 14:08 . 2008-12-21 14:10 <DIR> d-------- c:\program files\Home Cinema
2008-12-21 14:08 . 2002-12-11 20:11 32,964 --a------ c:\windows\WMPrfNLD.prx
2008-12-21 13:57 . 2003-08-14 19:13 40,960 --a------ c:\program files\Uninstall_PCM.exe
2008-12-21 13:19 . 2008-12-21 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\X10 Settings
2008-12-21 12:01 . 2008-12-21 12:01 <DIR> d-------- c:\program files\Intel
2008-12-21 11:26 . 2008-12-21 12:00 <DIR> d-------- C:\Medion
2008-12-21 10:39 . 2008-12-21 10:39 <DIR> d-------- c:\program files\RALINK
2008-12-21 10:39 . 2005-07-14 20:58 241,536 --a------ c:\windows\system32\drivers\rt2500usb.sys
2008-12-21 10:39 . 2004-11-02 17:36 73,728 --a------ c:\windows\system32\Install2500USB.dll
2008-12-21 10:39 . 2004-10-13 17:02 45,056 --a------ c:\windows\system32\DEDriverDLL.dll
2008-12-21 10:39 . 2004-10-13 17:02 36,864 --a------ c:\windows\system32\WRLSetup.exe
2008-12-21 10:39 . 2008-12-21 10:39 19,915 --a------ c:\windows\system32\drivers\AegisP.sys
2008-12-21 10:39 . 2004-10-13 17:02 116 --a------ c:\windows\filespecrtrt2500USB
2008-12-21 10:00 . 2008-12-21 10:00 <DIR> d-------- c:\documents and settings\Eddy\WINDOWS
2008-12-21 10:00 . 1998-07-30 18:40 306,176 --a------ c:\windows\IsUn0413.exe
2008-12-21 07:38 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-21 07:38 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-21 06:36 . 2008-10-16 21:33 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-21 06:36 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-21 06:36 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-21 06:36 . 2008-10-16 21:33 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-21 06:36 . 2008-10-16 21:33 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-21 06:36 . 2008-10-16 21:33 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-21 06:36 . 2008-10-16 21:33 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-21 06:36 . 2008-10-16 21:33 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-21 06:36 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-21 01:38 . 2008-12-21 15:47 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-21 01:32 . 2008-06-14 18:36 272,640 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-21 01:32 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-21 01:31 . 2008-10-16 02:02 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2008-12-21 01:31 . 2008-10-16 21:33 1,160,192 -----c--- c:\windows\system32\dllcache\urlmon.dll
2008-12-21 01:31 . 2008-10-16 21:33 826,368 -----c--- c:\windows\system32\dllcache\wininet.dll
2008-12-21 01:31 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-21 01:29 . 2008-12-13 07:39 3,593,216 -----c--- c:\windows\system32\dllcache\mshtml.dll
2008-12-21 01:29 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-21 01:29 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-21 01:29 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-21 01:29 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-21 01:29 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-21 01:28 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-21 01:28 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-21 01:28 . 2008-05-01 15:37 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-21 01:28 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-26 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-25 17:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-22 10:42 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-12-22 10:41 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-20 20:44 --------- d-----w c:\program files\Microsoft Works
2008-12-20 20:43 --------- d-----w c:\program files\MSBuild
2008-12-20 20:16 --------- d-----w c:\program files\AVG
2008-12-20 19:27 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-22 1261336]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-29 185872]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 c:\windows\RTHDCPL.EXE]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 c:\windows\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HPAiODevice(hp officejet g series) - 1.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HPAiODevice(hp officejet g series) - 1.lnk
backup=c:\windows\pss\HPAiODevice(hp officejet g series) - 1.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk]
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 18:file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 16:07:11
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-12-29 16:09:05 - machine werd herstart
ComboFix-quarantined-files.txt 2008-12-29 15:09:02
Pre-Run: 76.032.729.088 bytes beschikbaar
Post-Run: 76,206,145,536 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
272 --- E O F --- 2008-12-21 11:50:15
Roelof 29 December 2008, 18:26 Hoi,
Yep, je moet ze accepteren.
Je logjes zijn schoon.
Hoe is het nu met je problemen ?
Roelof
Beake 29 December 2008, 18:35 Bedankt Roelof een geruststelling
Internet draait stabiel. AVG geeft nu weer een foutmelding dat de "Resident shield" niet active is.
PowerCinema (TV) draait niet echt goed en loopt regelmatig vast. Vandaag ChrisTV proberen te installeren maar die krijg ik ook niet echt aan de praat. Maar dat is vermoed ik een ander forum.
Nogmaals bedankt voor de hulp.:)
Roelof 29 December 2008, 18:58 Kun je nogmaals Combofix draaien.
