Vraag & Antwoord

Beveiliging & privacy

helpPLEASE!software zoals MBAM.exe wil zelfs niet opstarten?

Anoniem
Othuroyo
25 antwoorden
 • Hallo kan iemand mij helpen om fouten te vinden, ik ben al twee weken op zoek maar kom niet verder, Please HELP

  Computer start normaal op, avg start op maar geen van de scanners kunnen update-en, links naar avg site wordt omgelinked, en spy bot launched niet, m-bam exe wil zefs niet geinstalleerd worden?  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 18:27:44, on 5-2-2009
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16762)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\WINDOWS\system32\CTsvcCDA.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\PnkBstrA.exe
  C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
  C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\PROGRA~1\AVG\AVG8\avgemc.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
  C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
  C:\WINDOWS\system32\Rundll32.exe
  C:\Program Files\PowerISO\PWRISOVM.EXE
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Creative\Shared Files\CTSched.exe
  C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
  C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
  C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\Ege van Dullemen\Mijn documenten\HiJackThis\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file)
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
  O2 - BHO: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file)
  O2 - BHO: TBSB00982 - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll
  O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (file missing)
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll
  O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
  O3 - Toolbar: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file)
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
  O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
  O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
  O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
  O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
  O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
  O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
  O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
  O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O20 - AppInit_DLLs: avgrsstx.dll
  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
  O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


  End of file - 9417 bytes
 • Start hijackthis en kies voor 'do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:

  [b:0a21a3895d]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R3 - URLSearchHook: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file)
  O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
  O2 - BHO: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file)
  O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (file missing)
  O3 - Toolbar: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file)
  O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
  O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)[/b:0a21a3895d]

  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.  Ga naar Start – Uitvoeren en tik in: cmd
  Druk op enter.
  Een dosventer (opdrachtprompt) zal open.
  Tik in: [b:0a21a3895d]ipconfig /flushdns[/b:0a21a3895d]
  Druk op enter.
  Sluit het venster.
  Herstart de computer.


  Download [b:0a21a3895d] naar je Bureaublad en gebruik het volgens deze handleiding.
  [i:0a21a3895d]
 • :D dankje, ik ga het vanavond proberen !
 • :cry:

  ik heb een eerste poging van stap 1 gedaan, maar zag dat spybot veranderingen wilde doorvoeren. daarna heb ik Spybot verwijdert en stap 1 opnieuw uitgevoerd.

  stap 2: Programma combofix óf m-bam wil niet opstarten:  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 19:34:45, on 16-2-2009
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16791)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\WINDOWS\system32\CTsvcCDA.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\PnkBstrA.exe
  C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
  C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\PROGRA~1\AVG\AVG8\avgemc.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
  C:\WINDOWS\system32\Rundll32.exe
  C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
  C:\Program Files\PowerISO\PWRISOVM.EXE
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Common Files\ACD Systems\NL\DevDetect.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Creative\Shared Files\CTSched.exe
  C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Documents and Settings\Ege van Dullemen\Bureaublad\ComboFix\ComboFix.exe
  C:\Documents and Settings\Ege van Dullemen\Mijn documenten\HiJackThis\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
  O2 - BHO: TBSB00982 - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll
  O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
  O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
  O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
  O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
  O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
  O4 - HKCU\..\Run: [Creative Software Update] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
  O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
  O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
  O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
  O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O20 - AppInit_DLLs: avgrsstx.dll
  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
  O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


  End of file - 8383 bytes
 • Wat gebeurt er dan als je op ComboFix.exe klikt?
 • als ik op combofix.exe druk gebeurt er niks.

  als ik kijk onder: ctrl+alt+del -> taakbeheer -> processen
  staat er wel [b:3df24a9c95]combofix.exe[/b:3df24a9c95] net als [b:3df24a9c95]m-bam.exe[/b:3df24a9c95] maar CPU gebruik blijft op nul staan. dus hij start niet door.
 • O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
  O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm

  staan er beide nieuw in, is flashget uberhaupt nodig voor XP? en wat weet je verder van het programma Spybot.

  Bedankt zover voor je hulp, ik weet zelf niet genoeg van computers om dit op te lossen….
 • is het mogelijk om combofix of m-bam te installeren via DOS?
 • Verwijder ComboFix doormiddel van start- uitvoeren en typ
  Combofix /U
  Druk op enter.

