Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HJT Log ter controle

Othuroyo
15 antwoorden
  • Hallo,

    Ik heb weer eens problemen met m'n pc.
    Internet Explorer 7 wil geen pagina's meer weergeven en de pc is traag.
    Via Firefox kan ik gelukkig wel internetten.
    Is er iemand die mijn log wil bekijken?
    B.V.D.

    Groeten Laurens

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:25:02, on 3-2-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    C:\WINDOWS\VdCap03C\StillMnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Cobian Backup 8\Cobian.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Documents and Settings\Laurens\Downloads\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Cobian Backup 8\cbInterface.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\RECYCLER\S-1-0-77-100025324-100021522-100004866-5581.com
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
    O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\launcher.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-507921405-796845957-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jeannet')
    O4 - HKUS\S-1-5-21-507921405-796845957-725345543-1004\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray (User 'Jeannet')
    O4 - HKUS\S-1-5-21-507921405-796845957-725345543-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Jeannet')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Laurens\Downloads\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://vpninst.bbnv.nl/dana/download/icaweb.cab?url=/dana/term/winlaunchterm.cgi?op=DownloadCitrixCab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1227358589271&h=6b9206a7054127f2410dd7602376257e/&filename=jinstall-6u10-windows-i586-jc.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpninst.bbnv.nl/dana-cached/setup/JuniperSetupSP1.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D228F21E-E864-4BE5-B269-BE34A069DEBC}: NameServer = 85.255.112.39,85.255.112.40
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dbghelp32.dll
    O20 - Winlogon Notify: 146b66c1517 - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 12523 bytes

  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:74716819c0] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D228F21E-E864-4BE5-B269-BE34A069DEBC}: NameServer = 85.255.112.39,85.255.112.40
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dbghelp32.dll
    O20 - Winlogon Notify: 146b66c1517 - C:\WINDOWS\[/b:74716819c0]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:74716819c0]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    taskkill /f /im RECYCLER\S-1-0-77-100025324-100021522-100004866-5581.com
    FOR %%g in (
    C:\WINDOWS\System32\dbghelp32.dll) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:74716819c0]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.


    Download [b:74716819c0] en sla het op je bureaublad op.
    Dubbelklik op [b:74716819c0]mbam-setup.exe[/b:74716819c0] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:74716819c0]
    [*:74716819c0]Update MalwareBytes' Anti-Malware
    [*:74716819c0]Start MalwareBytes' Anti-Malware
    [/list:u:74716819c0]Klik daarna op "[b:74716819c0]Voltooien[/b:74716819c0]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:74716819c0]
    [*:74716819c0]Zodra het programma gestart is, ga dan naar het tabblad "[b:74716819c0]Instellingen[/b:74716819c0]".
    [*:74716819c0]Vink hier aan: "[b:74716819c0]Sluit Internet Explorer tijdens verwijdering van malware[/b:74716819c0]".
    [*:74716819c0]Ga daarna naar het tabblad "[b:74716819c0]Scanner[/b:74716819c0]", kies hier voor "[b:74716819c0]Snelle Scan[/b:74716819c0]".
    [*:74716819c0]Druk vervolgens op "[b:74716819c0]Scannen[/b:74716819c0]" om de scan te starten.
    [*:74716819c0]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:74716819c0]Wanneer de scan voltooid is, klik op [b:74716819c0]OK[/b:74716819c0], daarna "[b:74716819c0]Bekijk Resultaten[/b:74716819c0]" om de resultaten te zien.
    [*:74716819c0]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:74716819c0]Verwijder geselecteerde[/b:74716819c0]".
    [*:74716819c0]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:74716819c0]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:74716819c0]Logs[/b:74716819c0]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis


    Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.


    Download [b:74716819c0] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:74716819c0]
  • Hoi,

    Bedankt voor je hulp.

    Hierbij de logs. De log van Combofix is niet verschenen, hij startte de pc opnieuw op maar er verscheen na lang wachten geen log bestand.
    Tevens kon ik de MBAM niet updaten, deze gaf aan dat er geen verbinding met internet is (???).