Roelof
Beake 29 December 2008, 20:06 Hierbij het nieuwe log. Ik heb het 2 keer moeten draaien gezien de eerste keer mijn PC vast liep (blauw scherm). Er komt op dit ogenblik ook geen geluid meer uit.
ComboFix 08-12-28.04 - Eddy 2008-12-29 18:40:09.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.614 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Eddy\Bureaublad\ComboFix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-11-28 to 2008-12-29 ))))))))))))))))))))))))))))))
.
2008-12-29 10:33 . 2008-12-29 10:33 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-29 10:32 . 2008-12-29 10:32 <DIR> d-------- c:\program files\Real
2008-12-29 10:32 . 2008-12-29 10:33 <DIR> d-------- c:\program files\Common Files\Real
2008-12-29 10:21 . 2008-12-29 10:59 <DIR> d-------- c:\program files\ChrisTV Online
2008-12-29 10:21 . 2008-04-14 18:02 990 --a------ c:\windows\system32\dvida23ty.dll
2008-12-29 09:54 . 2008-12-29 09:54 <DIR> d-------- c:\windows\AidMaker
2008-12-29 09:54 . 2008-12-29 11:22 <DIR> d-------- c:\program files\ChrisTV Lite
2008-12-29 09:54 . 2008-12-29 15:26 <DIR> d-------- c:\program files\AidMaker
2008-12-29 09:54 . 2008-12-29 12:54 <DIR> d-------- c:\documents and settings\Eddy\Application Data\AidMaker
2008-12-29 09:54 . 2008-12-29 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\engodsag.dk
2008-12-28 15:33 . 2008-12-28 15:45 <DIR> d-------- c:\program files\Paint Shop Pro 6
2008-12-28 15:33 . 2000-01-31 06:02 317,952 --a------ c:\windows\system32\Roboex32.dll
2008-12-28 15:33 . 2000-01-31 06:02 60,928 --a------ c:\windows\system32\DC265ser.ocx
2008-12-28 15:33 . 2000-01-31 06:02 59,904 --a------ c:\windows\system32\DC265ifr.ocx
2008-12-28 15:33 . 2000-01-31 06:02 58,368 --a------ c:\windows\system32\DC265usb.ocx
2008-12-28 15:33 . 2000-01-31 06:02 54,784 --a------ c:\windows\system32\Inetwh32.dll
2008-12-28 15:33 . 2000-01-31 06:02 47,104 --a------ c:\windows\system32\Wh2Robo.dll
2008-12-28 15:21 . 2008-12-28 15:21 <DIR> d-------- c:\program files\PC Wizard 2008
2008-12-28 15:21 . 2007-09-15 15:11 27,136 --a------ c:\windows\system32\PCWizard.cpl
2008-12-28 09:57 . 2008-12-28 10:27 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 09:57 . 2008-12-29 09:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 14:43 . 2008-12-29 13:08 <DIR> dr-h----- c:\documents and settings\Eddy\Onlangs geopend
2008-12-27 12:07 . 2008-12-27 12:07 <DIR> d-------- c:\program files\NOS
2008-12-27 12:07 . 2008-12-27 12:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-27 12:04 . 2008-12-27 12:04 <DIR> d-------- c:\documents and settings\Eddy\Application Data\AdobeUM
2008-12-26 22:39 . 2008-12-26 22:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 22:39 . 2008-12-26 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-26 22:39 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 22:39 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 21:48 . 2008-12-26 21:53 <DIR> d-------- c:\program files\TweakNow RegCleaner
2008-12-26 21:47 . 2008-12-26 21:47 <DIR> d-------- c:\program files\ToniArts
2008-12-26 21:28 . 2008-12-26 21:28 <DIR> d-------- c:\documents and settings\Eddy\Application Data\Malwarebytes
2008-12-26 17:48 . 2008-12-26 21:47 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner
2008-12-26 16:57 . 2008-12-26 17:16 <DIR> d-------- c:\program files\QUAD Utilities
2008-12-26 16:31 . 2008-12-26 16:31 <DIR> d-------- c:\program files\Lavasoft
2008-12-26 16:31 . 2008-12-26 16:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-26 16:30 . 2008-12-26 16:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-26 14:11 . 2008-12-26 21:51 <DIR> d-------- c:\documents and settings\Eddy\Application Data\LimeWire
2008-12-26 14:08 . 2008-12-26 14:08 <DIR> d-------- c:\windows\Sun
2008-12-26 14:08 . 2008-12-26 14:07 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-26 14:08 . 2008-12-26 14:07 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-26 14:07 . 2008-12-26 14:07 <DIR> d-------- c:\program files\Java
2008-12-25 00:07 . 2008-12-29 10:55 69 --a------ c:\windows\NeroDigital.ini
2008-12-22 17:09 . 2008-12-28 19:56 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-22 11:57 . 2008-12-22 11:57 <DIR> d-------- c:\documents and settings\Sara\Application Data\AdobeUM
2008-12-22 11:42 . 2008-12-22 11:42 <DIR> d-------- c:\documents and settings\Sara\Application Data\CyberLink
2008-12-21 20:06 . 2008-12-21 20:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-12-21 20:05 . 2008-12-21 20:07 <DIR> d-------- c:\program files\Canon
