Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

PC valt af en toe stil

Anoniem
None
8 antwoorden
  • Sinds kort valt mijn PC af en toe even stil.
    Virusscan en Ad-aware hebben het nodige verwijderd, maar problemen zijn nog niet volledig weg.
    Kan iemand naar deze log kijken?
    Dank, Maarten

    [list:105341f575]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:26:59, on 13-2-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\cvpnd.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UTSCSI.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\tppaldr.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    F:\Downloads\Hijackthis\HiJackThis2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-1644491937-117609710-725345543-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User '?')
    O4 - HKUS\S-1-5-21-1644491937-117609710-725345543-1005\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - Trusted IP range: http://192.168.7.1
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.hema.nl/site/xupload/XUpload.ocx
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE


    End of file - 7773 bytes
    [/list:u:105341f575]


  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:c6b798013a]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [/b:c6b798013a]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Download Dial-a-fix-2006
    en pak beide bestanden in hun eigen map uit naar je Bureaublad.

    In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
    In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
    Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
    Sluit dit venster na afloop door onderaan op "Close" te klikken.



    Download [b:c6b798013a] en sla het op je bureaublad op.
    Dubbelklik op [b:c6b798013a]mbam-setup.exe[/b:c6b798013a] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:c6b798013a]
    [*:c6b798013a]Update MalwareBytes' Anti-Malware
    [*:c6b798013a]Start MalwareBytes' Anti-Malware
    [/list:u:c6b798013a]Klik daarna op "[b:c6b798013a]Voltooien[/b:c6b798013a]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:c6b798013a]
    [*:c6b798013a]Zodra het programma gestart is, ga dan naar het tabblad "[b:c6b798013a]Instellingen[/b:c6b798013a]".
    [*:c6b798013a]Vink hier aan: "[b:c6b798013a]Sluit Internet Explorer tijdens verwijdering van malware[/b:c6b798013a]".
    [*:c6b798013a]Ga daarna naar het tabblad "[b:c6b798013a]Scanner[/b:c6b798013a]", kies hier voor "[b:c6b798013a]Snelle Scan[/b:c6b798013a]".
    [*:c6b798013a]Druk vervolgens op "[b:c6b798013a]Scannen[/b:c6b798013a]" om de scan te starten.
    [*:c6b798013a]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:c6b798013a]Wanneer de scan voltooid is, klik op [b:c6b798013a]OK[/b:c6b798013a], daarna "[b:c6b798013a]Bekijk Resultaten[/b:c6b798013a]" om de resultaten te zien.
    [*:c6b798013a]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:c6b798013a]Verwijder geselecteerde[/b:c6b798013a]".
    [*:c6b798013a]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:c6b798013a]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:c6b798013a]Logs[/b:c6b798013a]" tab te klikken in het programma.

    Plaats dit logje.



    Download [b:c6b798013a] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:c6b798013a]
  • Alle gevraagde stappen met succes uit kunnen voeren.
    Ik krijg niet de volgende vragen als ik Combofix zijn werk laat doen.
    [quote:36e778e706]
    Klik op OK in het "NirCmd" venstertje.

    Klik na afloop terug op Ja om het scannen op malware te starten.

    [/quote:36e778e706]
    Bij mij start het programma vanzelf.

    De gevraagde logfiles.

    Malware
    [list:36e778e706]
    Malwarebytes' Anti-Malware 1.34
    Database version: 1761
    Windows 5.1.2600 Service Pack 3

    14-2-2009 10:58:46
    mbam-log-2009-02-14 (10-58-46).txt

    Scan type: Quick Scan
    Objects scanned: 94894
    Time elapsed: 3 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    [/list:u:36e778e706]

    Combofix
    [list:36e778e706]
    ComboFix 09-02-12.03 - buikhuisen 2009-02-14 11:00:46.6 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.264 [GMT 1:00]
    Running from: c:\documents and settings\buikhuisen\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\AdCache\

    .
    ((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
    .

    2009-02-14 10:27 . 2009-02-14 10:27 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-14 10:27 . 2009-02-14 10:27 <DIR> d——– c:\documents and settings\buikhuisen\Application Data\Malwarebytes
    2009-02-14 10:27 . 2009-02-14 10:27 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-14 10:27 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-14 10:27 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-13 10:23 . 2009-02-13 10:10 15,688 –a—— c:\windows\system32\lsdelete.exe
    2009-02-13 10:10 . 2009-02-13 10:10 64,160 –a—— c:\windows\system32\drivers\Lbd.sys
    2009-02-13 10:08 . 2009-02-13 10:08 <DIR> d–h-c— c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-02-11 18:55 . 2009-02-11 18:55 1,374 –a—— c:\windows\imsins.BAK
    2009-02-01 22:19 . 2009-02-01 22:19 <DIR> d——– c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-02-01 21:24 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
    2009-02-01 21:24 . 2008-10-16 14:06 208,744 –a—— c:\windows\system32\muweb.dll
    2009-02-01 21:24 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
    2009-02-01 14:45 . 2009-02-01 14:45 <DIR> d——– c:\program files\Microsoft Silverlight
    2009-01-19 13:47 . 2009-01-19 13:48 <DIR> d——– c:\documents and settings\buikhuisen\Application Data\vlc
    2009-01-14 22:23 . 2009-01-14 22:23 <DIR> d——– c:\documents and settings\Nikkie\Application Data\AdobeUM

