Vraag & Antwoord

Beveiliging & privacy

HJT Log ter controle

15 antwoorden
  • Hallo, Ik heb weer eens problemen met m'n pc. Internet Explorer 7 wil geen pagina's meer weergeven en de pc is traag. Via Firefox kan ik gelukkig wel internetten. Is er iemand die mijn log wil bekijken? B.V.D. Groeten Laurens Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:25:02, on 3-2-2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe C:\Program Files\ULi5287\ULi5287.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe C:\WINDOWS\VdCap03C\StillMnt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Cobian Backup 8\Cobian.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Documents and Settings\Laurens\Downloads\WinZip\WZQKPICK.EXE C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Cobian Backup 8\cbInterface.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\RECYCLER\S-1-0-77-100025324-100021522-100004866-5581.com C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\launcher.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-21-507921405-796845957-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jeannet') O4 - HKUS\S-1-5-21-507921405-796845957-725345543-1004\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray (User 'Jeannet') O4 - HKUS\S-1-5-21-507921405-796845957-725345543-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Jeannet') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Laurens\Downloads\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://vpninst.bbnv.nl/dana/download/icaweb.cab?url=/dana/term/winlaunchterm.cgi?op=DownloadCitrixCab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1227358589271&h=6b9206a7054127f2410dd7602376257e/&filename=jinstall-6u10-windows-i586-jc.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpninst.bbnv.nl/dana-cached/setup/JuniperSetupSP1.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D228F21E-E864-4BE5-B269-BE34A069DEBC}: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\System32\dbghelp32.dll O20 - Winlogon Notify: 146b66c1517 - C:\WINDOWS\ O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 12523 bytes
  • Start hijackthis en kies voor 'do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:74716819c0] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{D228F21E-E864-4BE5-B269-BE34A069DEBC}: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O20 - AppInit_DLLs: C:\WINDOWS\System32\dbghelp32.dll O20 - Winlogon Notify: 146b66c1517 - C:\WINDOWS\[/b:74716819c0] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Open een kladblokbestand. Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand. [b:74716819c0]@ECHO OFF IF EXIST log.txt DEL log.txt ECHO Deleting files>>log.txt taskkill /f /im RECYCLER\S-1-0-77-100025324-100021522-100004866-5581.com FOR %%g in ( C:\WINDOWS\System32\dbghelp32.dll) DO ( IF EXIST %%g ( ATTRIB -r -s -h %%g DEL %%g IF EXIST %%g ( ECHO %%g not deleted>>log.txt ) ELSE ( ECHO %%g deleted>>log.txt) ) ELSE ( ECHO %%g not found>>log.txt)) START NOTEPAD.EXE log.txt[/b:74716819c0] Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: del.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. Dubbelklik op del.bat en post de inhoud van de logfile die opent. Download [url=http://www.besttechie.net/tools/mbam-setup.exe][b:74716819c0][color=red:74716819c0]MalwareBytes' Anti-Malware[/color:74716819c0][/b:74716819c0][/url] en sla het op je bureaublad op. Dubbelklik op [b:74716819c0]mbam-setup.exe[/b:74716819c0] om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij:[list:74716819c0] [*:74716819c0]Update MalwareBytes' Anti-Malware [*:74716819c0]Start MalwareBytes' Anti-Malware [/list:u:74716819c0]Klik daarna op "[b:74716819c0]Voltooien[/b:74716819c0]". