Vraag & Antwoord

Beveiliging & privacy

safe-site.com + set-upadvies gevraagd

Anoniem
None
68 antwoorden
  • klinkt als een goed advies! bedankt! :P
  • **
  • [b:73033d6089]opdacht voltooid! zie hier de bijbehorende logjes…[/b:73033d6089]

    ComboFix 08-04-22.5 - NJK 2008-04-24 12:39:25.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.68 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\NJK\Bureaublad\ComboFix.exe
    Command switches used :: E:\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    * Resident AV is active


    FILE ::
    C:\WINDOWS\system32\nqstv.ini2
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\nqstv.ini2

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))
    .

    2008-04-24 07:32 . 2008-04-24 12:37 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-04-24 07:32 . 2008-04-24 07:32 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-04-23 20:17 . 2008-04-23 20:17 1,024 –ah—– C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d——– C:\Documents and Settings\NJK\Application Data\Malwarebytes
    2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-22 12:45 . 2008-04-22 12:45 <DIR> d——– C:\Program Files\Trend Micro
    2008-04-21 17:19 . 2008-04-22 07:39 165 –a—— C:\WINDOWS\startUp manager.INI
    2008-04-21 17:11 . 2008-04-21 17:11 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\Systweak
    2008-04-21 12:52 . 2008-04-23 21:30 605 –a—— C:\WINDOWS\Uninstall Manager.INI
    2008-04-21 12:43 . 2008-04-21 12:43 <DIR> d——– C:\Documents and Settings\NJK\Application Data\Systweak
    2008-04-21 12:41 . 2008-04-21 12:42 <DIR> d——– C:\Program Files\Advanced System Optimizer
    2008-04-20 20:17 . 2008-04-20 20:17 42 –a—— C:\WINDOWS\system32\AK083E209605E394C.lie
    2008-04-20 12:04 . 2008-04-20 12:35 <DIR> d——– C:\Program Files\Parental Control
    2008-04-20 12:04 . 2008-04-24 12:43 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ParentalControl
    2008-04-19 17:40 . 2008-04-19 17:40 <DIR> d——– C:\Documents and Settings\Natalie\Application Data\ParentalControl
    2008-04-19 16:57 . 2008-04-19 16:57 <DIR> d——– C:\Documents and Settings\test\Application Data\ParentalControl
    2008-04-19 16:29 . 2008-02-22 02:33 69,632 –a—— C:\WINDOWS\system32\javacpl.cpl
    2008-04-19 16:28 . 2008-04-19 16:28 <DIR> d——– C:\Program Files\Common Files\Java
    2008-04-19 15:39 . 2008-04-19 15:39 230 –a—— C:\WINDOWS\system32\spupdsvc.inf
    2008-04-19 15:06 . 2008-04-19 15:06 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\ParentalControl
    2008-04-19 14:58 . 2008-04-19 14:58 <DIR> d——– C:\Documents and Settings\NJK\Application Data\ParentalControl
    2008-04-19 10:47 . 2008-04-19 14:48 <DIR> d——– C:\Program Files\Common Files\Panda Software
    2008-04-19 09:55 . 2008-04-24 12:39 <DIR> d——– C:\Program Files\uTorrent
    2008-04-19 09:55 . 2008-04-19 09:55 <DIR> d——– C:\Documents and Settings\NJK\Application Data\uTorrent
    2008-04-18 18:08 . 2008-04-18 18:08 <DIR> d——– C:\Documents and Settings\All Users\Application Data\sentinel
    2008-04-18 12:50 . 2008-04-18 18:05 <DIR> d——– C:\Program Files\Panda Security
    2008-04-18 12:44 . 2008-04-19 15:47 2,688 –a—— C:\WINDOWS\mozver.dat
    2008-04-17 17:20 . 2008-04-19 16:56 <DIR> d——– C:\Program Files\Mozilla Firefox(2)
    2008-04-17 17:20 . 2008-04-17 17:20 0 –a—— C:\WINDOWS\nsreg.dat
    2008-04-16 22:34 . 2008-04-16 22:34 <DIR> d——– C:\Documents and Settings\test\Application Data\ESET
    2008-04-16 22:34 . 2008-04-16 22:34 <DIR> d——– C:\Documents and Settings\NJK\Application Data\ESET
    2008-04-16 22:16 . 2008-04-16 22:16 <DIR> d——– C:\Program Files\Lavasoft
    2008-04-16 22:16 . 2008-04-19 15:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-16 17:18 . 2008-04-20 21:49 <DIR> d——– C:\Program Files\Google
    2008-04-15 17:53 . 2008-04-15 17:53 <DIR> d——– C:\Program Files\Webteh
    2008-04-15 17:15 . 2008-04-16 22:27 <DIR> d——– C:\Program Files\ESET
    2008-04-15 17:15 . 2008-04-16 22:27 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2008-04-14 00:13 . 2008-04-14 00:13 <DIR> d——– C:\N360_BACKUP
    2008-04-13 17:15 . 2008-04-15 15:44 <DIR> d——– C:\Program Files\Norton 360
    2008-04-13 17:11 . 2008-04-22 12:40 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Symantec
    2008-04-13 17:09 . 2008-04-22 12:40 <DIR> d——– C:\Program Files\Common Files\Symantec Shared
    2008-04-13 17:07 . 2007-03-21 20:39 1,060,864 –a—— C:\WINDOWS\system32\MFC71.DLL
    2008-04-13 17:07 . 2008-04-13 17:07 1,047,552 –a—— C:\WINDOWS\system32\mfc71u.dll
    2008-04-13 17:07 . 2008-04-13 17:07 608,448 –a—— C:\WINDOWS\system32\comctl32.ocx
    2008-04-13 17:07 . 2008-04-13 17:07 89,088 –a—— C:\WINDOWS\system32\atl71.dll
    2008-04-13 13:48 . 2008-04-13 13:48 <DIR> d——– C:\Documents and Settings\Natalie\Application Data\vlc
    2008-04-12 21:54 . 2008-04-13 16:50 <DIR> d——– C:\Program Files\WinISO
    2008-04-12 21:32 . 2008-04-12 21:32 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\vlc
    2008-04-12 21:20 . 2008-04-15 17:52 <DIR> d——– C:\Program Files\VideoLAN
    2008-04-12 11:39 . 2008-04-12 11:39 <DIR> d——– C:\fsaua.data
    2008-04-06 18:36 . 2008-04-17 18:53 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2008-04-06 18:36 . 2008-04-17 19:57 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-06 14:52 . 2008-04-06 15:15 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-04-06 13:21 . 2008-02-27 16:52 49,152 –a—— C:\WINDOWS\system32\ArmAccess.dll
    2008-04-06 13:19 . 2008-04-06 15:15 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-06 12:07 . 2008-04-06 12:07 51,355 –a—— C:\WINDOWS\system32\muzika.xm
    2008-03-29 11:20 . 2008-03-29 11:20 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\Apple Computer

