Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Bij opstarten van elk progje de melding mist mscgvrnr.dll

Anoniem
None
14 antwoorden
  • Goedendag,

    Ik zit met een ernstig irritant probleem. Bij alles wat ik opstart qua programma's krijg ik een of meerdere meldingen dat het programma mscgvrnr.dll mist terwijl deze dll (volgens mij) helemaal niet bestaat.

    Dus als ik windows opstart moet ik eerst weetikveel hoeveel tientallen foutmeldingen wegklikken en dus het hele opstartproces bijwonen. Als ik daarna iets wil doen moet ik uiteraard een programma openen, dan een of twee of vaker die foutmelding wegklikken en dan kan ik doen wat ik wil. Alleen IE start ie zonder foutmelding.

    Ik heb al heel wat programmas laten draaien om het probleem te vinden (verschillende virusscanners, verschillende malwarescanners, verschillende regtools) maar niks schijnt het probleem te kunnen vinden.

    Dus jullie zijn mijn laatste hoop :) Ik ben benieuwd of iemand het probleem, en mogelijk de oplossing, kent. Ik zou je erg dankbaar zijn.

    mvg

    Duff

    PS. Als ik iets niet volgens de regels heb gedaan sorry hiervoor.
  • Ik vermoed dat het overblijfselen zijn van spyware, die al door een van die programma's verwijderd is. Heb je MBAM ook geprobeerd? Zoniet, doe dat dan eens, en plaats daarvan een log. Maak ook met hijackthis een log, en plaats die ook hier.

    (topic verplaatst naar b&p)
  • Bedankt voor de snelle reactie! Hier de files:

    Hijackthis:
    [quote:0b89437d76]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:20:05, on 4-6-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_Download_version\TrayServer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    End of file - 6555 bytes
    [/quote:0b89437d76]

    En MBAM

    [quote:0b89437d76]Malwarebytes' Anti-Malware 1.37
    Database versie: 2227
    Windows 5.1.2600 Service Pack 3

    4-6-2009 13:14:27
    mbam-log-2009-06-04 (13-14-24).txt

    Scan type: Snelle Scan
    Objecten gescand: 79820
    Verstreken tijd: 3 minute(s), 58 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 7
    Registerwaarden geïnfecteerd: 3
    Registerdata bestanden geïnfecteerd: 4
    Mappen geïnfecteerd: 5
    Bestanden geïnfecteerd: 138

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\Interface\{4b66e1df-4de3-4cda-83b5-11673eadab0b} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{b360243e-09e8-402f-8721-00b6798089ad} (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39fc2065-c9c7-49cd-8942-44cc2dedc844} (Trojan.BHO) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\WinPC Defender (Rogue.WinPCDefender) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\DRam prosessor (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> No action taken.

    Registerdata bestanden geïnfecteerd:
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1";) Good: (regedit.exe "%1";) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Mappen geïnfecteerd:
    C:\Program Files\RegTool (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\Application Data\RegTool (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\QuarantineW (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350 (Rogue.RegTool) -> No action taken.