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:74716819c0] [*:74716819c0]Zodra het programma gestart is, ga dan naar het tabblad "[b:74716819c0]Instellingen[/b:74716819c0]". [*:74716819c0]Vink hier aan: "[b:74716819c0]Sluit Internet Explorer tijdens verwijdering van malware[/b:74716819c0]". [*:74716819c0]Ga daarna naar het tabblad "[b:74716819c0]Scanner[/b:74716819c0]", kies hier voor "[b:74716819c0]Snelle Scan[/b:74716819c0]". [*:74716819c0]Druk vervolgens op "[b:74716819c0]Scannen[/b:74716819c0]" om de scan te starten. [*:74716819c0]Het scannen kan een tijdje duren, dus wees geduldig. [*:74716819c0]Wanneer de scan voltooid is, klik op [b:74716819c0]OK[/b:74716819c0], daarna "[b:74716819c0]Bekijk Resultaten[/b:74716819c0]" om de resultaten te zien. [*:74716819c0]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:74716819c0]Verwijder geselecteerde[/b:74716819c0]". [*:74716819c0]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [/list:u:74716819c0]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:74716819c0]Logs[/b:74716819c0]" tab te klikken in het programma. Plaats dit logje samen met een nieuw logje van HijackThis Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn. Dubbelklik op Flash_Disinfector.exe om de tool te starten. Als de tool klaar is, zal de computer opnieuw starten. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:74716819c0][color=blue:74716819c0]Combofix[/color:74716819c0][/b:74716819c0][/url] naar je Bureaublad en gebruik het volgens [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze handleiding[/url]. [i:74716819c0][color=Red:74716819c0]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:74716819c0]download Combofix opnieuw[/b:74716819c0]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:74716819c0][/i:74716819c0][list:74716819c0][*:74716819c0]Dubbelklik op [b:74716819c0]Combofix.exe[/b:74716819c0] om het te starten. [*:74716819c0][i:74716819c0]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:74716819c0] [*:74716819c0]Klik op [b:74716819c0]OK[/b:74716819c0] in het "NirCmd" venstertje. [*:74716819c0]Klik na afloop terug op [b:74716819c0]Ja[/b:74716819c0] om het scannen op malware te starten. [*:74716819c0]Tijdens het runnen van de fix, [b:74716819c0]NIET[/b:74716819c0] in het venster klikken, want dit zal je pc doen vasthangen. [*:74716819c0]Wanneer de fix voltooid is en na herstart, zal de log [b:74716819c0]Combofix.txt[/b:74716819c0] openen.[/list:u:74716819c0]Post dit logje in je volgende antwoord
  • Hoi, Bedankt voor je hulp. Hierbij de logs. De log van Combofix is niet verschenen, hij startte de pc opnieuw op maar er verscheen na lang wachten geen log bestand. Tevens kon ik de MBAM niet updaten, deze gaf aan dat er geen verbinding met internet is (???). Del.bat log: Deleting files C:\WINDOWS\System32\dbghelp32.dll not found Malwarebytes' Anti-Malware 1.33 Database versie: 1654 Windows 5.1.2600 Service Pack 2 3-2-2009 19:04:03 mbam-log-2009-02-03 (19-04-03).txt Scan type: Snelle Scan Objecten gescand: 60533 Verstreken tijd: 5 minute(s), 25 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 3 Bestanden geïnfecteerd: 3 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Laurens\Local Settings\Temp\matrix30980.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:41, on 2009-02-03 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ULi5287\ULi5287.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\VdCap03C\StillMnt.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Cobian Backup 8\Cobian.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Documents and Settings\Laurens\Downloads\WinZip\WZQKPICK.EXE C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Cobian Backup 8\cbInterface.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\launcher.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Laurens\Downloads\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://vpninst.bbnv.nl/dana/download/icaweb.cab?url=/dana/term/winlaunchterm.cgi?op=DownloadCitrixCab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1227358589271&h=6b9206a7054127f2410dd7602376257e/&filename=jinstall-6u10-windows-i586-jc.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpninst.bbnv.nl/dana-cached/setup/JuniperSetupSP1.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10901 bytes
  • Zoek het bestand combofix.txt op via de standaard zoekfunctie van Windows. Als die niks vindt run ComboFix dan nogmaals en wacht dan als het klaar is nog een tijdje.