    Del.bat log:

    Deleting files
    C:\WINDOWS\System32\dbghelp32.dll not found

    Malwarebytes' Anti-Malware 1.33
    Database versie: 1654
    Windows 5.1.2600 Service Pack 2

    3-2-2009 19:04:03
    mbam-log-2009-02-03 (19-04-03).txt

    Scan type: Snelle Scan
    Objecten gescand: 60533
    Verstreken tijd: 5 minute(s), 25 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 1
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 3
    Bestanden geïnfecteerd: 3

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Laurens\Local Settings\Temp\matrix30980.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:41, on 2009-02-03
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\VdCap03C\StillMnt.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Cobian Backup 8\Cobian.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Documents and Settings\Laurens\Downloads\WinZip\WZQKPICK.EXE
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Cobian Backup 8\cbInterface.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
    O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\launcher.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Laurens\Downloads\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://vpninst.bbnv.nl/dana/download/icaweb.cab?url=/dana/term/winlaunchterm.cgi?op=DownloadCitrixCab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1227358589271&h=6b9206a7054127f2410dd7602376257e/&filename=jinstall-6u10-windows-i586-jc.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpninst.bbnv.nl/dana-cached/setup/JuniperSetupSP1.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 10901 bytes

  • Zoek het bestand combofix.txt op via de standaard zoekfunctie van Windows.
    Als die niks vindt run ComboFix dan nogmaals en wacht dan als het klaar is nog een tijdje.
  • Gevonden:

    ComboFix 09-02-02.04 - Laurens 2009-02-03 19:33:31.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1023.551 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Laurens\Bureaublad\ComboFix.exe
    AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
    FW: ESET Persoonlijke firewall *enabled*
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    —- Voorgaande Run ——-
    .
    C:\Documents and Settings\Jeannet\Application Data\02000000edcc9d5f517C.manifest
    C:\Documents and Settings\Jeannet\Application Data\02000000edcc9d5f517O.manifest
    C:\Documents and Settings\Jeannet\Application Data\02000000edcc9d5f517P.manifest
    C:\Documents and Settings\Jeannet\Application Data\02000000edcc9d5f517S.manifest
    C:\Documents and Settings\Laurens\Application Data\02000000edcc9d5f517C.manifest
    C:\Documents and Settings\Laurens\Application Data\02000000edcc9d5f517O.manifest
    C:\Documents and Settings\Laurens\Application Data\02000000edcc9d5f517P.manifest
    C:\Documents and Settings\Laurens\Application Data\02000000edcc9d5f517S.manifest
    C:\RECYCLER\S-4-4-56-100009878-100003030-100028440-1485.com
    C:\WINDOWS\system32\drivers\gaopdxrsrfwblv.sys
    C:\WINDOWS\system32\drivers\gaopdxserv.sys
    C:\WINDOWS\system32\dumphive.exe
    C:\WINDOWS\system32\gaopdxhoehbapx.dll
    C:\WINDOWS\system32\GroupPolicy000.dat
    C:\WINDOWS\system32\GroupPolicyManifest
    C:\WINDOWS\system32\GroupPolicyManifest\216.tmp
    C:\WINDOWS\system32\SrchSTS.exe
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\VCCLSID.exe
    C:\WINDOWS\system32\WS2Fix.exe
    D:\RECYCLER\S-1-0-77-100025324-100021522-100004866-5581.com
    D:\RECYCLER\S-3-0-14-100017186-100020413-100023803-6732.com
    D:\RECYCLER\S-4-4-56-100009878-100003030-100028440-1485.com
    D:\resycled
    E:\RECYCLER\S-1-0-77-100025324-100021522-100004866-5581.com
    E:\RECYCLER\S-3-0-14-100017186-100020413-100023803-6732.com
    E:\RECYCLER\S-4-4-56-100009878-100003030-100028440-1485.com

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_gaopdxserv.sys


    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))))
    .