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-13 15:20 ——— d—–w c:\documents and settings\buikhuisen\Application Data\dvdcss
    2009-02-13 09:04 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-02-06 20:03 ——— d—–w c:\documents and settings\Joyce-1\Application Data\Skype
    2009-02-01 14:04 ——— d—–w c:\documents and settings\buikhuisen\Application Data\PC Suite
    2009-01-04 14:14 ——— d—–w c:\documents and settings\Martine\Application Data\vlc
    2009-01-01 03:07 ——— d—–w c:\documents and settings\Joyce-1\Application Data\Azureus
    2008-12-31 14:48 ——— d—–w c:\documents and settings\Joyce-1\Application Data\LimeWire
    2008-12-31 14:12 ——— d—–w c:\documents and settings\Joyce-1\Application Data\Creative
    2008-12-31 14:04 ——— d—–w c:\program files\Azureus
    2008-12-31 11:27 ——— d—–w c:\program files\Casema
    2008-12-31 10:58 ——— d—–w c:\documents and settings\buikhuisen\Application Data\GrabIt
    2008-12-31 10:21 ——— d—–w c:\program files\GrabIt
    2008-12-30 20:50 ——— d—–w c:\documents and settings\Martine\Application Data\Skype
    2008-12-25 12:44 ——— d—–w c:\documents and settings\Joyce-1\Application Data\Apple Computer
    2008-12-23 11:27 ——— d—–w c:\program files\TechSmith
    2008-12-23 11:27 ——— d—–w c:\documents and settings\All Users\Application Data\TechSmith
    2008-12-22 14:47 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-22 14:47 ——— d—–w c:\program files\Creative
    2008-12-22 14:08 ——— d—–w c:\program files\Java
    2008-12-21 20:54 ——— d—–w c:\documents and settings\buikhuisen\Application Data\Skype
    2008-12-19 11:49 ——— d—–w c:\program files\Circle Developement
    2008-12-14 15:25 0 —ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2008-12-14 15:25 0 —ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2008-12-14 15:19 ——— d—–w c:\program files\Nokia
    2008-12-14 15:18 ——— d—–w c:\program files\Common Files\Nokia
    2008-12-14 15:17 ——— d—–w c:\documents and settings\All Users\Application Data\Installations
    2008-12-14 14:47 ——— d—–w c:\documents and settings\buikhuisen\Application Data\Nokia
    2008-12-11 16:49 21,808 -c–a-w c:\documents and settings\Martine\Application Data\GDIPFONTCACHEV1.DAT
    2006-09-20 20:18 17,920 -c–a-w c:\documents and settings\Joyce-1\Application Data\GDIPFONTCACHEV1.DAT
    2005-09-08 21:01 17,920 -c–a-w c:\documents and settings\buikhuisen\Application Data\GDIPFONTCACHEV1.DAT
    2004-10-28 14:41 17,920 -c–a-w c:\documents and settings\Nikkie\Application Data\GDIPFONTCACHEV1.DAT
    2004-09-28 18:12 17,920 -c–a-w c:\documents and settings\Joyce\Application Data\GDIPFONTCACHEV1.DAT
    2008-12-25 15:49 67,696 —-a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-25 15:49 54,376 —-a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-25 15:49 34,952 —-a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-25 15:49 46,720 —-a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-25 15:49 172,144 —-a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2008-08-27 06:57 16,384 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    2008-08-27 06:57 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    2008-08-27 06:57 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
    2008-08-27 06:57 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-13_16.48.57.42 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-02-14 10:05:52 16,384 —-atw c:\windows\temp\Perflib_Perfdata_1c4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
    "TPP Auto Loader"="c:\windows\tppaldr.exe" [2002-06-24 118784]
    "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-01-05 40960]
    "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
    "anvshell"="anvshell.exe" [2003-03-13 c:\windows\anvshell.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32
    arrator.exe]