  • Gevonden: ComboFix 09-02-02.04 - Laurens 2009-02-03 19:33:31.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1023.551 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Laurens\Bureaublad\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) FW: ESET Persoonlijke firewall *enabled* . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . C:\Documents and Settings\Jeannet\Application Data\02000000edcc9d5f517C.manifest C:\Documents and Settings\Jeannet\Application Data\02000000edcc9d5f517O.manifest C:\Documents and Settings\Jeannet\Application Data\02000000edcc9d5f517P.manifest C:\Documents and Settings\Jeannet\Application Data\02000000edcc9d5f517S.manifest C:\Documents and Settings\Laurens\Application Data\02000000edcc9d5f517C.manifest C:\Documents and Settings\Laurens\Application Data\02000000edcc9d5f517O.manifest C:\Documents and Settings\Laurens\Application Data\02000000edcc9d5f517P.manifest C:\Documents and Settings\Laurens\Application Data\02000000edcc9d5f517S.manifest C:\RECYCLER\S-4-4-56-100009878-100003030-100028440-1485.com C:\WINDOWS\system32\drivers\gaopdxrsrfwblv.sys C:\WINDOWS\system32\drivers\gaopdxserv.sys C:\WINDOWS\system32\dumphive.exe C:\WINDOWS\system32\gaopdxhoehbapx.dll C:\WINDOWS\system32\GroupPolicy000.dat C:\WINDOWS\system32\GroupPolicyManifest C:\WINDOWS\system32\GroupPolicyManifest\216.tmp C:\WINDOWS\system32\SrchSTS.exe C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\VCCLSID.exe C:\WINDOWS\system32\WS2Fix.exe D:\RECYCLER\S-1-0-77-100025324-100021522-100004866-5581.com D:\RECYCLER\S-3-0-14-100017186-100020413-100023803-6732.com D:\RECYCLER\S-4-4-56-100009878-100003030-100028440-1485.com D:\resycled E:\RECYCLER\S-1-0-77-100025324-100021522-100004866-5581.com E:\RECYCLER\S-3-0-14-100017186-100020413-100023803-6732.com E:\RECYCLER\S-4-4-56-100009878-100003030-100028440-1485.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys (((((((((((((((((((( Bestanden Gemaakt van 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))) . 2009-02-02 18:45 . 2009-02-02 18:45 374,272 --ahs---- C:\WINDOWS\system32\22.tmp 2009-02-02 13:21 . 2009-02-02 13:21 373,760 --ahs---- C:\WINDOWS\system32\39.tmp 2009-02-01 19:00 . 2009-02-01 19:00 0 --a------ C:\WINDOWS\nsreg.dat 2009-02-01 16:23 . 2009-02-01 16:25 <DIR> d-------- C:\Program Files\SpywareBlaster 2009-02-01 13:50 . 2009-02-03 19:04 <DIR> d--hs---- C:\Documents and Settings\Laurens\Onlangs geopend 2009-02-01 13:27 . 2009-02-01 13:27 <DIR> d-------- C:\Program Files\TagRename 2009-02-01 12:56 . 2009-02-03 13:34 4 --a------ C:\WINDOWS\system32\gaopdxcounter 2009-01-26 19:13 . 2009-01-27 13:18 <DIR> d-------- C:\Program Files\FreeRIP3 2009-01-26 19:13 . 2009-01-26 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeRIP 2009-01-25 10:43 . 2009-01-25 10:43 <DIR> d-------- C:\Program Files\Naviextras 2009-01-25 10:43 . 2009-01-25 10:43 <DIR> d-------- C:\Documents and Settings\Laurens\Application Data\Naviextras 2009-01-22 21:28 . 2009-01-22 21:28 <DIR> d-------- C:\Documents and Settings\Laurens\LimeWire Store Purchased 2009-01-17 13:12 . 2009-02-02 19:18 <DIR> d-------- C:\Documents and Settings\Laurens\Application Data\LimeWirePlus 2009-01-10 13:47 . 2009-01-18 11:44 <DIR> d-------- C:\Documents and Settings\Laurens\Application Data\LimeWirePlus(2) . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-03 17:47 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2009-02-01 17:40 --------- d-----w C:\Program Files\Hitman Pro 2009-02-01 16:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-01 15:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2009-01-18 12:50 --------- d-----w C:\Program Files\Microsoft ActiveSync 2009-01-18 10:44 --------- d-----w C:\Program Files\LimeWire Plus 2009-01-18 10:44 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Juniper Networks 2009-01-18 10:11 --------- d-----w C:\Program Files\RegCure 2009-01-18 10:11 --------- d-----w C:\Program Files\Hema Album Software Advanced 2009-01-18 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced 2009-01-14 15:11 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2009-01-14 15:11 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-12-18 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Juniper Networks 2008-11-22 12:55 410,976 ----a-w C:\WINDOWS\system32\deploytk.dll 2008-11-19 21:58 70,438 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-11-19 21:58 5,374 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-07-19 18:37 30 ----a-w C:\Program Files\Exiferupdate.ini 2008-01-23 21:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2003-10-23 16:52 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ------- Sigcheck ------- 2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe 2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 C:\WINDOWS\system32\wuauclt.exe 2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 C:\WINDOWS\system32\dllcache\wuauclt.