    2009-02-02 18:45 . 2009-02-02 18:45 374,272 –ahs—- C:\WINDOWS\system32\22.tmp
    2009-02-02 13:21 . 2009-02-02 13:21 373,760 –ahs—- C:\WINDOWS\system32\39.tmp
    2009-02-01 19:00 . 2009-02-01 19:00 0 –a—— C:\WINDOWS
    sreg.dat
    2009-02-01 16:23 . 2009-02-01 16:25 <DIR> d——– C:\Program Files\SpywareBlaster
    2009-02-01 13:50 . 2009-02-03 19:04 <DIR> d–hs—- C:\Documents and Settings\Laurens\Onlangs geopend
    2009-02-01 13:27 . 2009-02-01 13:27 <DIR> d——– C:\Program Files\TagRename
    2009-02-01 12:56 . 2009-02-03 13:34 4 –a—— C:\WINDOWS\system32\gaopdxcounter
    2009-01-26 19:13 . 2009-01-27 13:18 <DIR> d——– C:\Program Files\FreeRIP3
    2009-01-26 19:13 . 2009-01-26 19:13 <DIR> d——– C:\Documents and Settings\All Users\Application Data\FreeRIP
    2009-01-25 10:43 . 2009-01-25 10:43 <DIR> d——– C:\Program Files\Naviextras
    2009-01-25 10:43 . 2009-01-25 10:43 <DIR> d——– C:\Documents and Settings\Laurens\Application Data\Naviextras
    2009-01-22 21:28 . 2009-01-22 21:28 <DIR> d——– C:\Documents and Settings\Laurens\LimeWire Store Purchased
    2009-01-17 13:12 . 2009-02-02 19:18 <DIR> d——– C:\Documents and Settings\Laurens\Application Data\LimeWirePlus
    2009-01-10 13:47 . 2009-01-18 11:44 <DIR> d——– C:\Documents and Settings\Laurens\Application Data\LimeWirePlus(2)

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-03 17:47 ——— d—–w C:\Program Files\Malwarebytes' Anti-Malware
    2009-02-01 17:40 ——— d—–w C:\Program Files\Hitman Pro
    2009-02-01 16:18 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-01 15:24 ——— d—–w C:\Program Files\Spybot - Search & Destroy
    2009-01-18 12:50 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2009-01-18 10:44 ——— d—–w C:\Program Files\LimeWire Plus
    2009-01-18 10:44 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Juniper Networks
    2009-01-18 10:11 ——— d—–w C:\Program Files\RegCure
    2009-01-18 10:11 ——— d—–w C:\Program Files\Hema Album Software Advanced
    2009-01-18 10:11 ——— d—–w C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced
    2009-01-14 15:11 38,496 —-a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2009-01-14 15:11 15,504 —-a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-12-18 19:47 ——— d—–w C:\Documents and Settings\All Users\Application Data\Juniper Networks
    2008-11-22 12:55 410,976 —-a-w C:\WINDOWS\system32\deploytk.dll
    2008-11-19 21:58 70,438 —-a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-11-19 21:58 5,374 —-a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-07-19 18:37 30 —-a-w C:\Program Files\Exiferupdate.ini
    2008-01-23 21:53 32 —-a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2003-10-23 16:52 40,960 —-a-w C:\Program Files\Uninstall_CDS.exe
    .

    ——- Sigcheck ——-

    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 C:\WINDOWS\system32\wuauclt.exe
    2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 C:\WINDOWS\system32\dllcache\wuauclt.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "Cobian Backup 8"="C:\Program Files\Cobian Backup 8\Cobian.exe" [2007-09-27 12:37 501248]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 17:41 1232896]
    "Vista Rainbar"="C:\Program Files\Vista Rainbar\launcher.exe" [2008-11-14 21:57 131778]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-01-03 03:58 208896]
    "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-01-03 03:59 69632]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 07:51 86016]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-26 16:58 61440]
    "ULiRaid"="C:\Program Files\ULi5287\ULi5287.exe" [2005-08-23 20:59 409600]
    "NSLU2 Flash Map Utility"="C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe" [2004-04-30 11:33 245760]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 07:51 7323648]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 18:45 192512]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 13:17 94208]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 14:09 413696]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 13:23 1447168]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-22 13:55 136600]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 21:10 151552]
    "nwiz"="nwiz.exe" [2005-12-14 07:51 1519616 C:\WINDOWS\system32
    wiz.exe]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 06:36 14854144 C:\WINDOWS\RTHDCPL.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 17:41 1232896]

