Vraag & Antwoord

Beveiliging & privacy

PC valt af en toe stil

8 antwoorden
  • Sinds kort valt mijn PC af en toe even stil. Virusscan en Ad-aware hebben het nodige verwijderd, maar problemen zijn nog niet volledig weg. Kan iemand naar deze log kijken? Dank, Maarten [list:105341f575] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:26:59, on 13-2-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\cvpnd.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\tppaldr.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE F:\Downloads\Hijackthis\HiJackThis2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1644491937-117609710-725345543-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User '?') O4 - HKUS\S-1-5-21-1644491937-117609710-725345543-1005\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted IP range: http://192.168.7.1 O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.hema.nl/site/xupload/XUpload.ocx O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 7773 bytes [/list:u:105341f575]
  • Start hijackthis en kies voor 'do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:c6b798013a]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [/b:c6b798013a] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Download [url=http://djlizard.net/Dial-a-fix-2006-09-19.exe]Dial-a-fix-2006[/url] en pak beide bestanden in hun eigen map uit naar je Bureaublad. In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all). Klik daarna op "GO" en laat de tool alle instellingen terugzetten. Sluit dit venster na afloop door onderaan op "Close" te klikken. Download [url=http://www.besttechie.net/tools/mbam-setup.exe][b:c6b798013a][color=red:c6b798013a]MalwareBytes' Anti-Malware[/color:c6b798013a][/b:c6b798013a][/url] en sla het op je bureaublad op. Dubbelklik op [b:c6b798013a]mbam-setup.exe[/b:c6b798013a] om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij:[list:c6b798013a] [*:c6b798013a]Update MalwareBytes' Anti-Malware [*:c6b798013a]Start MalwareBytes' Anti-Malware [/list:u:c6b798013a]Klik daarna op "[b:c6b798013a]Voltooien[/b:c6b798013a]". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:c6b798013a] [*:c6b798013a]Zodra het programma gestart is, ga dan naar het tabblad "[b:c6b798013a]Instellingen[/b:c6b798013a]". [*:c6b798013a]Vink hier aan: "[b:c6b798013a]Sluit Internet Explorer tijdens verwijdering van malware[/b:c6b798013a]". [*:c6b798013a]Ga daarna naar het tabblad "[b:c6b798013a]Scanner[/b:c6b798013a]", kies hier voor "[b:c6b798013a]Snelle Scan[/b:c6b798013a]". [*:c6b798013a]Druk vervolgens op "[b:c6b798013a]Scannen[/b:c6b798013a]" om de scan te starten. [*:c6b798013a]Het scannen kan een tijdje duren, dus wees geduldig. [*:c6b798013a]Wanneer de scan voltooid is, klik op [b:c6b798013a]OK[/b:c6b798013a], daarna "[b:c6b798013a]Bekijk Resultaten[/b:c6b798013a]" om de resultaten te zien. [*:c6b798013a]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:c6b798013a]Verwijder geselecteerde[/b:c6b798013a]". [*:c6b798013a]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [/list:u:c6b798013a]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:c6b798013a]Logs[/b:c6b798013a]" tab te klikken in het programma. Plaats dit logje. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:c6b798013a][color=blue:c6b798013a]Combofix[/color:c6b798013a][/b:c6b798013a][/url] naar je Bureaublad en gebruik het volgens [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze handleiding[/url]. [i:c6b798013a][color=Red:c6b798013a]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:c6b798013a]download Combofix opnieuw[/b:c6b798013a]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:c6b798013a][/i:c6b798013a][list:c6b798013a][*:c6b798013a]Dubbelklik op [b:c6b798013a]Combofix.exe[/b:c6b798013a] om het te starten. [*:c6b798013a][i:c6b798013a]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:c6b798013a] [*:c6b798013a]Klik op [b:c6b798013a]OK[/b:c6b798013a] in het "NirCmd" venstertje. [*:c6b798013a]Klik na afloop terug op [b:c6b798013a]Ja[/b:c6b798013a] om het scannen op malware te starten. [*:c6b798013a]Tijdens het runnen van de fix, [b:c6b798013a]NIET[/b:c6b798013a] in het venster klikken, want dit zal je pc doen vasthangen. [*:c6b798013a]Wanneer de fix voltooid is en na herstart, zal de log [b:c6b798013a]Combofix.txt[/b:c6b798013a] openen.[/list:u:c6b798013a]Post dit logje in je volgende antwoord