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-24 10:39 ——— d—–w C:\Program Files\Windows Defender
    2008-04-24 10:39 ——— d—–w C:\Program Files\TomTom HOME 2
    2008-04-24 10:39 ——— d—–w C:\Program Files\PowerISO
    2008-04-19 14:29 ——— d—–w C:\Program Files\Java
    2008-04-19 13:19 12,632 —-a-w C:\WINDOWS\system32\lsdelete.exe
    2008-04-19 08:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
    2008-04-18 16:03 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-04-18 10:37 ——— d—–w C:\Documents and Settings\NJK\Application Data\AVG7
    2008-04-16 17:21 ——— d—–w C:\Documents and Settings\Sandra\Application Data\AVG7
    2008-04-13 20:37 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-04-13 20:35 ——— d—–w C:\Program Files\Windows Live
    2008-04-10 15:34 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-09 17:43 ——— d—–w C:\Documents and Settings\NJK\Application Data\LimeWire
    2008-04-06 10:23 ——— d—–w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-05 09:56 ——— d—–w C:\Documents and Settings\Gast\Application Data\AVG7
    2008-03-29 21:31 ——— d—–w C:\Documents and Settings\Natalie\Application Data\Apple Computer
    2008-03-28 21:48 ——— d—–w C:\Documents and Settings\NJK\Application Data\Apple Computer
    2008-03-20 08:10 1,845,376 —-a-w C:\WINDOWS\system32\win32k.sys
    2008-03-03 06:54 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-02-27 06:50 ——— d—–w C:\Program Files\LimeWire
    2008-02-27 06:46 ——— d—–w C:\Program Files\LimeWire Plus
    2008-02-24 20:32 ——— d—–w C:\Documents and Settings\test\Application Data\Apple Computer
    2008-02-20 06:51 282,624 —-a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:39 45,568 —-a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-16 09:05 662,528 —-a-w C:\WINDOWS\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-23_20.30.29.04 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-23 18:24:01 2,048 –s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-24 10:36:40 2,048 –s-a-w C:\WINDOWS\bootstat.dat
    - 2004-08-04 08:03:27 15,360 —-a-w C:\WINDOWS\system32\ctfmon.exe
    + 2008-01-20 11:38:07 15,360 —-a-w C:\WINDOWS\system32\ctfmon.exe
    - 2004-08-04 08:03:27 15,360 -c–a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
    + 2008-01-20 11:38:07 15,360 -c–a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-20 13:38 15360]
    "Systweak Memory Optimizer"="c:\program files\advanced system optimizer\memtuneup.exe" [2007-06-22 11:55 119024]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-19 23:37 39792]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 09:26 1410304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "ParentalControl"="C:\Program Files\Parental Control\ParentalControl.exe" [2008-04-01 00:02 6096384]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-20 13:38 15360]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2007-02-20 21:26:15 262144]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 18:15:56 65588]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Parental Control\\ParentalControl.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57148:TCP"= 57148:TCP:*:Disabled:Utorrent

    R1 cp_drv;Crawler Parental Control Driver;C:\Documents and Settings\All Users\Application Data\ParentalControl\cp_drv.sys [2008-04-20 12:07]
    R1 cp_tdifw_drv;cp_tdifw_drv;C:\Documents and Settings\All Users\Application Data\ParentalControl\cp_tdifw_drv.sys [2008-04-20 12:07]
    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 09:27]
    S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []
    S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
    S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-17 23:48]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]
    S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]
    S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]
    S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]
    S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]
    S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e80d9b6e-c116-11db-92db-00047627c0d4}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-04-11 06:22:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-23 06:02:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-24 12:42:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-04-24 12:45:46
    ComboFix-quarantined-files.txt 2008-04-24 10:45:29
    ComboFix2.txt 2008-04-23 18:31:02

    Pre-Run: 11,461,812,224 bytes beschikbaar
    Post-Run: 11,448,365,056 bytes beschikbaar

    195 — E O F — 2008-04-20 09:53:57
    [b:73033d6089]en een hijackthis log…[/b:73033d6089]

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:46:46, on 24-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Parental Control\ParentalControl.exe
    C:\program files\advanced system optimizer\memtuneup.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)


    End of file - 5607 bytes


    [b:73033d6089]heb de wijzigingen nog niet kunnen testen… maar het surfen ging (nog) steeds niet heel erg snel… en de doorverwijzing naar safe-site doet het ook nog…[/b:73033d6089]
    [i:73033d6089]nou snap ik de logjes niet maar ik lees elke keer nog iets over [panda]. Ik heb dat programma enige tijd geleden verwijderd… moet daar nog iets mee gebeuren?[/i:73033d6089]
  • [quote:a0ff7665fd="njk"][b:a0ff7665fd]opdacht voltooid! zie hier de bijbehorende logjes…[/b:a0ff7665fd]

    ComboFix 08-04-22.5 - NJK 2008-04-24 12:39:25.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.68 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\NJK\Bureaublad\ComboFix.exe
    Command switches used :: E:\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    * Resident AV is active


    FILE ::
    C:\WINDOWS\system32\nqstv.ini2
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\nqstv.ini2

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))
    .