    C:\Documents and Settings\Laurens\Menu Start\Programma's\Opstarten\
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536]
    Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14 155648]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    WinZip Quick Pick.lnk - C:\Documents and Settings\Laurens\Downloads\WinZip\WZQKPICK.EXE [2008-04-28 10:20:00 415072]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "FirebirdServerMAGIXInstance"=3 (0x3)
    "WebrootSpySweeperService"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
    "C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
    "C:\\RASplus\\RASplus_Runner.exe"=
    "C:\\Program Files\\NSLU2 Flash Map Utility\\StorageLink.exe"=
    "C:\\Program Files\\Titan\\Bin\\titan.exe"=
    "C:\\Documents and Settings\\Laurens\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    "C:\\Documents and Settings\\Laurens\\Application Data\\Juniper Networks\\Juniper Citrix Services Client\\dsCitrixProxy.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
    "%windir%\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3306:TCP"= 3306:TCP:MySQL Server

    R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2007-11-21 23:09:11 101120]
    R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 13:25:10 468224]
    S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\WINDOWS\system32\drivers
    disprot.sys [2008-11-16 19:47:43 27904]
    S3 UfasoftSnifferDriver;Ufasoft Sniffer driver;C:\Program Files\Ufasoft\Sniffer\sniff_nt.sys [2008-01-22 22:41:02 11584]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eacdcf8-cc65-11dd-b4e2-0013d3eebb92}]
    \Shell\AutoRun\command - F:\CarryItEasy.exe /AUTORUN
    \Shell\configure\command - F:\CarryItEasy.exe
    \Shell\install\command - F:\CarryItEasy.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-09-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-02-03 C:\WINDOWS\Tasks\RegCure Program Check.job
    - C:\Program Files\RegCure\RegCure.exe []

    2009-01-02 C:\WINDOWS\Tasks\RegCure.job
    - C:\Program Files\RegCure\RegCure.exe []

    2009-02-02 C:\WINDOWS\Tasks\SyncBack Synchronistie van D.job
    - C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe [2008-08-12 11:00]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKLM-Run-StillMnt - WCamRmv.exe
    Notify-dimsntfy - (no file)
    Notify-WgaLogon - (no file)


    .
    ——- Bijkomende Scan ——-
    .
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - C:\Documents and Settings\Laurens\Application Data\Mozilla\Firefox\Profiles\ayh04bn7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/
    .


  • Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.





    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • Hierbij het log.

    Nu ik de pc en Windows opnieuw opstart krijg ik de foutmelding dat Windows een bestandniet vindt en kan starten. Het gaat om het bestand:
    C:\windows\system32\scrnrdr.exe

    Log:


    ComboFix 09-02-03.01 - Laurens 2009-02-04 17:32:44.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1023.369 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Laurens\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Laurens\Bureaublad\CFScript.txt
    AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
    FW: ESET Persoonlijke firewall *enabled*
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    c:\windows
    sreg.dat
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows
    sreg.dat
    c:\windows\system32\22.tmp\
    c:\windows\system32\39.tmp\
    c:\windows\system32\gaopdxcounter\
    .
    —- Voorgaande Run ——-
    .
    c:\documents and settings\Jeannet\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517C.manifest
    c:\documents and settings\Jeannet\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517O.manifest
    c:\documents and settings\Jeannet\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517P.manifest
    c:\documents and settings\Jeannet\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517S.manifest
    c:\documents and settings\Laurens\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517C.manifest
    c:\documents and settings\Laurens\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517O.manifest
    c:\documents and settings\Laurens\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517P.manifest
    c:\documents and settings\Laurens\Application Data\[u:5f8442ed58]0[/u:5f8442ed58]2000000edcc9d5f517S.manifest
    c:\recycler\S-4-4-56-100009878-100003030-100028440-1485.com
    c:\windows\system32\drivers\gaopdxrsrfwblv.sys
    c:\windows\system32\drivers\gaopdxserv.sys
    c:\windows\system32\dumphive.exe
    c:\windows\system32\gaopdxhoehbapx.dll
    c:\windows\system32\GroupPolicy000.dat
    c:\windows\system32\GroupPolicyManifest
    c:\windows\system32\GroupPolicyManifest\216.tmp
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    d:\recycler\S-1-0-77-100025324-100021522-100004866-5581.com
    d:\recycler\S-3-0-14-100017186-100020413-100023803-6732.com
    d:\recycler\S-4-4-56-100009878-100003030-100028440-1485.com
    D:\resycled
    e:\recycler\S-1-0-77-100025324-100021522-100004866-5581.com
    e:\recycler\S-3-0-14-100017186-100020413-100023803-6732.com
    e:\recycler\S-4-4-56-100009878-100003030-100028440-1485.com

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_gaopdxserv.sys


    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-04 to 2009-02-04 ))))))))))))))))))))))))))))))
    .