  • Alle gevraagde stappen met succes uit kunnen voeren. Ik krijg niet de volgende vragen als ik Combofix zijn werk laat doen. [quote:36e778e706] Klik op OK in het "NirCmd" venstertje. Klik na afloop terug op Ja om het scannen op malware te starten. [/quote:36e778e706] Bij mij start het programma vanzelf. De gevraagde logfiles. Malware [list:36e778e706] Malwarebytes' Anti-Malware 1.34 Database version: 1761 Windows 5.1.2600 Service Pack 3 14-2-2009 10:58:46 mbam-log-2009-02-14 (10-58-46).txt Scan type: Quick Scan Objects scanned: 94894 Time elapsed: 3 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) [/list:u:36e778e706] Combofix [list:36e778e706] ComboFix 09-02-12.03 - buikhuisen 2009-02-14 11:00:46.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.264 [GMT 1:00] Running from: c:\documents and settings\buikhuisen\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AdCache\ . ((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))) . 2009-02-14 10:27 . 2009-02-14 10:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-14 10:27 . 2009-02-14 10:27 <DIR> d-------- c:\documents and settings\buikhuisen\Application Data\Malwarebytes 2009-02-14 10:27 . 2009-02-14 10:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-14 10:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-14 10:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-13 10:23 . 2009-02-13 10:10 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-02-13 10:10 . 2009-02-13 10:10 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-02-13 10:08 . 2009-02-13 10:08 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-11 18:55 . 2009-02-11 18:55 1,374 --a------ c:\windows\imsins.BAK 2009-02-01 22:19 . 2009-02-01 22:19 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-02-01 21:24 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-02-01 21:24 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-02-01 21:24 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-02-01 14:45 . 2009-02-01 14:45 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-01-19 13:47 . 2009-01-19 13:48 <DIR> d-------- c:\documents and settings\buikhuisen\Application Data\vlc 2009-01-14 22:23 . 2009-01-14 22:23 <DIR> d-------- c:\documents and settings\Nikkie\Application Data\AdobeUM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-13 15:20 --------- d-----w c:\documents and settings\buikhuisen\Application Data\dvdcss 2009-02-13 09:04 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-02-06 20:03 --------- d-----w c:\documents and settings\Joyce-1\Application Data\Skype 2009-02-01 14:04 --------- d-----w c:\documents and settings\buikhuisen\Application Data\PC Suite 2009-01-04 14:14 --------- d-----w c:\documents and settings\Martine\Application Data\vlc 2009-01-01 03:07 --------- d-----w c:\documents and settings\Joyce-1\Application Data\Azureus 2008-12-31 14:48 --------- d-----w c:\documents and settings\Joyce-1\Application Data\LimeWire 2008-12-31 14:12 --------- d-----w c:\documents and settings\Joyce-1\Application Data\Creative 2008-12-31 14:04 --------- d-----w c:\program files\Azureus 2008-12-31 11:27 --------- d-----w c:\program files\Casema 2008-12-31 10:58 --------- d-----w c:\documents and settings\buikhuisen\Application Data\GrabIt 2008-12-31 10:21 --------- d-----w c:\program files\GrabIt 2008-12-30 20:50 --------- d-----w c:\documents and settings\Martine\Application Data\Skype 2008-12-25 12:44 --------- d-----w c:\documents and settings\Joyce-1\Application Data\Apple Computer 2008-12-23 11:27 --------- d-----w c:\program files\TechSmith 2008-12-23 11:27 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith 2008-12-22 14:47 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-22 14:47 --------- d-----w c:\program files\Creative 2008-12-22 14:08 --------- d-----w c:\program files\Java 2008-12-21 20:54 --------- d-----w c:\documents and settings\buikhuisen\Application Data\Skype 2008-12-19 11:49 --------- d-----w c:\program files\Circle Developement 2008-12-14 15:25 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2008-12-14 15:25 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2008-12-14 15:19 --------- d-----w c:\program files\Nokia 2008-12-14 15:18 --------- d-----w c:\program files\Common Files\Nokia 2008-12-14 15:17 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-12-14 14:47 --------- d-----w c:\documents and settings\buikhuisen\Application Data\Nokia 2008-12-11 16:49 21,808 -c--a-w c:\documents and settings\Martine\Application Data\GDIPFONTCACHEV1.DAT 2006-09-20 20:18 17,920 -c--a-w c:\documents and settings\Joyce-1\Application Data\GDIPFONTCACHEV1.DAT 2005-09-08 21:01 17,920 -c--a-w c:\documents and settings\buikhuisen\Application Data\GDIPFONTCACHEV1.DAT 2004-10-28 14:41 17,920 -c--a-w c:\documents and settings\Nikkie\Application