2008-12-21 20:00 . 2008-12-21 20:00 <DIR> d-------- c:\program files\Common Files\Canon
2008-12-21 19:50 . 2008-12-21 19:50 <DIR> d-------- c:\program files\VS Revo Group
2008-12-21 19:43 . 2008-12-21 19:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-12-21 19:29 . 2008-12-21 19:29 <DIR> d-------- c:\documents and settings\Eddy\Application Data\Ahead
2008-12-21 19:27 . 2008-12-21 19:27 <DIR> d-------- c:\program files\Nero
2008-12-21 19:27 . 2008-12-21 19:27 <DIR> d-------- c:\program files\Common Files\Ahead
2008-12-21 18:47 . 2008-12-21 18:47 <DIR> d-------- c:\program files\TechSmith
2008-12-21 17:05 . 2008-12-21 17:14 <DIR> d-------- c:\documents and settings\Sara\Application Data\Skype
2008-12-21 17:03 . 2008-12-21 17:03 <DIR> d-------- c:\program files\Skype
2008-12-21 17:03 . 2008-12-21 17:03 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-21 17:03 . 2008-12-21 18:55 <DIR> d-------- c:\documents and settings\Eddy\Application Data\Skype
2008-12-21 17:03 . 2008-12-21 17:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-21 16:23 . 2008-12-21 19:00 <DIR> d-------- c:\windows\Motive
2008-12-21 16:22 . 2008-12-21 19:01 <DIR> d-------- c:\program files\Motive
2008-12-21 16:21 . 2008-12-21 19:01 <DIR> d-------- c:\program files\Telenet EasyCare
2008-12-21 16:08 . 2008-12-26 16:46 <DIR> d-------- C:\Incomplete
2008-12-21 16:07 . 2008-12-21 16:07 <DIR> d-------- C:\Shared folders
2008-12-21 16:07 . 2008-12-26 19:26 <DIR> d-------- C:\My Shared Folder
2008-12-21 15:54 . 2008-12-21 15:54 <DIR> d-------- c:\documents and settings\Eddy\Application Data\Windows Search
2008-12-21 15:54 . 2008-12-21 15:55 2,640 --a------ c:\windows\DevMgr.ini
2008-12-21 15:48 . 2008-12-21 15:48 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-21 15:48 . 2002-11-20 18:52 90,112 --a------ c:\windows\system32\hpocon09.exe
2008-12-21 15:48 . 2002-11-20 18:52 22,139 --a------ c:\windows\system32\hpocoi08.dll
2008-12-21 15:48 . 2008-12-21 15:48 20 --a------ c:\windows\Hposcv07.INI
2008-12-21 15:47 . 2008-12-21 15:47 <DIR> d-------- c:\windows\AiOTemp
2008-12-21 15:42 . 2008-12-21 15:42 <DIR> d-------- c:\documents and settings\LocalService\Application Data\CyberLink
2008-12-21 15:23 . 2008-12-21 15:23 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-21 15:22 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-21 15:22 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-21 15:22 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-21 14:10 . 2008-12-28 21:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-12-21 14:09 . 2005-10-28 21:54 198,144 --a------ c:\windows\system32\_psisdecd.dll
2008-12-21 14:09 . 2005-10-28 21:54 44,544 --a------ c:\windows\system32\msxml4a.dll
2008-12-21 14:09 . 2000-06-23 12:46 33,314 --a------ c:\windows\WMPrfSve.prx
2008-12-21 14:08 . 2008-12-21 14:10 <DIR> d-------- c:\program files\Home Cinema
2008-12-21 14:08 . 2002-12-11 20:11 32,964 --a------ c:\windows\WMPrfNLD.prx
2008-12-21 13:57 . 2003-08-14 19:13 40,960 --a------ c:\program files\Uninstall_PCM.exe
2008-12-21 13:19 . 2008-12-21 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\X10 Settings
2008-12-21 12:01 . 2008-12-21 12:01 <DIR> d-------- c:\program files\Intel
2008-12-21 11:26 . 2008-12-21 12:00 <DIR> d-------- C:\Medion
2008-12-21 10:39 . 2008-12-21 10:39 <DIR> d-------- c:\program files\RALINK
2008-12-21 10:39 . 2005-07-14 20:58 241,536 --a------ c:\windows\system32\drivers\rt2500usb.sys
2008-12-21 10:39 . 2004-11-02 17:36 73,728 --a------ c:\windows\system32\Install2500USB.dll
2008-12-21 10:39 . 2004-10-13 17:02 45,056 --a------ c:\windows\system32\DEDriverDLL.dll
2008-12-21 10:39 . 2004-10-13 17:02 36,864 --a------ c:\windows\system32\WRLSetup.exe
2008-12-21 10:39 . 2008-12-21 10:39 19,915 --a------ c:\windows\system32\drivers\AegisP.sys
2008-12-21 10:39 . 2004-10-13 17:02 116 --a------ c:\windows\filespecrtrt2500USB
2008-12-21 10:00 . 2008-12-21 10:00 <DIR> d-------- c:\documents and settings\Eddy\WINDOWS
2008-12-21 10:00 . 1998-07-30 18:40 306,176 --a------ c:\windows\IsUn0413.exe