    2009-02-04 17:21 . 2009-02-04 17:23 <DIR> d——– c:\windows\LastGood
    2009-02-02 18:45 . 2009-02-02 18:45 374,272 –ahs—- c:\windows\system32\22.tmp
    2009-02-02 13:21 . 2009-02-02 13:21 373,760 –ahs—- c:\windows\system32\39.tmp
    2009-02-01 16:23 . 2009-02-01 16:25 <DIR> d——– c:\program files\SpywareBlaster
    2009-02-01 13:50 . 2009-02-04 17:30 <DIR> d–hs—- c:\documents and settings\Laurens\Onlangs geopend
    2009-02-01 13:27 . 2009-02-01 13:27 <DIR> d——– c:\program files\TagRename
    2009-02-01 12:56 . 2009-02-03 13:34 4 –a—— c:\windows\system32\gaopdxcounter
    2009-01-26 19:13 . 2009-01-27 13:18 <DIR> d——– c:\program files\FreeRIP3
    2009-01-26 19:13 . 2009-01-26 19:13 <DIR> d——– c:\documents and settings\All Users\Application Data\FreeRIP
    2009-01-25 10:43 . 2009-01-25 10:43 <DIR> d——– c:\program files\Naviextras
    2009-01-25 10:43 . 2009-01-25 10:43 <DIR> d——– c:\documents and settings\Laurens\Application Data\Naviextras
    2009-01-22 21:28 . 2009-01-22 21:28 <DIR> d——– c:\documents and settings\Laurens\LimeWire Store Purchased
    2009-01-17 13:12 . 2009-02-02 19:18 <DIR> d——– c:\documents and settings\Laurens\Application Data\LimeWirePlus
    2009-01-10 13:47 . 2009-01-18 11:44 <DIR> d——– c:\documents and settings\Laurens\Application Data\LimeWirePlus(2)

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-03 17:47 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
    2009-02-01 17:40 ——— d—–w c:\program files\Hitman Pro
    2009-02-01 16:18 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-01 15:24 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-18 12:50 ——— d—–w c:\program files\Microsoft ActiveSync
    2009-01-18 10:44 ——— d—–w c:\program files\LimeWire Plus
    2009-01-18 10:44 ——— d—–w c:\documents and settings\Laurens\Application Data\Juniper Networks
    2009-01-18 10:11 ——— d—–w c:\program files\RegCure
    2009-01-18 10:11 ——— d—–w c:\program files\Hema Album Software Advanced
    2009-01-18 10:11 ——— d—–w c:\documents and settings\All Users\Application Data\Hema Album Software Advanced
    2009-01-14 15:11 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 15:11 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2008-12-18 19:47 ——— d—–w c:\documents and settings\All Users\Application Data\Juniper Networks
    2008-11-22 12:55 410,976 —-a-w c:\windows\system32\deploytk.dll
    2008-11-19 21:58 70,438 —-a-w c:\windows\BricoPackUninst.cmd
    2008-11-19 21:58 5,374 —-a-w c:\windows\BricoPackFoldersDelete.cmd
    2008-07-19 18:37 30 —-a-w c:\program files\Exiferupdate.ini
    2008-01-23 21:53 32 —-a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2003-10-23 16:52 40,960 —-a-w c:\program files\Uninstall_CDS.exe
    .