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "Cobian Backup 8"="C:\Program Files\Cobian Backup 8\Cobian.exe" [2007-09-27 12:37 501248] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 17:41 1232896] "Vista Rainbar"="C:\Program Files\Vista Rainbar\launcher.exe" [2008-11-14 21:57 131778] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-01-03 03:58 208896] "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-01-03 03:59 69632] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 07:51 86016] "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-26 16:58 61440] "ULiRaid"="C:\Program Files\ULi5287\ULi5287.exe" [2005-08-23 20:59 409600] "NSLU2 Flash Map Utility"="C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe" [2004-04-30 11:33 245760] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 07:51 7323648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 18:45 192512] "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 13:17 94208] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 14:09 413696] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 13:23 1447168] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-22 13:55 136600] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 21:10 151552] "nwiz"="nwiz.exe" [2005-12-14 07:51 1519616 C:\WINDOWS\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 06:36 14854144 C:\WINDOWS\RTHDCPL.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 17:41 1232896] C:\Documents and Settings\Laurens\Menu Start\Programma's\Opstarten\ TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14 155648] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ WinZip Quick Pick.lnk - C:\Documents and Settings\Laurens\Downloads\WinZip\WZQKPICK.EXE [2008-04-28 10:20:00 415072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "FirebirdServerMAGIXInstance"=3 (0x3) "WebrootSpySweeperService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"= "C:\\RASplus\\RASplus_Runner.exe"= "C:\\Program Files\\NSLU2 Flash Map Utility\\StorageLink.exe"= "C:\\Program Files\\Titan\\Bin\\titan.exe"= "C:\\Documents and Settings\\Laurens\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"= "C:\\Documents and Settings\\Laurens\\Application Data\\Juniper Networks\\Juniper Citrix Services Client\\dsCitrixProxy.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3306:TCP"= 3306:TCP:MySQL Server R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2007-11-21 23:09:11 101120] R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 13:25:10 468224] S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\WINDOWS\system32\drivers\ndisprot.sys [2008-11-16 19:47:43 27904] S3 UfasoftSnifferDriver;Ufasoft Sniffer driver;C:\Program Files\Ufasoft\Sniffer\sniff_nt.sys [2008-01-22 22:41:02 11584] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eacdcf8-cc65-11dd-b4e2-0013d3eebb92}] \Shell\AutoRun\command - F:\CarryItEasy.exe /AUTORUN \Shell\configure\command - F:\CarryItEasy.exe \Shell\install\command - F:\CarryItEasy.exe . Inhoud van de 'Gedeelde Taken' map 2008-09-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-03 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe [] 2009-01-02 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe [] 2009-02-02 C:\WINDOWS\Tasks\SyncBack Synchronistie van D.job - C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe [2008-08-12 11:00] . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-StillMnt - WCamRmv.exe Notify-dimsntfy - (no file) Notify-WgaLogon - (no file) . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - C:\Documents and Settings\Laurens\Application Data\Mozilla\Firefox\Profiles\ayh04bn7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/ .
  • Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn. Dubbelklik op Flash_Disinfector.exe om de tool te starten. Als de tool klaar is, zal de computer opnieuw starten. Open een kladblokbestand. Kopieer de onderstaande code, en plak deze in het kladblokbestand. [color=blue:53b36e5f87][b:53b36e5f87] File:: C:\WINDOWS\nsreg.dat Folder:: c:\windows\system32\gaopdxcounter C:\WINDOWS\system32\22.tmp C:\WINDOWS\system32\39.tmp Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eacdcf8-cc65-11dd-b4e2-0013d3eebb92}] [/b:53b36e5f87][/color:53b36e5f87] Sla het kladblokbestand op als CFScript.txt Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder: [img:53b36e5f87]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:53b36e5f87] ComboFix zal opnieuw starten. Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.