    2008-04-24 07:32 . 2008-04-24 12:37 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-04-24 07:32 . 2008-04-24 07:32 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-04-23 20:17 . 2008-04-23 20:17 1,024 –ah—– C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d——– C:\Documents and Settings\NJK\Application Data\Malwarebytes
    2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-22 12:45 . 2008-04-22 12:45 <DIR> d——– C:\Program Files\Trend Micro
    2008-04-21 17:19 . 2008-04-22 07:39 165 –a—— C:\WINDOWS\startUp manager.INI
    2008-04-21 17:11 . 2008-04-21 17:11 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\Systweak
    2008-04-21 12:52 . 2008-04-23 21:30 605 –a—— C:\WINDOWS\Uninstall Manager.INI
    2008-04-21 12:43 . 2008-04-21 12:43 <DIR> d——– C:\Documents and Settings\NJK\Application Data\Systweak
    2008-04-21 12:41 . 2008-04-21 12:42 <DIR> d——– C:\Program Files\Advanced System Optimizer
    2008-04-20 20:17 . 2008-04-20 20:17 42 –a—— C:\WINDOWS\system32\AK083E209605E394C.lie
    2008-04-20 12:04 . 2008-04-20 12:35 <DIR> d——– C:\Program Files\Parental Control
    2008-04-20 12:04 . 2008-04-24 12:43 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ParentalControl
    2008-04-19 17:40 . 2008-04-19 17:40 <DIR> d——– C:\Documents and Settings\Natalie\Application Data\ParentalControl
    2008-04-19 16:57 . 2008-04-19 16:57 <DIR> d——– C:\Documents and Settings\test\Application Data\ParentalControl
    2008-04-19 16:29 . 2008-02-22 02:33 69,632 –a—— C:\WINDOWS\system32\javacpl.cpl
    2008-04-19 16:28 . 2008-04-19 16:28 <DIR> d——– C:\Program Files\Common Files\Java
    2008-04-19 15:39 . 2008-04-19 15:39 230 –a—— C:\WINDOWS\system32\spupdsvc.inf
    2008-04-19 15:06 . 2008-04-19 15:06 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\ParentalControl
    2008-04-19 14:58 . 2008-04-19 14:58 <DIR> d——– C:\Documents and Settings\NJK\Application Data\ParentalControl
    2008-04-19 10:47 . 2008-04-19 14:48 <DIR> d——– C:\Program Files\Common Files\Panda Software
    2008-04-19 09:55 . 2008-04-24 12:39 <DIR> d——– C:\Program Files\uTorrent
    2008-04-19 09:55 . 2008-04-19 09:55 <DIR> d——– C:\Documents and Settings\NJK\Application Data\uTorrent
    2008-04-18 18:08 . 2008-04-18 18:08 <DIR> d——– C:\Documents and Settings\All Users\Application Data\sentinel
    2008-04-18 12:50 . 2008-04-18 18:05 <DIR> d——– C:\Program Files\Panda Security
    2008-04-18 12:44 . 2008-04-19 15:47 2,688 –a—— C:\WINDOWS\mozver.dat
    2008-04-17 17:20 . 2008-04-19 16:56 <DIR> d——– C:\Program Files\Mozilla Firefox(2)
    2008-04-17 17:20 . 2008-04-17 17:20 0 –a—— C:\WINDOWS\nsreg.dat
    2008-04-16 22:34 . 2008-04-16 22:34 <DIR> d——– C:\Documents and Settings\test\Application Data\ESET
    2008-04-16 22:34 . 2008-04-16 22:34 <DIR> d——– C:\Documents and Settings\NJK\Application Data\ESET
    2008-04-16 22:16 . 2008-04-16 22:16 <DIR> d——– C:\Program Files\Lavasoft
    2008-04-16 22:16 . 2008-04-19 15:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-16 17:18 . 2008-04-20 21:49 <DIR> d——– C:\Program Files\Google
    2008-04-15 17:53 . 2008-04-15 17:53 <DIR> d——– C:\Program Files\Webteh
    2008-04-15 17:15 . 2008-04-16 22:27 <DIR> d——– C:\Program Files\ESET
    2008-04-15 17:15 . 2008-04-16 22:27 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2008-04-14 00:13 . 2008-04-14 00:13 <DIR> d——– C:\N360_BACKUP
    2008-04-13 17:15 . 2008-04-15 15:44 <DIR> d——– C:\Program Files\Norton 360
    2008-04-13 17:11 . 2008-04-22 12:40 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Symantec
    2008-04-13 17:09 . 2008-04-22 12:40 <DIR> d——– C:\Program Files\Common Files\Symantec Shared
    2008-04-13 17:07 . 2007-03-21 20:39 1,060,864 –a—— C:\WINDOWS\system32\MFC71.DLL
    2008-04-13 17:07 . 2008-04-13 17:07 1,047,552 –a—— C:\WINDOWS\system32\mfc71u.dll
    2008-04-13 17:07 . 2008-04-13 17:07 608,448 –a—— C:\WINDOWS\system32\comctl32.ocx
    2008-04-13 17:07 . 2008-04-13 17:07 89,088 –a—— C:\WINDOWS\system32\atl71.dll
    2008-04-13 13:48 . 2008-04-13 13:48 <DIR> d——– C:\Documents and Settings\Natalie\Application Data\vlc
    2008-04-12 21:54 . 2008-04-13 16:50 <DIR> d——– C:\Program Files\WinISO
    2008-04-12 21:32 . 2008-04-12 21:32 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\vlc
    2008-04-12 21:20 . 2008-04-15 17:52 <DIR> d——– C:\Program Files\VideoLAN
    2008-04-12 11:39 . 2008-04-12 11:39 <DIR> d——– C:\fsaua.data
    2008-04-06 18:36 . 2008-04-17 18:53 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2008-04-06 18:36 . 2008-04-17 19:57 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-06 14:52 . 2008-04-06 15:15 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-04-06 13:21 . 2008-02-27 16:52 49,152 –a—— C:\WINDOWS\system32\ArmAccess.dll
    2008-04-06 13:19 . 2008-04-06 15:15 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-06 12:07 . 2008-04-06 12:07 51,355 –a—— C:\WINDOWS\system32\muzika.xm
    2008-03-29 11:20 . 2008-03-29 11:20 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\Apple Computer