  Start de computer nu in veilige modus, doe een scan met mbam.
  Plaats het logje hier.
  Neem vervolgens de stappen van ComboFix weer door in veilige modus.
 • :o ik zal het vanavond doen, ik zit nu op mijn werk
 • ook in de safe mode start combo fix of m-bam niet op :(
 • ik heb een gast account aangemaakt om ze daar te proberen maar ook daar starten ze beide niet op….
 • Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 19:48:59, on 17-2-2009
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16791)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\WINDOWS\system32\CTsvcCDA.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
  C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
  C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
  C:\WINDOWS\system32\Rundll32.exe
  C:\Program Files\PowerISO\PWRISOVM.EXE
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Common Files\ACD Systems\NL\DevDetect.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Creative\Shared Files\CTSched.exe
  C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Documents and Settings\Ege van Dullemen\Bureaublad\SUPERAntiSpyware\HiJackThis\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
  O2 - BHO: TBSB00982 - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
  O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
  O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
  O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
  O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
  O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


  End of file - 6193 bytes
 • ik heb m-bam direct vanaf download.com geïnstalleerd. programma staat nu in software pakket evenals nieuwe AVG ( voor de zekerheid toch maar gedownload)

  Geprobeerd in veilige modus mbam te starten, maar wil niet opstarten
 • ik zal ook eens • Dubbelklik drweb-cureit.exe proberen
 • Download en bewaar SDFix
  op je bureaublad.
  Dubbelklik op [b:d54a97f194]SDFix.exe[/b:d54a97f194] en kies voor [b:d54a97f194]Install[/b:d54a97f194] om het tooltje uit te pakken in een eigen map op je bureaublad.

  Start de computer opnieuw op, maar dan in veilige modus.

  [list:d54a97f194][*:d54a97f194] In veilige modus, open de SDFix map op je bureaublad en dubbelklik op [b:d54a97f194]RunThis.bat[/b:d54a97f194] om het tooltje te starten.
  [*:d54a97f194] Typ [b:d54a97f194]Y[/b:d54a97f194] om het clean proces te starten.
  [*:d54a97f194] het verwijdert alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.
  [*:d54a97f194] Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces beëindigen en je de melding [b:d54a97f194]Finished[/b:d54a97f194] tonen, druk dan op eender welke toets om het scriptje te beëindigen en je bureaublad zullen tevoorschijn komen.
  [*:d54a97f194] Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam [b:d54a97f194]Report.txt[/b:d54a97f194].[/list:u:d54a97f194]


  Post dit logje in je volgende bericht.
 • dr cure it vond de volgende infecties:

  tdsspaxt.sys;c:\windows\system3\drivers;BackDoor.Tdss.29;Verwijderd.;
  userinit.exe;c:\windows\system32;Trojan.Packed.458;Verwijderd.;

  Mijn updates voor m-bam zijn geuploaded en m-bam is nu aan het scannen!!

  ik zal jou programma ook nog proberen, alvast bedankt,

  :) Ege (evdul)
 • Malwarebytes' Anti-Malware 1.34
  Database versie: 1775
  Windows 5.1.2600 Service Pack 3

  18-2-2009 21:17:55
  mbam-log-2009-02-18 (21-17-55).txt

  Scan type: Volledige Scan (C:\|)
  Objecten gescand: 177441
  Verstreken tijd: 35 minute(s), 44 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 14
  Registerwaarden geïnfecteerd: 2
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 2
  Bestanden geïnfecteerd: 39

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:
  HKEY_CLASSES_ROOT\TypeLib\{112b22d0-ea20-4781-b4dd-549570e256c7} (Trojan.Agent) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\Interface\{04bb6f9a-d47b-455b-821b-15f4b891e9e3} (Trojan.Agent) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\Interface\{275c44ae-e0b0-43c3-ba3e-babf082143e2} (Trojan.Agent) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\CLSID\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41} (Trojan.Agent) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41} (Trojan.Agent) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\CLSID\{da3d342f-ff20-4e31-9e82-22334155730c} (Trojan.Agent) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{da3d342f-ff20-4e31-9e82-22334155730c} (Trojan.Agent) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da3d342f-ff20-4e31-9e82-22334155730c} (Trojan.Agent) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\tbsb00982.tbsb00982toolbar (Adware.Trace) -> Quarantined and deleted successfully.

