Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

helpPLEASE!software zoals MBAM.exe wil zelfs niet opstarten?

Othuroyo
25 antwoorden
  • Hallo kan iemand mij helpen om fouten te vinden, ik ben al twee weken op zoek maar kom niet verder, Please HELP

    Computer start normaal op, avg start op maar geen van de scanners kunnen update-en, links naar avg site wordt omgelinked, en spy bot launched niet, m-bam exe wil zefs niet geinstalleerd worden?



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:27:44, on 5-2-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ege van Dullemen\Mijn documenten\HiJackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file)
    O2 - BHO: TBSB00982 - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


    End of file - 9417 bytes
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:0a21a3895d]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file)
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
    O2 - BHO: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (file missing)
    O3 - Toolbar: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)[/b:0a21a3895d]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Ga naar Start – Uitvoeren en tik in: cmd
    Druk op enter.
    Een dosventer (opdrachtprompt) zal open.
    Tik in: [b:0a21a3895d]ipconfig /flushdns[/b:0a21a3895d]
    Druk op enter.
    Sluit het venster.
    Herstart de computer.


    Download [b:0a21a3895d]Combofix[/color:0a21a3895d][/b:0a21a3895d] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:0a21a3895d]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:0a21a3895d]download Combofix opnieuw[/b:0a21a3895d].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:0a21a3895d][/i:0a21a3895d][list:0a21a3895d][*:0a21a3895d]Dubbelklik op [b:0a21a3895d]Combofix.exe[/b:0a21a3895d] om het te starten.
    [*:0a21a3895d][i:0a21a3895d]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:0a21a3895d]
    [*:0a21a3895d]Klik op [b:0a21a3895d]OK[/b:0a21a3895d] in het "NirCmd" venstertje.
    [*:0a21a3895d]Klik na afloop terug op [b:0a21a3895d]Ja[/b:0a21a3895d] om het scannen op malware te starten.
    [*:0a21a3895d]Tijdens het runnen van de fix, [b:0a21a3895d]NIET[/b:0a21a3895d] in het venster klikken, want dit zal je pc doen vasthangen.
    [*:0a21a3895d]Wanneer de fix voltooid is en na herstart, zal de log [b:0a21a3895d]Combofix.txt[/b:0a21a3895d] openen.[/list:u:0a21a3895d]Post dit logje in je volgende antwoord
  • :D dankje, ik ga het vanavond proberen !
  • :cry:

    ik heb een eerste poging van stap 1 gedaan, maar zag dat spybot veranderingen wilde doorvoeren. daarna heb ik Spybot verwijdert en stap 1 opnieuw uitgevoerd.

    stap 2: Programma combofix óf m-bam wil niet opstarten:



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:34:45, on 16-2-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\ACD Systems\NL\DevDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Ege van Dullemen\Bureaublad\ComboFix\ComboFix.exe
    C:\Documents and Settings\Ege van Dullemen\Mijn documenten\HiJackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: TBSB00982 - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [Creative Software Update] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


    End of file - 8383 bytes
  • Wat gebeurt er dan als je op ComboFix.exe klikt?
  • als ik op combofix.exe druk gebeurt er niks.

    als ik kijk onder: ctrl+alt+del -> taakbeheer -> processen
    staat er wel [b:3df24a9c95]combofix.exe[/b:3df24a9c95] net als [b:3df24a9c95]m-bam.exe[/b:3df24a9c95] maar CPU gebruik blijft op nul staan. dus hij start niet door.
  • O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm

    staan er beide nieuw in, is flashget uberhaupt nodig voor XP? en wat weet je verder van het programma Spybot.

    Bedankt zover voor je hulp, ik weet zelf niet genoeg van computers om dit op te lossen….
  • is het mogelijk om combofix of m-bam te installeren via DOS?
  • Verwijder ComboFix doormiddel van start- uitvoeren en typ
    Combofix /U
    Druk op enter.

    Start de computer nu in veilige modus, doe een scan met mbam.
    Plaats het logje hier.
    Neem vervolgens de stappen van ComboFix weer door in veilige modus.
  • :o ik zal het vanavond doen, ik zit nu op mijn werk
  • ook in de safe mode start combo fix of m-bam niet op :(
  • ik heb een gast account aangemaakt om ze daar te proberen maar ook daar starten ze beide niet op….
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:48:59, on 17-2-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\ACD Systems\NL\DevDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Ege van Dullemen\Bureaublad\SUPERAntiSpyware\HiJackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: TBSB00982 - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


    End of file - 6193 bytes
  • ik heb m-bam direct vanaf download.com geïnstalleerd. programma staat nu in software pakket evenals nieuwe AVG ( voor de zekerheid toch maar gedownload)

    Geprobeerd in veilige modus mbam te starten, maar wil niet opstarten
  • ik zal ook eens • Dubbelklik drweb-cureit.exe proberen
  • Download en bewaar SDFix
    op je bureaublad.
    Dubbelklik op [b:d54a97f194]SDFix.exe[/b:d54a97f194] en kies voor [b:d54a97f194]Install[/b:d54a97f194] om het tooltje uit te pakken in een eigen map op je bureaublad.

    Start de computer opnieuw op, maar dan in veilige modus.