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-24 10:39 ——— d—–w C:\Program Files\Windows Defender
    2008-04-24 10:39 ——— d—–w C:\Program Files\TomTom HOME 2
    2008-04-24 10:39 ——— d—–w C:\Program Files\PowerISO
    2008-04-19 14:29 ——— d—–w C:\Program Files\Java
    2008-04-19 13:19 12,632 —-a-w C:\WINDOWS\system32\lsdelete.exe
    2008-04-19 08:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
    2008-04-18 16:03 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-04-18 10:37 ——— d—–w C:\Documents and Settings\NJK\Application Data\AVG7
    2008-04-16 17:21 ——— d—–w C:\Documents and Settings\Sandra\Application Data\AVG7
    2008-04-13 20:37 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-04-13 20:35 ——— d—–w C:\Program Files\Windows Live
    2008-04-10 15:34 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-09 17:43 ——— d—–w C:\Documents and Settings\NJK\Application Data\LimeWire
    2008-04-06 10:23 ——— d—–w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-05 09:56 ——— d—–w C:\Documents and Settings\Gast\Application Data\AVG7
    2008-03-29 21:31 ——— d—–w C:\Documents and Settings\Natalie\Application Data\Apple Computer
    2008-03-28 21:48 ——— d—–w C:\Documents and Settings\NJK\Application Data\Apple Computer
    2008-03-20 08:10 1,845,376 —-a-w C:\WINDOWS\system32\win32k.sys
    2008-03-03 06:54 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-02-27 06:50 ——— d—–w C:\Program Files\LimeWire
    2008-02-27 06:46 ——— d—–w C:\Program Files\LimeWire Plus
    2008-02-24 20:32 ——— d—–w C:\Documents and Settings\test\Application Data\Apple Computer
    2008-02-20 06:51 282,624 —-a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:39 45,568 —-a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-16 09:05 662,528 —-a-w C:\WINDOWS\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-23_20.30.29.04 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-23 18:24:01 2,048 –s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-24 10:36:40 2,048 –s-a-w C:\WINDOWS\bootstat.dat
    - 2004-08-04 08:03:27 15,360 —-a-w C:\WINDOWS\system32\ctfmon.exe
    + 2008-01-20 11:38:07 15,360 —-a-w C:\WINDOWS\system32\ctfmon.exe
    - 2004-08-04 08:03:27 15,360 -c–a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
    + 2008-01-20 11:38:07 15,360 -c–a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-20 13:38 15360]
    "Systweak Memory Optimizer"="c:\program files\advanced system optimizer\memtuneup.exe" [2007-06-22 11:55 119024]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-19 23:37 39792]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 09:26 1410304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "ParentalControl"="C:\Program Files\Parental Control\ParentalControl.exe" [2008-04-01 00:02 6096384]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-20 13:38 15360]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2007-02-20 21:26:15 262144]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 18:15:56 65588]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Parental Control\\ParentalControl.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57148:TCP"= 57148:TCP:*:Disabled:Utorrent

    R1 cp_drv;Crawler Parental Control Driver;C:\Documents and Settings\All Users\Application Data\ParentalControl\cp_drv.sys [2008-04-20 12:07]
    R1 cp_tdifw_drv;cp_tdifw_drv;C:\Documents and Settings\All Users\Application Data\ParentalControl\cp_tdifw_drv.sys [2008-04-20 12:07]
    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 09:27]
    S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []
    S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
    S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-17 23:48]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]
    S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]
    S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]
    S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]
    S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]
    S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e80d9b6e-c116-11db-92db-00047627c0d4}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-04-11 06:22:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-23 06:02:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-24 12:42:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-04-24 12:45:46
    ComboFix-quarantined-files.txt 2008-04-24 10:45:29
    ComboFix2.txt 2008-04-23 18:31:02

    Pre-Run: 11,461,812,224 bytes beschikbaar
    Post-Run: 11,448,365,056 bytes beschikbaar

    195 — E O F — 2008-04-20 09:53:57
    [b:a0ff7665fd]en een hijackthis log…[/b:a0ff7665fd]

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:46:46, on 24-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Parental Control\ParentalControl.exe
    C:\program files\advanced system optimizer\memtuneup.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)


    End of file - 5607 bytes


    [b:a0ff7665fd]heb de wijzigingen nog niet kunnen testen… maar het surfen onder firefox ging (nog) steeds niet heel erg snel… en de doorverwijzing naar safe-site doet het ook nog…[/b:a0ff7665fd]

    [i:a0ff7665fd]nou snap ik de logjes niet maar ik lees elke keer nog iets over [panda]. Ik heb dat programma enige tijd geleden verwijderd… moet daar nog iets mee gebeuren?[/i:a0ff7665fd][/quote:a0ff7665fd]
  • Ga naar start –> uitvoeren en typ daar: [b:ca3d8ff828]sc delete PavPrSrv[/b:ca3d8ff828]

    Start Hijackthis, kies voor [i:ca3d8ff828]'Do a system scan only'[/i:ca3d8ff828] en vink onderstaande regels aan:
    [b:ca3d8ff828]
    O2 - BHO: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
    O3 - Toolbar: (no name) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - (no file)
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    [/b:ca3d8ff828]
    Sluit nu [u:ca3d8ff828]alle[/u:ca3d8ff828] openstaande vensters, behalve Hijackthis en klik op [b:ca3d8ff828]Fix Checked[/b:ca3d8ff828].

    Herstart je Computer!

    Download MBAM (Malwarebytes' Anti-Malware) via [b:ca3d8ff828] of [b:ca3d8ff828].
    [list:ca3d8ff828]Dubbelklik op [b:ca3d8ff828]mbam-setup.exe[/b:ca3d8ff828] om het programma te installeren.[list:ca3d8ff828]
    [*:ca3d8ff828]Zorg ervoor dat er een vinkje geplaatst is voor [b:ca3d8ff828]Update Malwarebytes' Anti-Malware[/b:ca3d8ff828] en [b:ca3d8ff828]Start Malwarebytes' Anti-Malware[/b:ca3d8ff828], Klik daarna op "Voltooien".
    [*:ca3d8ff828]Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
    [*:ca3d8ff828]Wanneer het programma volledig up to date is, selecteer dan in het tabblad [b:ca3d8ff828]Scanner[/b:ca3d8ff828] : "[b:ca3d8ff828]Snelle Scan[/b:ca3d8ff828]", daarna klik op [b:ca3d8ff828]Scan[/b:ca3d8ff828].
    [*:ca3d8ff828]Het scannen kan een tijdje duren, dus wees geduldig.
    [*:ca3d8ff828]Wanneer de scan voltooid is, klik op [b:ca3d8ff828]OK[/b:ca3d8ff828], daarna "Bekijk Resultaten" om de resultaten te zien.
    [*:ca3d8ff828]Zorg ervoor dat daar [b:ca3d8ff828]alles aangevinkt is[/b:ca3d8ff828], daarna klik op: [b:ca3d8ff828]Verwijder geselecteerde[/b:ca3d8ff828].
    [*:ca3d8ff828]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
    [*:ca3d8ff828]De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
    [*:ca3d8ff828]Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.
    [/list:u:ca3d8ff828]
    [b:ca3d8ff828]Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
    Daarna zal het vragen om de Computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.[/b:ca3d8ff828][/list:u:ca3d8ff828]


    Hoe is het met je problemen?
  • Morge Pim,

    niks gevonden (we hadden deze scan ook al eens eerder uitgevoerd) en probleem blijft onveranderd…
    het safe-site probleem doet het overigens ook voor onder de veilige modus
    zie extra hijackthis rapport
    [i:48987c6871]ik ben vandaag vrij dus de volgende opdracht zal ik direct kunnen gaan uitvoeren[/i:48987c6871]
    er is nog iets dat me op valt.. ik kan de instellingen voor internet niet meer vinden onder configuratiescherm…