Data\GDIPFONTCACHEV1.DAT 2004-09-28 18:12 17,920 -c--a-w c:\documents and settings\Joyce\Application Data\GDIPFONTCACHEV1.DAT 2008-12-25 15:49 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-25 15:49 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-25 15:49 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-25 15:49 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-25 15:49 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-08-27 06:57 16,384 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-08-27 06:57 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-08-27 06:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat 2008-08-27 06:57 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-02-13_16.48.57.42 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-14 10:05:52 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1c4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016] "TPP Auto Loader"="c:\windows\tppaldr.exe" [2002-06-24 118784] "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-01-05 40960] "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600] "anvshell"="anvshell.exe" [2003-03-13 c:\windows\anvshell.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe] c:\documents and settings\Joyce-1\Start Menu\Programs\Startup\ UvA - Informatiseringscentrum CISCO VPN Client.lnk - c:\program files\Cisco Systems\vpngui.exe [2007-04-18 1528880] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 IFP500;iRiver Internet Audio Player IFP-500;c:\windows\system32\drivers\ifp500.sys [2008-01-04 14531] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-13 64160] R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2003-05-01 232480] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096] R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2003-05-01 15968] R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2003-05-01 45216] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-08-23 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-08-23 8320] S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-02-07 44928] S3 TPPFX;USB Storage Adapter FX (TPP);c:\windows\system32\drivers\TPPFX.SYS [2005-07-31 32256] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\switch227.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c8aee92-3bdf-11dd-9c2f-00e018ffc033}] \Shell\AutoRun\command - J:\switch227.exe . Contents of the 'Scheduled Tasks' folder 2009-02-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-13 10:10] 2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab FF - ProfilePath - c:\documents and settings\buikhuisen\Application Data\Mozilla\Firefox\Profiles\[u:36e778e706]0[/u:36e778e706]iknx3y2.Buikhuisen\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-14 11:06:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\cvpnd.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\nvsvc32.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\UTSCSI.EXE c:\windows\system32\wbem\unsecapp.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-02-14 11:11:12 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-14 10:11:07 ComboFix2.txt 2009-02-13 15:51:06 ComboFix3.txt 2008-02-09 21:28:05 Pre-Run: 2.028.691.456 bytes free Post-Run: 1,995,952,128 bytes free 193 --- E O F --- 2009-02-11 18:02:02 [/list:u:36e778e706] En een nieuwe hjt log [list:36e778e706] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:31:14, on 14-2-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\cvpnd.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\tppaldr.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE F:\Downloads\Hijackthis\HiJackThis2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted IP range: http://192.168.7.1 O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.hema.nl/site/xupload/XUpload.ocx O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 7524 bytes [/list:u:36e778e706]
  • Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn. Dubbelklik op Flash_Disinfector.exe om de tool te starten. Als de tool klaar is, zal de computer opnieuw starten. Open een kladblokbestand. Kopieer de onderstaande code, en plak deze in het kladblokbestand. [color=blue:f948b70a23][b:f948b70a23]Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c8aee92-3bdf-11dd-9c2f-00e018ffc033}] [/b:f948b70a23][/color:f948b70a23] Sla het kladblokbestand op als CFScript.txt Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder: [img:f948b70a23]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:f948b70a23] ComboFix zal opnieuw starten. Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.