2008-12-21 07:38 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-21 07:38 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-21 06:36 . 2008-10-16 21:33 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-21 06:36 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-21 06:36 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-21 06:36 . 2008-10-16 21:33 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-21 06:36 . 2008-10-16 21:33 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-21 06:36 . 2008-10-16 21:33 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-21 06:36 . 2008-10-16 21:33 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-21 06:36 . 2008-10-16 21:33 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-21 06:36 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-21 01:38 . 2008-12-21 15:47 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-21 01:32 . 2008-06-14 18:36 272,640 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-21 01:32 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-21 01:31 . 2008-10-16 02:02 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2008-12-21 01:31 . 2008-10-16 21:33 1,160,192 -----c--- c:\windows\system32\dllcache\urlmon.dll
2008-12-21 01:31 . 2008-10-16 21:33 826,368 -----c--- c:\windows\system32\dllcache\wininet.dll
2008-12-21 01:31 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-21 01:29 . 2008-12-13 07:39 3,593,216 -----c--- c:\windows\system32\dllcache\mshtml.dll
2008-12-21 01:29 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-21 01:29 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-21 01:29 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-21 01:29 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-21 01:29 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-21 01:28 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-21 01:28 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-21 01:28 . 2008-05-01 15:37 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-21 01:28 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-29 09:32 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-12-26 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-25 17:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-22 10:42 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-12-22 10:41 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-22 10:41 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-12-21 15:22 155,995 ----a-w c:\windows\java\Packages\AUIJXBNV.ZIP
2008-12-20 20:44 --------- d-----w c:\program files\Microsoft Works
2008-12-20 20:43 --------- d-----w c:\program files\MSBuild
2008-12-20 20:16 --------- d-----w c:\program files\AVG
2008-12-20 19:27 --------- d-----w c:\program files\microsoft frontpage
2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:05 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-29_16.08.39.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-29 17:38:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_100.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-22 1261336]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-29 185872]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 c:\windows\RTHDCPL.EXE]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 c:\windows\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HPAiODevice(hp officejet g series) - 1.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HPAiODevice(hp officejet g series) - 1.lnk
backup=c:\windows\pss\HPAiODevice(hp officejet g series) - 1.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk]
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 18:file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 18:41:50
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\avgrsstx.dll
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\avgrsstx.dll
.
Voltooingstijd: 2008-12-29 18:42:23
ComboFix-quarantined-files.txt 2008-12-29 17:42:20
ComboFix2.txt 2008-12-29 17:23:43
ComboFix3.txt 2008-12-29 15:09:06
Pre-Run: 76.228.820.992 bytes beschikbaar
Post-Run: 76,213,714,944 bytes beschikbaar
254 --- E O F --- 2008-12-21 11:50:15
Beake 29 December 2008, 21:11 Geluid werkt weer. In apparaatbeheer (hoewel hier geen fouten gemeld stonden) een update van de drivers voor "besturing geluid, video en spelletjes gedaan" en PC terug opgestart. Raar
Roelof 29 December 2008, 21:35 Oke,
Heb je nog problemen en zo ja, welke ?
Roelof
Beake 29 December 2008, 22:46 Voorlopig blijkt alles te werken met uitzondering van ChrisTV, maar dit zal wel ergens aan één of andere driver liggen.
Moet Combofix terug verwijderd worden?
Nogmaals bedankt voor de hulp.
Roelof 29 December 2008, 23:15 Hoi,
Kun je Christv nog steeds niet installeren dan ?
je kunt Combofix verwijderen door naar Start > Uitvoeren en daarna combofix /u in te voeren.
Roelof
Roelof
|
|