    Malwarebytes' Anti-Malware 1.11
    Database versie: 679

    Scan type: Snelle Scan
    Objecten gescand: 35698
    Verstreken tijd: 7 minute(s), 4 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)
    ****
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:27:02, on 25-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    End of file - 4625 bytes
    ***

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:30:28, on 25-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Parental Control\ParentalControl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\program files\advanced system optimizer\memtuneup.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    End of file - 5324 bytes
  • programma's waren resp. meegekomen met hitman danwel een test-versie
    Ik heb ze verwijderd en ben in veilige modes (met netwerk) opgestart.
    onder adm geen 06 regel op eigen gebruikersaccout wel (ik ben ook adm)
    deze weg gehaald maar na een herstart kreeg ik dit logje ….
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:27:00, on 7-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Parental Control\ParentalControl.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    End of file - 5565 bytes
  • Die online scan heeft nog een paar dingetjes gevonden en ook opgeruimd.
    Dat je wordt doorgelinkt naar een site, is dat op bepaalde sites of gebeurt dat random?

    Die regel die ik je liet fixen heeft ermee te maken dat je geen Internet Explorer
    instellingen meer kunt veranderen, daarom dat ik je hem liet fixen. Echter staat
    hij in je laatste logfile nogsteeds.

    Die online scan heeft wel Combofix aangetast, waar ik graag een nieuw logje van wil zien:

    Deinstalleer Combofix:
    Ga naar start –> uitvoeren en typ daar: [b:bbe6e1941c]combofix /u[/b:bbe6e1941c]
    Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

    * [u:bbe6e1941c]Clean de Cache and Cookies in IE[/u:bbe6e1941c]:

    * Sluit Internet Explorer.
    * Ga naar Configuratiescherm > Internet Opties > tab Algemeen
    * Klik de Cookies verwijderen knop
    * Klik op de Bestanden verwijderen knop ernaast
    * Vink aan: Ook alle off line items verwijderen, klik OK

    * [u:bbe6e1941c]Clean de Cache and Cookies in Firefox[/u:bbe6e1941c] (In geval Firefox geïnstalleerd is):

    * Go to Extra > Opties.
    * Klik Privacy in het menu.
    * Klik op de knop wissen (Geschiedenis, Cookies, Cache).
    * Klik OK om het venster opnieuw te sluiten.

    * [u:bbe6e1941c]Clean andere Temporary files + Prullenbak[/u:bbe6e1941c]

    * Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
    * Laat het je systeem scannen op bestanden die moeten verwijderd worden
    * Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
    * Klik daarna op OK.

    Herstart je PC!

    Download Combofix opnieuw en maak daarmee een nieuwe log:
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Post die in je volgende bericht samen met een nieuw Hijackthis logje.

    Succes!
  • de doorverwijzing is idd bij bepaalde sites, vandaar dat ik ook denk aan een soort van filter.

    Combofix is reeds niet meer te vinden, dus kan ik die niet meer verwijderen. deze stap sla ik dus over

    Mijn idee, gezien wat ik zo links en rechts lees, is om over te stappen op firefox. dit zou veiliger en beter moeten werken. Ik wil explorer dus eigenlijk (op een later moment) verwijderen.

    Overige stappen ga ik nu doen, de logjes volgen
  • de doorverwijzing is idd bij bepaalde sites, vandaar dat ik ook denk aan een soort van filter.

    Combofix is reeds niet meer te vinden, dus kan ik die niet meer verwijderen. deze stap sla ik dus over

    ook zo iets… het onderdeel internet opties staat niet (meer) in m'n configuratiescherm…

    Mijn idee, gezien wat ik zo links en rechts lees, is om over te stappen op firefox. dit zou veiliger en beter moeten werken. Ik wil explorer dus eigenlijk (op een later moment) verwijderen.

    De logjes:

    ComboFix 08-04-26.5 - NJK 2008-04-27 18:19:54.3 - NTFSx86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.130 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\NJK\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))
    .