    c:\documents and settings\Joyce-1\Start Menu\Programs\Startup\
    UvA - Informatiseringscentrum CISCO VPN Client.lnk - c:\program files\Cisco Systems\vpngui.exe [2007-04-18 1528880]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\
    su_ui_client.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\
    sl_host_process.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 IFP500;iRiver Internet Audio Player IFP-500;c:\windows\system32\drivers\ifp500.sys [2008-01-04 14531]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-13 64160]
    R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2003-05-01 232480]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
    R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2003-05-01 15968]
    R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2003-05-01 45216]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers
    mwcdnsu.sys [2008-08-23 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers
    mwcdnsuc.sys [2008-08-23 8320]
    S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-02-07 44928]
    S3 TPPFX;USB Storage Adapter FX (TPP);c:\windows\system32\drivers\TPPFX.SYS [2005-07-31 32256]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \Shell\AutoRun\command - J:\switch227.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c8aee92-3bdf-11dd-9c2f-00e018ffc033}]
    \Shell\AutoRun\command - J:\switch227.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-13 10:10]

    2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    DPF: DirectAnimation Java Classes
    DPF: Microsoft XML Parser for Java
    DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
    DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    FF - ProfilePath - c:\documents and settings\buikhuisen\Application Data\Mozilla\Firefox\Profiles\[u:36e778e706]0[/u:36e778e706]iknx3y2.Buikhuisen\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-14 11:06:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Cisco Systems\cvpnd.exe
    c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    c:\windows\system32
    vsvc32.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\windows\system32\UTSCSI.EXE
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-02-14 11:11:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-02-14 10:11:07
    ComboFix2.txt 2009-02-13 15:51:06
    ComboFix3.txt 2008-02-09 21:28:05

    Pre-Run: 2.028.691.456 bytes free
    Post-Run: 1,995,952,128 bytes free

    193 — E O F — 2009-02-11 18:02:02
    [/list:u:36e778e706]

    En een nieuwe hjt log

    [list:36e778e706]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:31:14, on 14-2-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\cvpnd.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UTSCSI.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\tppaldr.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    F:\Downloads\Hijackthis\HiJackThis2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - Trusted IP range: http://192.168.7.1
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.hema.nl/site/xupload/XUpload.ocx
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE


    End of file - 7524 bytes
    [/list:u:36e778e706]








  • Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.



    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • Alle stappen uitgevoerd.
    Het systeem deed geen reboot na de flash_Disinfector.exe. Heb handmatig een reboot gedaan.

    Het Combofix log

    [list:094702876e]
    ComboFix 09-02-14.01 - buikhuisen 2009-02-15 11:02:50.7 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.103 [GMT 1:00]
    Running from: c:\documents and settings\buikhuisen\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\buikhuisen\Desktop\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\AdCache\

    .
    ((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
    .

    2009-02-14 10:27 . 2009-02-14 10:27 <DIR> d——– c:\documents and settings\buikhuisen\Application Data\Malwarebytes
    2009-02-14 10:27 . 2009-02-14 10:27 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-13 10:23 . 2009-02-13 10:10 15,688 –a—— c:\windows\system32\lsdelete.exe
    2009-02-13 10:10 . 2009-02-13 10:10 64,160 –a—— c:\windows\system32\drivers\Lbd.sys
    2009-02-13 10:08 . 2009-02-13 10:08 <DIR> d–h-c— c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-02-11 18:55 . 2009-02-11 18:55 1,374 –a—— c:\windows\imsins.BAK
    2009-02-01 22:19 . 2009-02-01 22:19 <DIR> d——– c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-02-01 21:24 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
    2009-02-01 21:24 . 2008-10-16 14:06 208,744 –a—— c:\windows\system32\muweb.dll
    2009-02-01 21:24 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
    2009-02-01 14:45 . 2009-02-01 14:45 <DIR> d——– c:\program files\Microsoft Silverlight
    2009-01-19 13:47 . 2009-01-19 13:48 <DIR> d——– c:\documents and settings\buikhuisen\Application Data\vlc