  • Hierbij het log. Nu ik de pc en Windows opnieuw opstart krijg ik de foutmelding dat Windows een bestandniet vindt en kan starten. Het gaat om het bestand: C:\windows\system32\scrnrdr.exe Log: ComboFix 09-02-03.01 - Laurens 2009-02-04 17:32:44.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1023.369 [GMT 1:00] Gestart vanuit: c:\documents and settings\Laurens\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Laurens\Bureaublad\CFScript.txt AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) FW: ESET Persoonlijke firewall *enabled* * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\nsreg.dat c:\windows\system32\22.tmp\ c:\windows\system32\39.tmp\ c:\windows\system32\gaopdxcounter\ . ---- Voorgaande Run ------- . c:\documents and settings\Jeannet\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517C.manifest c:\documents and settings\Jeannet\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517O.manifest c:\documents and settings\Jeannet\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517P.manifest c:\documents and settings\Jeannet\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517S.manifest c:\documents and settings\Laurens\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517C.manifest c:\documents and settings\Laurens\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517O.manifest c:\documents and settings\Laurens\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517P.manifest c:\documents and settings\Laurens\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517S.manifest c:\recycler\S-4-4-56-100009878-100003030-100028440-1485.com c:\windows\system32\drivers\gaopdxrsrfwblv.sys c:\windows\system32\drivers\gaopdxserv.sys c:\windows\system32\dumphive.exe c:\windows\system32\gaopdxhoehbapx.dll c:\windows\system32\GroupPolicy000.dat c:\windows\system32\GroupPolicyManifest c:\windows\system32\GroupPolicyManifest\216.tmp c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe d:\recycler\S-1-0-77-100025324-100021522-100004866-5581.com d:\recycler\S-3-0-14-100017186-100020413-100023803-6732.com d:\recycler\S-4-4-56-100009878-100003030-100028440-1485.com D:\resycled e:\recycler\S-1-0-77-100025324-100021522-100004866-5581.com e:\recycler\S-3-0-14-100017186-100020413-100023803-6732.com e:\recycler\S-4-4-56-100009878-100003030-100028440-1485.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys (((((((((((((((((((( Bestanden Gemaakt van 2009-01-04 to 2009-02-04 )))))))))))))))))))))))))))))) . 2009-02-04 17:21 . 2009-02-04 17:23 <DIR> d-------- c:\windows\LastGood 2009-02-02 18:45 . 2009-02-02 18:45 374,272 --ahs---- c:\windows\system32\22.tmp 2009-02-02 13:21 . 2009-02-02 13:21 373,760 --ahs---- c:\windows\system32\39.tmp 2009-02-01 16:23 . 2009-02-01 16:25 <DIR> d-------- c:\program files\SpywareBlaster 2009-02-01 13:50 . 2009-02-04 17:30 <DIR> d--hs---- c:\documents and settings\Laurens\Onlangs geopend 2009-02-01 13:27 . 2009-02-01 13:27 <DIR> d-------- c:\program files\TagRename 2009-02-01 12:56 . 2009-02-03 13:34 4 --a------ c:\windows\system32\gaopdxcounter 2009-01-26 19:13 . 2009-01-27 13:18 <DIR> d-------- c:\program files\FreeRIP3 2009-01-26 19:13 . 2009-01-26 19:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\FreeRIP 2009-01-25 10:43 . 2009-01-25 10:43 <DIR> d-------- c:\program files\Naviextras 2009-01-25 10:43 . 2009-01-25 10:43 <DIR> d-------- c:\documents and settings\Laurens\Application Data\Naviextras 2009-01-22 21:28 . 2009-01-22 21:28 <DIR> d-------- c:\documents and settings\Laurens\LimeWire Store Purchased 2009-01-17 13:12 . 2009-02-02 19:18 <DIR> d-------- c:\documents and settings\Laurens\Application Data\LimeWirePlus 2009-01-10 13:47 . 2009-01-18 11:44 <DIR> d-------- c:\documents and settings\Laurens\Application Data\LimeWirePlus(2) . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-03 17:47 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-01 17:40 --------- d-----w c:\program files\Hitman Pro 2009-02-01 16:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-01 15:24 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-18 12:50 --------- d-----w c:\program files\Microsoft ActiveSync 2009-01-18 10:44 --------- d-----w c:\program files\LimeWire Plus 2009-01-18 10:44 --------- d-----w c:\documents and settings\Laurens\Application Data\Juniper Networks 2009-01-18 10:11 --------- d-----w c:\program files\RegCure 2009-01-18 10:11 --------- d-----w c:\program files\Hema Album Software Advanced 2009-01-18 10:11 --------- d-----w c:\documents and settings\All Users\Application Data\Hema Album Software Advanced 2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-18 19:47 --------- d-----w c:\documents and settings\All Users\Application Data\Juniper Networks 2008-11-22 12:55 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-11-19 21:58 70,438 ----a-w c:\windows\BricoPackUninst.cmd 2008-11-19 21:58 5,374 ----a-w c:\windows\BricoPackFoldersDelete.cmd 2008-07-19 18:37 30 ----a-w c:\program files\Exiferupdate.ini 2008-01-23 21:53 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2003-10-23 16:52 40,960 ----a-w c:\program files\Uninstall_CDS.exe . ------- Sigcheck ------- 2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe 2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe 2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe . ((((((((((((((((((((((((((((( snapshot@2009-02-03_19.35.09.00 ))))))))))))))))))))))))))))))))))))))))) . - 2006-12-19 21:51:37 8,500,736 -c----w c:\windows\$NtUninstallKB943460$\shell32.dll - 2007-08-21 10:53:31 122,880 -c----w c:\windows\$NtUninstallKB943460$\xpsp3res.dll + 2006-12-19 21:51:37 8,500,736 -c----w c:\windows\$NtUninstallKB943460_0$\shell32.dll + 2006-12-19 21:51:37 8,500,736 -c----w c:\windows\$NtUninstallKB943460_0$\shell32.dll.000 + 2007-03-06 01:58:27 216,800 -c----w c:\windows\$NtUninstallKB943460_0$\spuninst\spuninst.exe + 2007-03-06 01:59:37 389,856 -c----w c:\windows\$NtUninstallKB943460_0$\spuninst\updspapi.dll + 2007-08-21 10:53:31 122,880 -c----w c:\windows\$NtUninstallKB943460_0$\xpsp3res.dll + 2006-06-02 19:34:07 33,792 ------w c:\windows\network diagnostic\custsat.dll + 2006-10-10 12:44:50 557,568 ------w c:\windows\network diagnostic\xpnetdiag.exe - 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe + 2009-01-09 16:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe + 2009-02-04 13:07:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_33c.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Cobian Backup 8"="c:\program files\Cobian Backup 8\Cobian.exe" [2007-09-27 501248] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896] "Vista Rainbar"="c:\program files\Vista Rainbar\launcher.exe" [2008-11-14 131778] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SW20"="c:\windows\system32\sw20.exe" [2006-01-03 208896] "SW24"="c:\windows\system32\sw24.exe" [2006-01-03 69632] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-14 86016] "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-26 61440] "ULiRaid"="c:\program files\ULi5287\ULi5287.exe" [2005-08-23 409600] "NSLU2 Flash Map Utility"="c:\program files\NSLU2 Flash Map Utility\StorageLink.exe" [2004-04-30 245760] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512] "EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-22 136600] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552] "nwiz"="nwiz.exe" [2005-12-14 c:\windows\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 c:\windows\RTHDCPL.exe] "StillMnt"="WCamRmv.exe" [BU] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896] c:\documents and settings\Laurens\Menu Start\Programma's\Opstarten\ TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ WinZip Quick Pick.lnk - c:\documents and settings\Laurens\Downloads\WinZip\WZQKPICK.EXE [2008-04-28 415072] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] [BU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon] [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "FirebirdServerMAGIXInstance"=3 (0x3) "WebrootSpySweeperService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"= "c:\\RASplus\\RASplus_Runner.exe"= "c:\\Program Files\\NSLU2 Flash Map Utility\\StorageLink.exe"= "c:\\Program Files\\Titan\\Bin\\titan.exe"= "c:\\Documents and Settings\\Laurens\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"= "c:\\Documents and Settings\\Laurens\\Application Data\\Juniper Networks\\Juniper Citrix Services Client\\dsCitrixProxy.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3306:TCP"= 3306:TCP:MySQL Server R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2007-11-21 101120] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-16 27904] S3 UfasoftSnifferDriver;Ufasoft Sniffer driver;c:\program files\Ufasoft\Sniffer\sniff_nt.sys [2008-01-22 11584] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - CSISCANNER *Deregistered* - CSIScanner . Inhoud van de 'Gedeelde Taken' map 2008-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-04 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [] 2009-01-02 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [] 2009-02-02 c:\windows\Tasks\SyncBack Synchronistie van D.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-08-12 11:00] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Laurens\Application Data\Mozilla\Firefox\Profiles\ayh04bn7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-04 17:35:39 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-02-04 17:37:25 ComboFix-quarantined-files.txt 2009-02-04 16:37:18 Pre-Run: 55,251,599,360 bytes beschikbaar Post-Run: 55,241,764,864 bytes beschikbaar Current=3 Default=3 Failed=1 LastKnownGood=2 Sets=1,2,3,4 224 --- E O F --- 2008-01-09 22:43:24
  • Download [url=http://users.skynet.be/gv_soft/Programmas/GV_Killer.exe]GV Killer.exe[/url]. Zet het in een eigen map bijvoorbeeld in de map C:\Program Files\GV Killer en maak vervolgens een snelkoppeling van C:\Program Files\GV Killer\GV Killer.exe naar je bureaublad. Start GV Killer en gebruik Kopiëren en Plakken om de namen van onderstaande bestanden en mappen in het bestand C:\Program Files\GV Killer\input.txt te zetten. [b:4a3a10064d]c:\windows\system32\22.tmp c:\windows\system32\39.tmp[/b:4a3a10064d] Sluit het bestand C:\Program Files\GV Killer\input.txt en druk op de toets Start Killing om het programma te starten. Plaats de inhoud van het bestand C:\GV Killer.txt in je volgende bericht.