    2008-04-26 20:02 . 2008-04-27 17:17 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-04-26 20:02 . 2008-04-26 20:02 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-04-26 08:42 . 2007-02-12 02:01 <DIR> d–h—– C:\Documents and Settings\Administrator\Sjablonen
    2008-04-26 08:42 . 2007-02-12 02:46 <DIR> d–h—– C:\Documents and Settings\Administrator\Onlangs geopend
    2008-04-26 08:42 . 2007-02-12 02:46 <DIR> d–h—– C:\Documents and Settings\Administrator\Netwerkprinteromgeving
    2008-04-26 08:42 . 2007-02-12 02:46 <DIR> d——– C:\Documents and Settings\Administrator\Mijn documenten
    2008-04-26 08:42 . 2007-02-12 02:46 <DIR> dr——- C:\Documents and Settings\Administrator\Menu Start
    2008-04-26 08:42 . 2007-02-12 02:46 <DIR> d——– C:\Documents and Settings\Administrator\Favorieten
    2008-04-26 08:42 . 2007-02-12 02:46 <DIR> d——– C:\Documents and Settings\Administrator\Bureaublad
    2008-04-26 08:42 . 2008-04-13 23:02 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Apple Computer
    2008-04-26 08:42 . 2008-04-26 08:42 <DIR> d——– C:\Documents and Settings\Administrator
    2008-04-26 08:42 . 2008-04-27 18:17 1,024 –ah—– C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
    2008-04-25 13:47 . 2008-04-25 13:50 <DIR> d——– C:\Documents and Settings\NJK\.housecall6.6
    2008-04-25 12:58 . 2008-04-25 13:43 <DIR> d——– C:\Program Files\EsetOnlineScanner
    2008-04-25 12:33 . 2008-04-25 12:33 <DIR> d——– C:\WINDOWS\system32\Kaspersky Lab
    2008-04-25 12:33 . 2008-04-25 12:33 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-04-25 11:10 . 2008-04-25 12:14 <DIR> d——– C:\WINDOWS\BDOSCAN8
    2008-04-23 20:17 . 2008-04-27 17:46 1,024 –ah—– C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d——– C:\Documents and Settings\NJK\Application Data\Malwarebytes
    2008-04-23 07:43 . 2008-04-23 07:43 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-22 12:45 . 2008-04-22 12:45 <DIR> d——– C:\Program Files\Trend Micro
    2008-04-21 17:19 . 2008-04-22 07:39 165 –a—— C:\WINDOWS\startUp manager.INI
    2008-04-21 17:11 . 2008-04-21 17:11 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\Systweak
    2008-04-21 12:52 . 2008-04-23 21:30 605 –a—— C:\WINDOWS\Uninstall Manager.INI
    2008-04-21 12:43 . 2008-04-21 12:43 <DIR> d——– C:\Documents and Settings\NJK\Application Data\Systweak
    2008-04-21 12:41 . 2008-04-21 12:42 <DIR> d——– C:\Program Files\Advanced System Optimizer
    2008-04-20 20:17 . 2008-04-20 20:17 42 –a—— C:\WINDOWS\system32\AK083E209605E394C.lie
    2008-04-20 12:04 . 2008-04-20 12:35 <DIR> d——– C:\Program Files\Parental Control
    2008-04-20 12:04 . 2008-04-27 17:36 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ParentalControl
    2008-04-19 17:40 . 2008-04-19 17:40 <DIR> d——– C:\Documents and Settings\Natalie\Application Data\ParentalControl
    2008-04-19 16:57 . 2008-04-19 16:57 <DIR> d——– C:\Documents and Settings\test\Application Data\ParentalControl
    2008-04-19 16:29 . 2008-02-22 02:33 69,632 –a—— C:\WINDOWS\system32\javacpl.cpl
    2008-04-19 16:28 . 2008-04-19 16:28 <DIR> d——– C:\Program Files\Common Files\Java
    2008-04-19 15:39 . 2008-04-19 15:39 230 –a—— C:\WINDOWS\system32\spupdsvc.inf
    2008-04-19 15:06 . 2008-04-19 15:06 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\ParentalControl
    2008-04-19 14:58 . 2008-04-19 14:58 <DIR> d——– C:\Documents and Settings\NJK\Application Data\ParentalControl
    2008-04-19 10:47 . 2008-04-19 14:48 <DIR> d——– C:\Program Files\Common Files\Panda Software
    2008-04-19 09:55 . 2008-04-24 12:39 <DIR> d——– C:\Program Files\uTorrent
    2008-04-19 09:55 . 2008-04-19 09:55 <DIR> d——– C:\Documents and Settings\NJK\Application Data\uTorrent
    2008-04-18 18:08 . 2008-04-18 18:08 <DIR> d——– C:\Documents and Settings\All Users\Application Data\sentinel
    2008-04-18 12:50 . 2008-04-18 18:05 <DIR> d——– C:\Program Files\Panda Security
    2008-04-18 12:44 . 2008-04-19 15:47 2,688 –a—— C:\WINDOWS\mozver.dat
    2008-04-17 17:20 . 2008-04-19 16:56 <DIR> d——– C:\Program Files\Mozilla Firefox(2)
    2008-04-17 17:20 . 2008-04-17 17:20 0 –a—— C:\WINDOWS\nsreg.dat
    2008-04-16 22:34 . 2008-04-16 22:34 <DIR> d——– C:\Documents and Settings\test\Application Data\ESET
    2008-04-16 22:34 . 2008-04-16 22:34 <DIR> d——– C:\Documents and Settings\NJK\Application Data\ESET
    2008-04-16 22:16 . 2008-04-16 22:16 <DIR> d——– C:\Program Files\Lavasoft
    2008-04-16 22:16 . 2008-04-19 15:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-16 17:18 . 2008-04-20 21:49 <DIR> d——– C:\Program Files\Google
    2008-04-15 17:53 . 2008-04-15 17:53 <DIR> d——– C:\Program Files\Webteh
    2008-04-15 17:15 . 2008-04-16 22:27 <DIR> d——– C:\Program Files\ESET
    2008-04-15 17:15 . 2008-04-16 22:27 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2008-04-14 00:13 . 2008-04-14 00:13 <DIR> d——– C:\N360_BACKUP
    2008-04-13 17:15 . 2008-04-15 15:44 <DIR> d——– C:\Program Files\Norton 360
    2008-04-13 17:11 . 2008-04-22 12:40 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Symantec
    2008-04-13 17:09 . 2008-04-22 12:40 <DIR> d——– C:\Program Files\Common Files\Symantec Shared
    2008-04-13 17:07 . 2007-03-21 20:39 1,060,864 –a—— C:\WINDOWS\system32\MFC71.DLL
    2008-04-13 17:07 . 2008-04-13 17:07 1,047,552 –a—— C:\WINDOWS\system32\mfc71u.dll
    2008-04-13 17:07 . 2008-04-13 17:07 608,448 –a—— C:\WINDOWS\system32\comctl32.ocx
    2008-04-13 17:07 . 2008-04-13 17:07 89,088 –a—— C:\WINDOWS\system32\atl71.dll
    2008-04-13 13:48 . 2008-04-13 13:48 <DIR> d——– C:\Documents and Settings\Natalie\Application Data\vlc
    2008-04-12 21:54 . 2008-04-13 16:50 <DIR> d——– C:\Program Files\WinISO
    2008-04-12 21:32 . 2008-04-12 21:32 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\vlc
    2008-04-12 21:20 . 2008-04-15 17:52 <DIR> d——– C:\Program Files\VideoLAN
    2008-04-12 11:39 . 2008-04-12 11:39 <DIR> d——– C:\fsaua.data
    2008-04-06 18:36 . 2008-04-17 18:53 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2008-04-06 18:36 . 2008-04-17 19:57 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-06 14:52 . 2008-04-06 15:15 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-04-06 13:21 . 2008-02-27 16:52 49,152 –a—— C:\WINDOWS\system32\ArmAccess.dll
    2008-04-06 13:19 . 2008-04-06 15:15 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-06 12:07 . 2008-04-06 12:07 51,355 –a—— C:\WINDOWS\system32\muzika.xm
    2008-03-29 11:20 . 2008-03-29 11:20 <DIR> d——– C:\Documents and Settings\Sandra\Application Data\Apple Computer