  • Alle stappen uitgevoerd. Het systeem deed geen reboot na de flash_Disinfector.exe. Heb handmatig een reboot gedaan. Het Combofix log [list:094702876e] ComboFix 09-02-14.01 - buikhuisen 2009-02-15 11:02:50.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.103 [GMT 1:00] Running from: c:\documents and settings\buikhuisen\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\buikhuisen\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AdCache\ . ((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 ))))))))))))))))))))))))))))))) . 2009-02-14 10:27 . 2009-02-14 10:27 <DIR> d-------- c:\documents and settings\buikhuisen\Application Data\Malwarebytes 2009-02-14 10:27 . 2009-02-14 10:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-13 10:23 . 2009-02-13 10:10 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-02-13 10:10 . 2009-02-13 10:10 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-02-13 10:08 . 2009-02-13 10:08 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-11 18:55 . 2009-02-11 18:55 1,374 --a------ c:\windows\imsins.BAK 2009-02-01 22:19 . 2009-02-01 22:19 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-02-01 21:24 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-02-01 21:24 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-02-01 21:24 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-02-01 14:45 . 2009-02-01 14:45 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-01-19 13:47 . 2009-01-19 13:48 <DIR> d-------- c:\documents and settings\buikhuisen\Application Data\vlc . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-13 15:20 --------- d-----w c:\documents and settings\buikhuisen\Application Data\dvdcss 2009-02-13 09:04 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-02-06 20:03 --------- d-----w c:\documents and settings\Joyce-1\Application Data\Skype 2009-02-01 14:04 --------- d-----w c:\documents and settings\buikhuisen\Application Data\PC Suite 2009-01-14 21:23 --------- d-----w c:\documents and settings\Nikkie\Application Data\AdobeUM 2009-01-04 14:14 --------- d-----w c:\documents and settings\Martine\Application Data\vlc 2009-01-01 03:07 --------- d-----w c:\documents and settings\Joyce-1\Application Data\Azureus 2008-12-31 14:48 --------- d-----w c:\documents and settings\Joyce-1\Application Data\LimeWire 2008-12-31 14:12 --------- d-----w c:\documents and settings\Joyce-1\Application Data\Creative 2008-12-31 14:04 --------- d-----w c:\program files\Azureus 2008-12-31 11:27 --------- d-----w c:\program files\Casema 2008-12-31 10:58 --------- d-----w c:\documents and settings\buikhuisen\Application Data\GrabIt 2008-12-31 10:21 --------- d-----w c:\program files\GrabIt 2008-12-30 20:50 --------- d-----w c:\documents and settings\Martine\Application Data\Skype 2008-12-25 12:44 --------- d-----w c:\documents and settings\Joyce-1\Application Data\Apple Computer 2008-12-23 11:27 --------- d-----w c:\program files\TechSmith 2008-12-23 11:27 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith 2008-12-22 14:47 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-22 14:47 --------- d-----w c:\program files\Creative 2008-12-22 14:08 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-22 14:08 --------- d-----w c:\program files\Java 2008-12-21 20:54 --------- d-----w c:\documents and settings\buikhuisen\Application Data\Skype 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-19 11:49 --------- d-----w c:\program files\Circle Developement 2008-12-11 16:49 21,808 -c--a-w c:\documents and settings\Martine\Application Data\GDIPFONTCACHEV1.DAT 2006-09-20 20:18 17,920 -c--a-w c:\documents and settings\Joyce-1\Application Data\GDIPFONTCACHEV1.DAT 2005-09-08 21:01 17,920 -c--a-w c:\documents and settings\buikhuisen\Application Data\GDIPFONTCACHEV1.DAT 2004-10-28 14:41 17,920 -c--a-w c:\documents and settings\Nikkie\Application Data\GDIPFONTCACHEV1.DAT 2004-09-28 18:12 17,920 -c--a-w c:\documents and settings\Joyce\Application Data\GDIPFONTCACHEV1.DAT 2008-12-25 15:49 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-25 15:49 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-25 15:49 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-25 15:49 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-25 15:49 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-08-27 06:57 16,384 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-08-27 06:57 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-08-27 06:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat 2008-08-27 06:57 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-02-13_16.48.57.42 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-15 09:56:44 16,384 ----atw c:\windows\temp\Perflib_Perfdata_320.