    Bestanden geïnfecteerd:
    c:\documents and settings\Eigenaar\application data\RegTool\resultsw.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs\2009-03-26 12-00-000.log (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs\2009-03-26 13-37-480.log (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs\2009-03-27 12-00-000.log (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs\2009-03-27 12-00-020.log (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs\2009-03-28 12-00-000.log (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs\2009-03-28 12-00-480.log (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs\2009-03-29 12-00-000.log (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs\2009-03-29 22-32-150.log (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs\2009-03-30 12-00-000.log (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs\2009-03-30 23-06-560.log (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs\2009-03-31 12-00-000.log (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\Logs\2009-03-31 12-00-020.log (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\filelist.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-0.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-1.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-10.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-100.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-101.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-102.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-103.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-104.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-105.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-106.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-107.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-108.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-109.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-11.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-110.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-111.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-112.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-113.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-114.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-115.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-116.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-117.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-118.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-119.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-12.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-120.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-121.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-122.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-13.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-14.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-15.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-16.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-17.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-18.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-19.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-2.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-20.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-21.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-22.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-23.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-24.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-25.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-26.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-27.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-28.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-29.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-3.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-30.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-31.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-32.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-33.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-34.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-35.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-36.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-37.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-38.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-39.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-4.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-40.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-41.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-42.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-43.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-44.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-45.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-46.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-47.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-48.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-49.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-5.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-50.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-51.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-52.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-53.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-54.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-55.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-56.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-57.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-58.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-59.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-6.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-60.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-61.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-62.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-63.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-64.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-65.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-66.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-67.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-68.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-69.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-7.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-70.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-71.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-72.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-73.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-74.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-75.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-76.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-77.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-78.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-79.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-8.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-80.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-81.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-82.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-83.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-84.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-85.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-86.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-87.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-88.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-89.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-9.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-90.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-91.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-92.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-93.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-94.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-95.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-96.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-97.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-98.db (Rogue.RegTool) -> No action taken.
    c:\documents and settings\Eigenaar\application data\RegTool\quarantinew\2009-02-24 20-18-350\regb-99.db (Rogue.RegTool) -> No action taken.
    C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> No action taken.
    [/quote:0b89437d76]

    Deze was voor ik gezegd had alles te verwijderen. Na alles te hebben verwijderd is de computer opnieuw opgestart maar de foutmelding is er nog.

    mvg


  • Je kunt even wachten op een specialist.

    Ik zie wel overal "No action taken", er is dus alleen gescand, en niets verholpen.
  • Hoi Duff,

    Kan je even een nieuwe [i:fe82adaaef]snelle[/i:fe82adaaef] MBAM scan maken, maar deze maal
    selecteer je de items die MBAM gevonden heeft en kies je voor [i:fe82adaaef]Verwijderen[/i:fe82adaaef].

    Post na deze scan ook een nieuwe HJT log.

    Emphyrio :)
  • Welkom P

    :D
  • Hey,

    Bedankt voor de reacties alvast :) Ik heb het misschien niet duidelijk gemeld maar onderaan mijn post heb ik gezegd dat dit idd de log was van vóórdat ik alles verwijderd heb, dat was misschien niet slim. Ik zal even alles opnieuw doen.

    EDIT:

    Hier zijn ze:

    [quote:96a02dd756]Malwarebytes' Anti-Malware 1.37
    Database versie: 2227
    Windows 5.1.2600 Service Pack 3

    4-6-2009 22:25:43
    mbam-log-2009-06-04 (22-25-43).txt

    Scan type: Snelle Scan
    Objecten gescand: 80099
    Verstreken tijd: 4 minute(s), 7 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)[/quote:96a02dd756]

    En HJT:

    [quote:96a02dd756]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:26:55, on 4-6-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_Download_version\TrayServer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    End of file - 6566 bytes
    [/quote:96a02dd756]


  • Hoi Duff,

    1. Schakel tijdelijk [b:cf41f00ef6]Windows Defender [/b:cf41f00ef6]uit
    Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
    * Open [i:cf41f00ef6]Windows Defender [/i:cf41f00ef6]> Klik [i:cf41f00ef6]Tools[/i:cf41f00ef6]
    * Klik "General Settings" of [i:cf41f00ef6]Options[/i:cf41f00ef6]
    * Scroll naar "Real Time Protection Options"
    * Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
    * Sluit [i:cf41f00ef6]Windows Defender [/i:cf41f00ef6]
    (als de problemen over zijn en je logje schoon is verklaard, kan je hem weer aanzetten)

    2. Start Hijackthis op.Selecteer “Do a system scan only”.
    Selecteer alleen de items die hieronder zijn genoemd:
    [size=10:cf41f00ef6][i:cf41f00ef6][b:cf41f00ef6]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
    [/b:cf41f00ef6][/i:cf41f00ef6][/size:cf41f00ef6]
    Sluit alle vensters behalve HijackThis (HJT) en klik op [b:cf41f00ef6]Fix checked[/b:cf41f00ef6].
    Indien er een vraag komt over backups antwoord je hierop met 'Ja'.
    Sluit HJT.