    ——- Sigcheck ——-

    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
    2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2009-02-03_19.35.09.00 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2006-12-19 21:51:37 8,500,736 -c—-w c:\windows\$NtUninstallKB943460$\shell32.dll
    - 2007-08-21 10:53:31 122,880 -c—-w c:\windows\$NtUninstallKB943460$\xpsp3res.dll
    + 2006-12-19 21:51:37 8,500,736 -c—-w c:\windows\$NtUninstallKB943460_0$\shell32.dll
    + 2006-12-19 21:51:37 8,500,736 -c—-w c:\windows\$NtUninstallKB943460_0$\shell32.dll.000
    + 2007-03-06 01:58:27 216,800 -c—-w c:\windows\$NtUninstallKB943460_0$\spuninst\spuninst.exe
    + 2007-03-06 01:59:37 389,856 -c—-w c:\windows\$NtUninstallKB943460_0$\spuninst\updspapi.dll
    + 2007-08-21 10:53:31 122,880 -c—-w c:\windows\$NtUninstallKB943460_0$\xpsp3res.dll
    + 2006-06-02 19:34:07 33,792 ——w c:\windows
    etwork diagnostic\custsat.dll
    + 2006-10-10 12:44:50 557,568 ——w c:\windows
    etwork diagnostic\xpnetdiag.exe
    - 2008-12-09 23:24:37 17,593,280 —-a-w c:\windows\system32\MRT.exe
    + 2009-01-09 16:35:30 20,853,704 —-a-w c:\windows\system32\MRT.exe
    + 2009-02-04 13:07:35 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_33c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "Cobian Backup 8"="c:\program files\Cobian Backup 8\Cobian.exe" [2007-09-27 501248]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
    "Vista Rainbar"="c:\program files\Vista Rainbar\launcher.exe" [2008-11-14 131778]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SW20"="c:\windows\system32\sw20.exe" [2006-01-03 208896]
    "SW24"="c:\windows\system32\sw24.exe" [2006-01-03 69632]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-14 86016]
    "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-26 61440]
    "ULiRaid"="c:\program files\ULi5287\ULi5287.exe" [2005-08-23 409600]
    "NSLU2 Flash Map Utility"="c:\program files\NSLU2 Flash Map Utility\StorageLink.exe" [2004-04-30 245760]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]
    "EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-22 136600]
    "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
    "nwiz"="nwiz.exe" [2005-12-14 c:\windows\system32
    wiz.exe]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 c:\windows\RTHDCPL.exe]
    "StillMnt"="WCamRmv.exe" [BU]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

    c:\documents and settings\Laurens\Menu Start\Programma's\Opstarten\
    TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
    Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    WinZip Quick Pick.lnk - c:\documents and settings\Laurens\Downloads\WinZip\WZQKPICK.EXE [2008-04-28 415072]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\dimsntfy]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\WgaLogon]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "FirebirdServerMAGIXInstance"=3 (0x3)
    "WebrootSpySweeperService"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
    "c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
    "c:\\RASplus\\RASplus_Runner.exe"=
    "c:\\Program Files\\NSLU2 Flash Map Utility\\StorageLink.exe"=
    "c:\\Program Files\\Titan\\Bin\\titan.exe"=
    "c:\\Documents and Settings\\Laurens\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    "c:\\Documents and Settings\\Laurens\\Application Data\\Juniper Networks\\Juniper Citrix Services Client\\dsCitrixProxy.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3306:TCP"= 3306:TCP:MySQL Server

    R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2007-11-21 101120]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
    S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers
    disprot.sys [2008-11-16 27904]
    S3 UfasoftSnifferDriver;Ufasoft Sniffer driver;c:\program files\Ufasoft\Sniffer\sniff_nt.sys [2008-01-22 11584]

    — Andere Services/Drivers In Geheugen —

    *NewlyCreated* - CSISCANNER
    *Deregistered* - CSIScanner
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-02-04 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe []

    2009-01-02 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe []

    2009-02-02 c:\windows\Tasks\SyncBack Synchronistie van D.job
    - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-08-12 11:00]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - c:\documents and settings\Laurens\Application Data\Mozilla\Firefox\Profiles\ayh04bn7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-04 17:35:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2009-02-04 17:37:25
    ComboFix-quarantined-files.txt 2009-02-04 16:37:18

    Pre-Run: 55,251,599,360 bytes beschikbaar
    Post-Run: 55,241,764,864 bytes beschikbaar

    Current=3 Default=3 Failed=1 LastKnownGood=2 Sets=1,2,3,4
    224 — E O F — 2008-01-09 22:43:24







  • Download GV Killer.exe.
    Zet het in een eigen map bijvoorbeeld in de map C:\Program Files\GV Killer en maak vervolgens een snelkoppeling van C:\Program Files\GV Killer\GV Killer.exe naar je bureaublad.
    Start GV Killer en gebruik Kopiëren en Plakken om de namen van onderstaande bestanden en mappen in het bestand C:\Program Files\GV Killer\input.txt te zetten.