    [list:d54a97f194][*:d54a97f194] In veilige modus, open de SDFix map op je bureaublad en dubbelklik op [b:d54a97f194]RunThis.bat[/b:d54a97f194] om het tooltje te starten.
    [*:d54a97f194] Typ [b:d54a97f194]Y[/b:d54a97f194] om het clean proces te starten.
    [*:d54a97f194] het verwijdert alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.
    [*:d54a97f194] Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces beëindigen en je de melding [b:d54a97f194]Finished[/b:d54a97f194] tonen, druk dan op eender welke toets om het scriptje te beëindigen en je bureaublad zullen tevoorschijn komen.
    [*:d54a97f194] Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam [b:d54a97f194]Report.txt[/b:d54a97f194].[/list:u:d54a97f194]


    Post dit logje in je volgende bericht.
  • dr cure it vond de volgende infecties:

    tdsspaxt.sys;c:\windows\system3\drivers;BackDoor.Tdss.29;Verwijderd.;
    userinit.exe;c:\windows\system32;Trojan.Packed.458;Verwijderd.;

    Mijn updates voor m-bam zijn geuploaded en m-bam is nu aan het scannen!!

    ik zal jou programma ook nog proberen, alvast bedankt,

    :) Ege (evdul)
  • Malwarebytes' Anti-Malware 1.34
    Database versie: 1775
    Windows 5.1.2600 Service Pack 3

    18-2-2009 21:17:55
    mbam-log-2009-02-18 (21-17-55).txt

    Scan type: Volledige Scan (C:\|)
    Objecten gescand: 177441
    Verstreken tijd: 35 minute(s), 44 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 14
    Registerwaarden geïnfecteerd: 2
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 2
    Bestanden geïnfecteerd: 39

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\TypeLib\{112b22d0-ea20-4781-b4dd-549570e256c7} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{04bb6f9a-d47b-455b-821b-15f4b891e9e3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{275c44ae-e0b0-43c3-ba3e-babf082143e2} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{da3d342f-ff20-4e31-9e82-22334155730c} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{da3d342f-ff20-4e31-9e82-22334155730c} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da3d342f-ff20-4e31-9e82-22334155730c} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\tbsb00982.tbsb00982toolbar (Adware.Trace) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41} (Trojan.Agent) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    C:\Program Files\IEToolbar (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar (Trojan.Agent) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\TDSScfub.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSoeqh.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\ant.crc (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\AntPlugin.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\arrow_refresh.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\basis.xml (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\bt_fd.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\cancel.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\chart_bar.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\chart_line.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\computer_error.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\delete.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\drive_disk.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\email.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\explore.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\help.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\icons.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\info.txt (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\logo.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\logo.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\magnifier.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\monitor.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\player.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\player.html (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\player.swf (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\s_fd.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\tbhelper.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\topbar_fd.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\topbar_shadow.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\version.txt (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\wrench.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSosvn.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.
  • [b:c686259782]SDFix: Version 1.240 [/b:c686259782]
    Run by Ege van Dullemen on wo 18-02-2009 at 21:32

    Microsoft Windows XP [versie 5.1.2600]
    Running From: C:\SDFix

    [b:c686259782]Checking Services [/b:c686259782]:


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    [b:c686259782]Checking Files [/b:c686259782]:

    No Trojan Files Found






    Removing Temp Files

    [b:c686259782]ADS Check [/b:c686259782]:



    [b:c686259782]Final Check [/b:c686259782]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-18 21:36:25
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden services & system hive …

    scanning hidden registry entries …

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710
    "LoadAppInit_DLLs"=dword:00000001

    scanning hidden files …

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    [b:c686259782]Remaining Services [/b:c686259782]:




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\ALL GAMES FOLDER\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"="C:\\Program Files\\ALL GAMES FOLDER\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe:*:Enabled:biahh"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
    "C:\\Documents and Settings\\Ege van Dullemen\\Mijn documenten\\My Games\\splinter cell\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Documents and Settings\\Ege van Dullemen\\Mijn documenten\\My Games\\splinter cell\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
    "C:\\Documents and Settings\\Ege van Dullemen\\Mijn documenten\\Downloads\\[PC] Tom Clancy's Splinter Cell Double Agent [RIP] [dopeman]\\TCSCDA\\TCSCDA\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Documents and Settings\\Ege van Dullemen\\Mijn documenten\\Downloads\\[PC] Tom Clancy's Splinter Cell Double Agent [RIP] [dopeman]\\TCSCDA\\TCSCDA\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
    "C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
    "C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"="C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
    "C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"="C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
    "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
    "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [b:c686259782]Remaining Files [/b:c686259782]:



    [b:c686259782]Files with Hidden Attributes [/b:c686259782]:

    Sat 10 Jan 2009 4,348 A.SH. — "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 10 Jan 2009 0 A.SH. — "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Tue 17 Feb 2009 6,375 …HR — "C:\Documents and Settings\Ege van Dullemen\Application Data\SecuROM\UserData\securom_v7_01.bak"

    [b:c686259782]Finished![/b:c686259782]




    Onwijs bedankt voor al je hulp, aandacht en oplossingen!!! :lol:
    Fijn dat er mensen zoals jij zijn die mensen zoals mij willen helpen

    bedankt voor alles!!!
  • Oke,,

    Het is echter nog niet afgerond.

    Zou je een nieuwe HijackThis log willen plaatsen samen met een nieuwe ComboFix log?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.