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-24 10:39 ——— d—–w C:\Program Files\Windows Defender
    2008-04-24 10:39 ——— d—–w C:\Program Files\TomTom HOME 2
    2008-04-24 10:39 ——— d—–w C:\Program Files\PowerISO
    2008-04-19 14:29 ——— d—–w C:\Program Files\Java
    2008-04-19 13:19 12,632 —-a-w C:\WINDOWS\system32\lsdelete.exe
    2008-04-19 08:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
    2008-04-18 16:03 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-04-18 10:37 ——— d—–w C:\Documents and Settings\NJK\Application Data\AVG7
    2008-04-16 17:21 ——— d—–w C:\Documents and Settings\Sandra\Application Data\AVG7
    2008-04-13 20:37 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-04-13 20:35 ——— d—–w C:\Program Files\Windows Live
    2008-04-10 15:34 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-09 17:43 ——— d—–w C:\Documents and Settings\NJK\Application Data\LimeWire
    2008-04-06 10:23 ——— d—–w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-05 09:56 ——— d—–w C:\Documents and Settings\Gast\Application Data\AVG7
    2008-03-29 21:31 ——— d—–w C:\Documents and Settings\Natalie\Application Data\Apple Computer
    2008-03-28 21:48 ——— d—–w C:\Documents and Settings\NJK\Application Data\Apple Computer
    2008-03-20 08:10 1,845,376 —-a-w C:\WINDOWS\system32\win32k.sys
    2008-03-03 06:54 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-02-27 06:50 ——— d—–w C:\Program Files\LimeWire
    2008-02-27 06:46 ——— d—–w C:\Program Files\LimeWire Plus
    2008-02-20 06:51 282,624 —-a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:39 45,568 —-a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-16 09:05 662,528 —-a-w C:\WINDOWS\system32\wininet.dll
    2008-02-11 07:39 253,952 —-a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
    2008-02-11 07:39 237,568 —-a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
    2008-02-08 11:53 110,592 —-a-w C:\WINDOWS\system32\OnlineScannerLang.dll
    2008-02-05 06:48 77,824 —-a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-20 13:38 15360]
    "Systweak Memory Optimizer"="c:\program files\advanced system optimizer\memtuneup.exe" [2007-06-22 11:55 119024]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-19 23:37 39792]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 09:26 1410304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "ParentalControl"="C:\Program Files\Parental Control\ParentalControl.exe" [2008-04-01 00:02 6096384]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-20 13:38 15360]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2007-02-20 21:26:15 262144]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 18:15:56 65588]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableClock"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoMultiIE"= 0 (0x0)
    "LWA"= 0 (0x0)
    "LWB"= 0 (0x0)
    "LWC"= 0 (0x0)
    "LWD"= 0 (0x0)
    "LWE"= 0 (0x0)
    "LWF"= 0 (0x0)
    "LWG"= 0 (0x0)
    "LWH"= 0 (0x0)
    "LWI"= 0 (0x0)
    "LWJ"= 0 (0x0)
    "LWK"= 0 (0x0)
    "LWL"= 0 (0x0)
    "LWM"= 0 (0x0)
    "LWN"= 0 (0x0)
    "LWO"= 0 (0x0)
    "LWP"= 0 (0x0)
    "LWQ"= 0 (0x0)
    "LWR"= 0 (0x0)
    "LWS"= 0 (0x0)
    "LWT"= 0 (0x0)
    "LWU"= 0 (0x0)
    "LWV"= 0 (0x0)
    "LWW"= 0 (0x0)
    "LWX"= 0 (0x0)
    "LWY"= 0 (0x0)
    "LWZ"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Parental Control\\ParentalControl.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57148:TCP"= 57148:TCP:*:Disabled:Utorrent

    R1 cp_tdifw_drv;cp_tdifw_drv;C:\Documents and Settings\All Users\Application Data\ParentalControl\cp_tdifw_drv.sys [2008-04-20 12:07]
    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 09:27]
    S1 cp_drv;Crawler Parental Control Driver;C:\Documents and Settings\All Users\Application Data\ParentalControl\cp_drv.sys [2008-04-20 12:07]
    S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []
    S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
    S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-17 23:48]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]
    S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]
    S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]
    S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]
    S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]
    S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e80d9b6e-c116-11db-92db-00047627c0d4}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-04-11 06:22:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-23 06:02:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-27 18:22:45
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-04-27 18:25:38
    ComboFix-quarantined-files.txt 2008-04-27 16:24:56
    ComboFix2.txt 2008-04-24 10:45:47
    ComboFix3.txt 2008-04-23 18:31:02

    Pre-Run: 10,983,415,808 bytes beschikbaar
    Post-Run: 11,021,815,808 bytes beschikbaar

    223 — E O F — 2008-04-20 09:53:57

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:27:52, on 27-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    End of file - 5316 bytes
  • Post je alle logjes nou vanuit veilige modus, ik wil graag die vanuit normale modus zien.

    Ga naar [b:c45ec28eff] en klik onderaan op [b:c45ec28eff]Accept[/b:c45ec28eff].
    Deze scanner werkt uitsluitend met
  • ik zal proberen te werken in de normale modus maar daar werkt internet erg slecht en soms zelfs helemaal niet

    ik heb gisteren deze scanner geprobeerd maar die kreeg ik ook niet aan de praat, ik ga het nogmaals proberen..
    ***
    dat is dus idd niet te doen vanuit de normale modus.
    firefox kan de pagina gewoon vinden (maar daar heb ik niks aan) en explore kan de pagina niet vinden

    [i:568cfae830]De pagina kan niet worden weergegeven.
    De pagina waarnaar u zoekt, is momenteel niet beschikbaar. Er zijn mogelijk technische problemen met de website of u moet mogelijk uw browserinstellingen aanpassen.
    Klik op Extra, en klik vervolgens op "Verbindingsproblemen controleren…" om te proberen om problemen met de netwerkverbinding op te lossen.


    Andere opties:

    Klik op de knop Vernieuwen of probeer het later opnieuw.

    Controleer of het adres juist gespeld is als u het adres van de pagina in de adresbalk hebt getypt.

    Klik als u de verbindingsinstellingen wilt controleren op het menu Extra en vervolgens op Internet-opties. Ga naar het tabblad Verbindingen en klik op Instellingen. De instellingen dienen overeen te komen met de instellingen die uw LAN-beheerder of Internet-provider u heeft gegeven.
    Kijk of de instellingen van uw Internet-verbinding worden gedetecteerd. U kunt Microsoft Windows zo instellen dat uw netwerk wordt onderzocht en dat de instellingen van uw netwerkverbinding automatisch worden gedetecteerd (als uw netwerkbeheerder deze instelling heeft ingeschakeld).
    Klik op menu Extra en vervolgens op Internet-opties.
    Klik op tabblad Verbindingen op LAN-instellingen.
    Selecteer Instellingen van Internet Explorer automatisch overnemen en klik vervolgens op OK.
    Voor sommige websites is 128-bits verbindingsbeveiliging noodzakelijk. Klik op het menu Help en vervolgens op Info om vast te stellen welk beveiligingsniveau bij u is geïnstalleerd.
    Als u een beveiligde website probeert te bereiken, dient u ervoor te zorgen dat uw beveiligingsinstellingen dit ondersteunen. Klik op het menu Extra en vervolgens op Internet-opties. Ga op het tabblad Geavanceerd naar het groepsvak Beveiliging en schakel de opties SSL 2.0, SSL 3.0 en TLS 1.0 in.
    Klik op de knop Vorige als u een andere koppeling wilt proberen.