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-13 15:20 ——— d—–w c:\documents and settings\buikhuisen\Application Data\dvdcss
    2009-02-13 09:04 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-02-06 20:03 ——— d—–w c:\documents and settings\Joyce-1\Application Data\Skype
    2009-02-01 14:04 ——— d—–w c:\documents and settings\buikhuisen\Application Data\PC Suite
    2009-01-14 21:23 ——— d—–w c:\documents and settings\Nikkie\Application Data\AdobeUM
    2009-01-04 14:14 ——— d—–w c:\documents and settings\Martine\Application Data\vlc
    2009-01-01 03:07 ——— d—–w c:\documents and settings\Joyce-1\Application Data\Azureus
    2008-12-31 14:48 ——— d—–w c:\documents and settings\Joyce-1\Application Data\LimeWire
    2008-12-31 14:12 ——— d—–w c:\documents and settings\Joyce-1\Application Data\Creative
    2008-12-31 14:04 ——— d—–w c:\program files\Azureus
    2008-12-31 11:27 ——— d—–w c:\program files\Casema
    2008-12-31 10:58 ——— d—–w c:\documents and settings\buikhuisen\Application Data\GrabIt
    2008-12-31 10:21 ——— d—–w c:\program files\GrabIt
    2008-12-30 20:50 ——— d—–w c:\documents and settings\Martine\Application Data\Skype
    2008-12-25 12:44 ——— d—–w c:\documents and settings\Joyce-1\Application Data\Apple Computer
    2008-12-23 11:27 ——— d—–w c:\program files\TechSmith
    2008-12-23 11:27 ——— d—–w c:\documents and settings\All Users\Application Data\TechSmith
    2008-12-22 14:47 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-22 14:47 ——— d—–w c:\program files\Creative
    2008-12-22 14:08 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-12-22 14:08 ——— d—–w c:\program files\Java
    2008-12-21 20:54 ——— d—–w c:\documents and settings\buikhuisen\Application Data\Skype
    2008-12-20 23:15 826,368 —-a-w c:\windows\system32\wininet.dll
    2008-12-19 11:49 ——— d—–w c:\program files\Circle Developement
    2008-12-11 16:49 21,808 -c–a-w c:\documents and settings\Martine\Application Data\GDIPFONTCACHEV1.DAT
    2006-09-20 20:18 17,920 -c–a-w c:\documents and settings\Joyce-1\Application Data\GDIPFONTCACHEV1.DAT
    2005-09-08 21:01 17,920 -c–a-w c:\documents and settings\buikhuisen\Application Data\GDIPFONTCACHEV1.DAT
    2004-10-28 14:41 17,920 -c–a-w c:\documents and settings\Nikkie\Application Data\GDIPFONTCACHEV1.DAT
    2004-09-28 18:12 17,920 -c–a-w c:\documents and settings\Joyce\Application Data\GDIPFONTCACHEV1.DAT
    2008-12-25 15:49 67,696 —-a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-25 15:49 54,376 —-a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-25 15:49 34,952 —-a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-25 15:49 46,720 —-a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-25 15:49 172,144 —-a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2008-08-27 06:57 16,384 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    2008-08-27 06:57 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    2008-08-27 06:57 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
    2008-08-27 06:57 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-13_16.48.57.42 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-02-15 09:56:44 16,384 —-atw c:\windows\temp\Perflib_Perfdata_320.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
    "TPP Auto Loader"="c:\windows\tppaldr.exe" [2002-06-24 118784]
    "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-01-05 40960]
    "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
    "anvshell"="anvshell.exe" [2003-03-13 c:\windows\anvshell.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32
    arrator.exe]

    c:\documents and settings\Joyce-1\Start Menu\Programs\Startup\
    UvA - Informatiseringscentrum CISCO VPN Client.lnk - c:\program files\Cisco Systems\vpngui.exe [2007-04-18 1528880]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\
    su_ui_client.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\
    sl_host_process.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 IFP500;iRiver Internet Audio Player IFP-500;c:\windows\system32\drivers\ifp500.sys [2008-01-04 14531]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-13 64160]
    R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2003-05-01 232480]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
    R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2003-05-01 15968]
    R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2003-05-01 45216]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers
    mwcdnsu.sys [2008-08-23 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers
    mwcdnsuc.sys [2008-08-23 8320]
    S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-02-07 44928]
    S3 TPPFX;USB Storage Adapter FX (TPP);c:\windows\system32\drivers\TPPFX.SYS [2005-07-31 32256]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-13 10:10]

    2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    DPF: DirectAnimation Java Classes
    DPF: Microsoft XML Parser for Java
    DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
    DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    FF - ProfilePath - c:\documents and settings\buikhuisen\Application Data\Mozilla\Firefox\Profiles\[u:094702876e]0[/u:094702876e]iknx3y2.Buikhuisen\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-15 11:06:13
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-02-15 11:08:46
    ComboFix-quarantined-files.txt 2009-02-15 10:08:42
    ComboFix2.txt 2009-02-14 10:11:17
    ComboFix3.txt 2009-02-13 15:51:06
    ComboFix4.txt 2008-02-09 21:28:05

    Pre-Run: 1.951.326.208 bytes free
    Post-Run: 1,916,727,296 bytes free

    166 — E O F — 2009-02-11 18:02:02
    [/list:u:094702876e]




  • En?
    Hoe staat het met de problemen?
  • Het systeem lijkt meer stabiel. :)
    Omdat de klacht niet voorspelbaar is wil ik het graag even aankijken.
    Als er weer problemen zijn meld ik me.
    Dank voor de moeite zover.
  • Graag gedaan,


    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:5c855d626f]ComboFix /U[/b:5c855d626f] typen en op enter drukken!!)


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.