  Registerwaarden geïnfecteerd:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41} (Trojan.Agent) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41} (Trojan.Agent) -> Quarantined and deleted successfully.

  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:
  C:\Program Files\IEToolbar (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar (Trojan.Agent) -> Quarantined and deleted successfully.

  Bestanden geïnfecteerd:
  C:\WINDOWS\system32\TDSScfub.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\TDSSoeqh.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\ant.crc (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\AntPlugin.dll (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\arrow_refresh.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\basis.xml (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\bt_fd.gif (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\cancel.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\chart_bar.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\chart_line.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\computer_error.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\delete.gif (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\drive_disk.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\email.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\explore.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\help.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\icons.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\info.txt (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\logo.gif (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\logo.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\magnifier.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\monitor.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\player.gif (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\player.html (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\player.swf (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\s_fd.gif (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\tbhelper.dll (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\topbar_fd.gif (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\topbar_shadow.gif (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\version.txt (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\Program Files\IEToolbar\Ant.com Toolbar\wrench.png (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\TDSSosvn.dat (Malware.Trace) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.
 • [b:c686259782]SDFix: Version 1.240 [/b:c686259782]
  Run by Ege van Dullemen on wo 18-02-2009 at 21:32

  Microsoft Windows XP [versie 5.1.2600]
  Running From: C:\SDFix

  [b:c686259782]Checking Services [/b:c686259782]:


  Restoring Default Security Values
  Restoring Default Hosts File

  Rebooting


  [b:c686259782]Checking Files [/b:c686259782]:

  No Trojan Files Found


  Removing Temp Files

  [b:c686259782]ADS Check [/b:c686259782]:  [b:c686259782]Final Check [/b:c686259782]:

  catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2009-02-18 21:36:25
  Windows 5.1.2600 Service Pack 3 NTFS

  scanning hidden processes …

  scanning hidden services & system hive …

  scanning hidden registry entries …

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_DLLs"=""
  "DeviceNotSelectedTimeout"="15"
  "GDIProcessHandleQuota"=dword:00002710
  "Spooler"="yes"
  "swapdisk"=""
  "TransmissionRetryTimeout"="90"
  "USERProcessHandleQuota"=dword:00002710
  "LoadAppInit_DLLs"=dword:00000001

  scanning hidden files …

  scan completed successfully
  hidden processes: 0
  hidden services: 0
  hidden files: 0


  [b:c686259782]Remaining Services [/b:c686259782]:
  Authorized Application Key Export:

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
  "C:\\Program Files\\ALL GAMES FOLDER\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"="C:\\Program Files\\ALL GAMES FOLDER\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe:*:Enabled:biahh"
  "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
  "C:\\Documents and Settings\\Ege van Dullemen\\Mijn documenten\\My Games\\splinter cell\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Documents and Settings\\Ege van Dullemen\\Mijn documenten\\My Games\\splinter cell\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
  "C:\\Documents and Settings\\Ege van Dullemen\\Mijn documenten\\Downloads\\[PC] Tom Clancy's Splinter Cell Double Agent [RIP] [dopeman]\\TCSCDA\\TCSCDA\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Documents and Settings\\Ege van Dullemen\\Mijn documenten\\Downloads\\[PC] Tom Clancy's Splinter Cell Double Agent [RIP] [dopeman]\\TCSCDA\\TCSCDA\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
  "C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
  "C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"="C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
  "C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"="C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
  "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
  "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
  "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
  "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
  "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
  "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
  "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
  "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
  "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

  [b:c686259782]Remaining Files [/b:c686259782]:  [b:c686259782]Files with Hidden Attributes [/b:c686259782]:

  Sat 10 Jan 2009 4,348 A.SH. — "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
  Sat 10 Jan 2009 0 A.SH. — "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
  Tue 17 Feb 2009 6,375 …HR — "C:\Documents and Settings\Ege van Dullemen\Application Data\SecuROM\UserData\securom_v7_01.bak"

  [b:c686259782]Finished![/b:c686259782]
  Onwijs bedankt voor al je hulp, aandacht en oplossingen!!! :lol:
  Fijn dat er mensen zoals jij zijn die mensen zoals mij willen helpen

  bedankt voor alles!!!
 • Oke,,

  Het is echter nog niet afgerond.

  Zou je een nieuwe HijackThis log willen plaatsen samen met een nieuwe ComboFix log?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.