    Kan de server niet vinden of DNS-fout
    Internet Explorer [/i:568cfae830]

    ik ga het nog een keer proberen via de veilige modus…

    Waar ik al bang voor was… daar krijg ik de update niet voltooid
    [i:568cfae830]Update process FAILED. No further antivirus actions can be performed!

    Attention, you must be online to activate Kaspersky Online Scanner, since the latest Anti-Virus bases version must be downloaded prior to scan. Otherwise we cannot guarantee detection of latest viruses. [21][/i:568cfae830]

    [b:568cfae830]en nu? ik wordt al langzam gek….[/b:568cfae830]

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:09:43, on 27-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Parental Control\ParentalControl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\program files\advanced system optimizer\memtuneup.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    End of file - 5936 bytes
  • Open een leeg kladblok venster en kopieer/plak onderstaande dikgedrukte tekst daarin:

    [b:d37606f507]
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    [/b:d37606f507]

    Sla het vervolgens op als [b:d37606f507]fix.bat[/b:d37606f507] op je [u:d37606f507]Bureaublad[/u:d37606f507]
    Kies bij Opslaan als type voor [b:d37606f507]Alle bestanden[/b:d37606f507].

    Dubbelklik vervolgens op [b:d37606f507]fix.bat[/b:d37606f507]

    1. Probeer eerst eens deze IEfix:
    http://www.hitmanpro.nl/iefix.exe
    Downloaden en dubbelklikken om uit te voeren. Klik bij de vraag over de internetprotocols op nee.
  • geloof het of niet maar nogsteeds safe-site.com….
    wil je weer een logje?
  • Wacht nog maar even met het logje, ik wil graag iets duidelijker hebben waar we nu mee te maken hebben. Zou je eens een screenshot willen plaatsen naar de site waar je naartoe wordt doorgelinkt?

    Je kan je plaatje hier uploaden:
    http://imageshack.us/
  • Best Pim

    allereerst wil ik je vast bedanken voor alle moeite en tijd die je voor me neemt!

    via de safe-site.com kom ik telkens weer op een andere pagina uit, het safe-site zie ik alleen in de adresbalk maar een pagina wordt nooit geladen een afbeelding volgt.

    misschien is het trouwens een idee om even aan te geven wat je probeert te veranderen zodat ik dat ook even voor je testen kan…

    Groet Niels
  • Nou, ergens zit er nog zooi, waardoor je telkens wordt doorgestuurd naar die website. Het rare is dat je logjes zo schoon zijn als het maar kan :(
    Ik heb ergens dus het vermoeden dat het ergens anders aan ligt i.p.v. malware, daarom wil ik zoveel mogelijk informatie verzamelen om voor mezelf duidelijk te krijgen waar het probleem nu zit. :)
  • afbeeldingen verstuurd via e-mail!

    ik zit net ff te surfen op een van die sites van safe-site…
    En nou zit ik te denken, zou het kunnen zijn dan m'n zoon in een poging om een soort van keylogger programma (ofzo iets) te installeren iets onbedoelds heeft geinstaleerd? en zo ja moet ik dan een hijackthis logje maken van zijn account?

    het is zomaar een idee

    nog zo iets (ff googelen) http://www.paganlibrary.com/witch_hunting/cybersitter.php
    misschien als jij het lees dat je het snapt maar daar komt duidelijk iets naar voren met een verwijzing naar safe-site.com!
    als ik het een beetje begrijp heeft het iets te malen met Cybersitter. Daar heb ik wel eens naar zitten kijken maar volgens mij niks van geinstaleerd… zou er dan idd ergens iets van een filter zijn blijven hangen? :oops:

    zie ook eens http://www.aboutus.org/Safe-Site.com
    http://www.mixx941.com/forum/index.php?topic=41.msg6174
    http://forums.spywareinfo.com/lofiversion/index.php/t82430.html
    http://siteanalytics.compete.com/safe-site.com/
    http://searchanalytics.compete.com/site_referrals/safe-site.com
    http://www.bleepingcomputer.com/forums/topic7232.html
    http://marc.info/?l=dragonidsuser&m=107288772326050&w=2
    http://www.siteadvisor.com/sites/safe-site.com/summary/
    [b:fe52b4ff9b]http://www.antionline.com/showthread.php?t=243032[/b:fe52b4ff9b]

    De laatste lijkt me vooral interresant… maar voor mij is het allemaal chinees!
    Maar van wat ik zo links en rechts lees moet er ergens een internet restrictie zijn blijven hangen van bijv. Cybersitter…
    Is het een idee dat ik die opnieuw probeer te installeren en weer te verwijderen?
    ik heb m'n best gedaan, ik hoop dat jij er wijs uit kunt worden!
  • Nou ik ben ondertussen een heel stuk verder!
    ik heb de filter kunnen verwijderen dus dat probleem is opgelost
    diverse scans laten lopen en nog een aantal problemen kunnen verwijderen
    het onderdeel [internet] in m'n configuratiescherm heb ik nog steeds niet terug!
    en ik vind m'n internet verbinding ook nog niet super stabiel…
    misschien kan je nog eens kijken naar m'n logje?
    mijn wens: firefox, firewall, NOD32
    ik heb nu ook nog spybot draaien, is dat ook handig?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:26:50, on 4-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Parental Control\ParentalControl.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\program files\advanced system optimizer\memtuneup.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.exe /SERVICE
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193593939655
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    End of file - 6675 bytes

    ik hoor het graag!
  • Ik heb je logje een beetje over het hoofd gezien :oops:
    Ik heb ook geen afbeeldingen ontvangen per email.


    Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit.
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident TeaTimer en klik OK
    - Herstart de computer
    - Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.

    Start Hijackthis, kies voor [i:c1ec96e030]'Do a system scan only'[/i:c1ec96e030] en vink onderstaande regels aan:
    [b:c1ec96e030]
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    [/b:c1ec96e030]
    Sluit nu [u:c1ec96e030]alle[/u:c1ec96e030] openstaande vensters, behalve Hijackthis en klik op [b:c1ec96e030]Fix Checked[/b:c1ec96e030].

    Herstart je PC, maak een nieuw Hijackthis logfile ter controle.
    Vermeldt ook even hoe het met je problemen is.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.