    3.Download en installeer [u:cf41f00ef6]Starter[/u:cf41f00ef6]
    Start [b:cf41f00ef6]Codestuff Starter[/b:cf41f00ef6] en in de tekstbalk kies je voor [b:cf41f00ef6]Automatisch Opstarten[/b:cf41f00ef6] en mag je volgende items uitvinken:
    [size=10:cf41f00ef6][i:cf41f00ef6][b:cf41f00ef6]
    [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    [Persistence] C:\WINDOWS\system32\igfxpers.exe
    [Alcmtr] ALCMTR.EXE
    [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    SoundMan] SOUNDMAN.EXE
    [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    [nwiz] nwiz.exe /install
    [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    [TrayServer] C:\Program
    [/b:cf41f00ef6][/i:cf41f00ef6][/size:cf41f00ef6]Items die je later terug automatisch wil laten opstarten mag je dan terug aanvinken.

    4. Download of Update [u:cf41f00ef6]Ccleaner[/u:cf41f00ef6].
    * Start [b:cf41f00ef6]CCleaner[/b:cf41f00ef6] op.
    * Run [b:cf41f00ef6]Ccleaner[/b:cf41f00ef6] en klik in de linkse kolom op [i:cf41f00ef6]Opties[/i:cf41f00ef6]
    * Selecteer het tabblad [i:cf41f00ef6]Geavanceerd[/i:cf41f00ef6] en haal het vinkje weg voor [i:cf41f00ef6]Verwijder alleen tijdelijke bestanden…[/i:cf41f00ef6]
    * Klik in de linkse kolom op [i:cf41f00ef6]Cleaner[/i:cf41f00ef6].
    * Klik dan achtereenvolgens op [i:cf41f00ef6]Analyseer[/i:cf41f00ef6] en [i:cf41f00ef6]Opschonen[/i:cf41f00ef6].
    * Klik vervolgens in de linkse kolom op [i:cf41f00ef6]Register[/i:cf41f00ef6]
    * Klik op [i:cf41f00ef6]Scan naar problemen[/i:cf41f00ef6]. Als er fouten gevonden worden klik je op [i:cf41f00ef6]Herstel geselecteerde problemen[/i:cf41f00ef6] en [i:cf41f00ef6]OK[/i:cf41f00ef6]

    5. En dit is wel het belangrijkste : Installeer een AntiVirus Tool en firewall.

    Het niet hebben van een AV tool en/of Firewall is echt vragen om moeilijkheden en tevens de (mede)oorzaak van je besmetting.

    Antivirus Tool : [u:cf41f00ef6]AntiVir PE[/u:cf41f00ef6].
    Firewalls : [u:cf41f00ef6]PC Tools Firewall Plus[/u:cf41f00ef6] of [u:cf41f00ef6]Online Armor Free[/u:cf41f00ef6]

    Nadat je dit gedaan hebt post even een nieuwe HJT log en vertel me even hoe het met je probleem gesteld is.

    Emphyrio :)
  • Hartstikke bedankt. Ik ben nu niet thuis, maar zal alles meteen doen als ik dat wel ben. Ccleaner had ik al dus dat is makkelijk.

    Wat betreft die virusscan, die had ik wel en ik weet eerlijk gezegd niet hoe die eraf is gegaan. Misschien omdat ie niet kan opstarten door die foutmelding. Er zijn wel meer programmas die ik helemaal niet kan opstarten door die foutmelding. Maar als het goed is heb ik nog een betaalde versie van panda liggen die ik er nog op wilde doen dus dat komt ook goed.

    Mvg
  • Hoi Duff,

    Vooralleer je enig firewall en/of AntiVirus tool installeert, eerst [i:0136883acc]de procedures[/i:0136883acc] uitvoeren. :wink:

    Het is steeds immers aan te raden dit te doen op een [i:0136883acc]cleane[/i:0136883acc] PC.