    [b:4a3a10064d]c:\windows\system32\22.tmp
    c:\windows\system32\39.tmp[/b:4a3a10064d]

    Sluit het bestand C:\Program Files\GV Killer\input.txt en druk op de toets Start Killing om het programma te starten.
    Plaats de inhoud van het bestand C:\GV Killer.txt in je volgende bericht.
  • Logfile gv_killer_01.txt v7.0.9 - Copyright © GV_Soft Guido Vaesen
    Rapport datum: 4-2-2009 19:24:58 log van Laurens , Beheerder van deze computer
    Platform: Windows XP Prof SP2 NLD Normale modus

    BEGIN Geplande taken—————————————————————–
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\RegCure Program Check.job
    C:\WINDOWS\tasks\RegCure.job
    C:\WINDOWS\tasks\SyncBack Synchronistie van D.job
    EINDE Geplande taken—————————————————————–


    Lijst Notify keys——————————————————————–
    HKLM\software\microsoft\windows nt\currentversion\winlogon
    otify
    dimsntfy
    WgaLogon
    Einde Notify keys——————————————————————–

    Verklaring Errorcodes—————————————————————-
    code 00 : Bestand is verwijderd.
    code 53 : Bestand of map werd niet gevonden op uw PC.
    code 70 : Bestand was in gebruik.
    code 75 : Services zijn nog geladen of bestand in gebruik.
    code M0 : Map is verwijderd.
    code ML : Map is volledig leeg gemaakt.
    code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt.
    code MV : Map werd niet gevonden op uw PC, is niet verwijderd.
    code K0 : Register key is verwijderd.
    Einde Errorcodes——————————————————————–

    BEGIN Inhoud van Input.txt———————————————————–
    c:\windows\system32\22.tmp
    c:\windows\system32\39.tmp
    EINDE Inhoud van Input.txt———————————————————–

    00 c:\windows\system32\22.tmp
    00 c:\windows\system32\39.tmp
    EINDE Inhoud van Input.txt———————————————————–


    ;5855679-643-4763305-23562=4LS0L19624

    ;EINDE GV_Killer ———————————————————————
  • Hoe staat het met de problemen?
  • Ik heb in ieder geval geen zenuwachtige ESET virusscanner meer.
    De snelheid is weer super. Ik had alleen mijn vraagtekens bij de eerder genoemde foutmelding bij opstarten van Windows. Ik heb de pc nog niet opnieuw opgestart, dus weet niet of deze melding verleden tijd is.

    Hartstikke bedankt voor de hulp.
  • Probeer dat maar is en als de melding nog komt, zou je mij dan kunnen vertellen wat er [b:4f93f2145b]precies[/b:4f93f2145b] in die melding staat?
  • Ik krijg een volgende melding:

    `Windows kan het bestand C:\Windows\system32\scrnrdr.exe niet vinden. Controleer of u de naam juist hebt ingevoerd en probeer het daarna opnieuw. Klik als u naar een bestand wilt zoeken op Start en daarna op Zoeken`.

    Daarna krijg ik nog een keer deze foutmelding

    `Could not execute the external program C:\Windows\system32\scrnrdr.exe `
  • Download Dial-a-fix-2006
    en pak beide bestanden in hun eigen map uit naar je Bureaublad.

    In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
    In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
    Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
    Sluit dit venster na afloop door onderaan op "Close" te klikken.
  • Gedaan, helaas verschijnt de melding weer bij opstarten.

    [quote:faa5a5ae8f="Othuroyo"]Download Dial-a-fix-2006
    en pak beide bestanden in hun eigen map uit naar je Bureaublad.

    In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
    In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
    Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
    Sluit dit venster na afloop door onderaan op "Close" te klikken.[/quote:faa5a5ae8f]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.