  • Logfile gv_killer_01.txt v7.0.9 - Copyright © GV_Soft Guido Vaesen Rapport datum: 4-2-2009 19:24:58 log van Laurens , Beheerder van deze computer Platform: Windows XP Prof SP2 NLD Normale modus BEGIN Geplande taken----------------------------------------------------------------- C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\RegCure Program Check.job C:\WINDOWS\tasks\RegCure.job C:\WINDOWS\tasks\SyncBack Synchronistie van D.job EINDE Geplande taken----------------------------------------------------------------- Lijst Notify keys-------------------------------------------------------------------- HKLM\software\microsoft\windows nt\currentversion\winlogon\notify dimsntfy WgaLogon Einde Notify keys-------------------------------------------------------------------- Verklaring Errorcodes---------------------------------------------------------------- code 00 : Bestand is verwijderd. code 53 : Bestand of map werd niet gevonden op uw PC. code 70 : Bestand was in gebruik. code 75 : Services zijn nog geladen of bestand in gebruik. code M0 : Map is verwijderd. code ML : Map is volledig leeg gemaakt. code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt. code MV : Map werd niet gevonden op uw PC, is niet verwijderd. code K0 : Register key is verwijderd. Einde Errorcodes-------------------------------------------------------------------- BEGIN Inhoud van Input.txt----------------------------------------------------------- c:\windows\system32\22.tmp c:\windows\system32\39.tmp EINDE Inhoud van Input.txt----------------------------------------------------------- 00 c:\windows\system32\22.tmp 00 c:\windows\system32\39.tmp EINDE Inhoud van Input.txt----------------------------------------------------------- ;5855679-643-4763305-23562=4LS0L19624 ;EINDE GV_Killer ---------------------------------------------------------------------
  • Hoe staat het met de problemen?
  • Ik heb in ieder geval geen zenuwachtige ESET virusscanner meer. De snelheid is weer super. Ik had alleen mijn vraagtekens bij de eerder genoemde foutmelding bij opstarten van Windows. Ik heb de pc nog niet opnieuw opgestart, dus weet niet of deze melding verleden tijd is. Hartstikke bedankt voor de hulp.
  • Probeer dat maar is en als de melding nog komt, zou je mij dan kunnen vertellen wat er [b:4f93f2145b]precies[/b:4f93f2145b] in die melding staat?
  • Ik krijg een volgende melding: `Windows kan het bestand C:\Windows\system32\scrnrdr.exe niet vinden. Controleer of u de naam juist hebt ingevoerd en probeer het daarna opnieuw. Klik als u naar een bestand wilt zoeken op Start en daarna op Zoeken`. Daarna krijg ik nog een keer deze foutmelding `Could not execute the external program C:\Windows\system32\scrnrdr.exe `
  • Download [url=http://djlizard.net/Dial-a-fix-2006-09-19.exe]Dial-a-fix-2006[/url] en pak beide bestanden in hun eigen map uit naar je Bureaublad. In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all). Klik daarna op "GO" en laat de tool alle instellingen terugzetten. Sluit dit venster na afloop door onderaan op "Close" te klikken.
  • Gedaan, helaas verschijnt de melding weer bij opstarten. [quote:faa5a5ae8f="Othuroyo"]Download [url=http://djlizard.net/Dial-a-fix-2006-09-19.exe]Dial-a-fix-2006[/url] en pak beide bestanden in hun eigen map uit naar je Bureaublad. In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all). Klik daarna op "GO" en laat de tool alle instellingen terugzetten. Sluit dit venster na afloop door onderaan op "Close" te klikken.[/quote:faa5a5ae8f]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.