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016] "TPP Auto Loader"="c:\windows\tppaldr.exe" [2002-06-24 118784] "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-01-05 40960] "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600] "anvshell"="anvshell.exe" [2003-03-13 c:\windows\anvshell.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe] c:\documents and settings\Joyce-1\Start Menu\Programs\Startup\ UvA - Informatiseringscentrum CISCO VPN Client.lnk - c:\program files\Cisco Systems\vpngui.exe [2007-04-18 1528880] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 IFP500;iRiver Internet Audio Player IFP-500;c:\windows\system32\drivers\ifp500.sys [2008-01-04 14531] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-13 64160] R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2003-05-01 232480] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096] R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2003-05-01 15968] R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2003-05-01 45216] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-08-23 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-08-23 8320] S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-02-07 44928] S3 TPPFX;USB Storage Adapter FX (TPP);c:\windows\system32\drivers\TPPFX.SYS [2005-07-31 32256] . Contents of the 'Scheduled Tasks' folder 2009-02-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-13 10:10] 2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab FF - ProfilePath - c:\documents and settings\buikhuisen\Application Data\Mozilla\Firefox\Profiles\[u:094702876e]0[/u:094702876e]iknx3y2.Buikhuisen\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-15 11:06:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-02-15 11:08:46 ComboFix-quarantined-files.txt 2009-02-15 10:08:42 ComboFix2.txt 2009-02-14 10:11:17 ComboFix3.txt 2009-02-13 15:51:06 ComboFix4.txt 2008-02-09 21:28:05 Pre-Run: 1.951.326.208 bytes free Post-Run: 1,916,727,296 bytes free 166 --- E O F --- 2009-02-11 18:02:02 [/list:u:094702876e]
  • En? Hoe staat het met de problemen?
  • Het systeem lijkt meer stabiel. :) Omdat de klacht niet voorspelbaar is wil ik het graag even aankijken. Als er weer problemen zijn meld ik me. Dank voor de moeite zover.
  • Graag gedaan, Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] [url=http://www.majorgeeks.com/ATF_Cleaner_d4949.html](mirror)[/url](gemaakt door Atribune) Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken. Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad Main, plaats je een vinkje bij Select All. Klik op de knop Empty Selected. Het volgende doen als je ook FireFox als browser hebt: Klik op tabblad Firefox, plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No. (dit haalt het vinkje weer weg bij Firefox saved passwords) Klik op de knop Empty Selected. Het volgende doen als je ook Opera als browser hebt: Klik op tabblad Opera, plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No. Klik op de knop Empty Selected. Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.[/list]3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:5c855d626f]ComboFix /U[/b:5c855d626f] typen en op enter drukken!!) - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel". - Zet een vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Windows vraagt of je dat zeker weet. - Klik "Ja". - Klik "OK". - Start de pc opnieuw op. - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?" - Klik "Ja". - Verwijder het vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Klik "OK". - Start de pc opnieuw op - Er is nu een nieuw schoon herstel punt aangemaakt

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.