    Ik hoor wel van je.

    Succes,

    Emphyrio :)
  • Ok, was vandaag eindelijk weer thuis en heb alles gedaan wat je hebt gezegd. De foutmelding is er nog steeds alleen minder bij het opstarten, uiteraard omdat ik die programmas heb uitgezet. Die firewall zorgt voor een hoop extra foutmeldingen maar dat is niet anders..

    Hier mn HJT log:

    [quote:bf85fbc91e]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:53:43, on 8-6-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe


    End of file - 7016 bytes
    [/quote:bf85fbc91e]


  • Hoi Duff,

    Bij deze procedure zet je best je Firewall tijdelijk uit en open je géén andere vensters.
    Laat Combofix (CF) dus rustig zijn gang gaan.

    Download combofix.exe.

    ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
    Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
    Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
    Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
    Blijf je die melding krijgen dan meld je dit.
    Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).

    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Emphyrio :)
  • YES! Volgens mij heeft het gewerkt! Ik heb zonder te overdrijven twintig minuten lang ononderbroken, aan een stuk door honderden misschien wel duizenden van de eerdergenoemde foutmeldingen moeten wegklikken, maar bij het opnieuw opstarten door combofix kreeg ik er geen een! Zelfs msn startte weer op, ik kan dit programma al maanden niet meer gebruiken omdat die foutmelding het niet liet opstarten :D

    Internet is wel trager dan ooit, ik denk door die virusscanner en fw, dus die vervang ik binnenkort wel.

    Hier de gevraagde logjes:

    [quote:d497901f81]ComboFix 09-06-07.05 - Eigenaar 08-06-2009 12:23.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.593 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\_004119_.tmp.dll
    c:\windows\system32\_004120_.tmp.dll
    c:\windows\system32\_004121_.tmp.dll
    c:\windows\system32\_004122_.tmp.dll
    c:\windows\system32\_004129_.tmp.dll
    c:\windows\system32\_004130_.tmp.dll
    c:\windows\system32\_004131_.tmp.dll
    c:\windows\system32\_004132_.tmp.dll
    c:\windows\system32\_004134_.tmp.dll
    c:\windows\system32\_004135_.tmp.dll
    c:\windows\system32\_004138_.tmp.dll
    c:\windows\system32\_004139_.tmp.dll
    c:\windows\system32\_004141_.tmp.dll
    c:\windows\system32\_004142_.tmp.dll
    c:\windows\system32\_004143_.tmp.dll
    c:\windows\system32\_004145_.tmp.dll
    c:\windows\system32\_004148_.tmp.dll
    c:\windows\system32\_004149_.tmp.dll
    c:\windows\system32\_004153_.tmp.dll
    c:\windows\system32\_004154_.tmp.dll
    c:\windows\system32\_004156_.tmp.dll
    c:\windows\system32\_004159_.tmp.dll
    c:\windows\system32\_004161_.tmp.dll
    c:\windows\system32\_004162_.tmp.dll
    c:\windows\system32\_004163_.tmp.dll
    c:\windows\system32\_004164_.tmp.dll
    c:\windows\system32\_004165_.tmp.dll
    c:\windows\system32\_004168_.tmp.dll
    c:\windows\system32\_004169_.tmp.dll
    c:\windows\system32\_004170_.tmp.dll
    c:\windows\system32\_004171_.tmp.dll
    c:\windows\system32\_004172_.tmp.dll
    c:\windows\system32\_004177_.tmp.dll
    c:\windows\system32\_004179_.tmp.dll
    D:\Autorun.inf

    —– BITS: Mogelijk geïnfecteerde sites —–

    hxxp://speedytorrents.net
    Besmet exemplaar van c:\windows\system32\imm32.dll werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\imm32.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-05-08 to 2009-06-08 ))))))))))))))))))))))))))))))
    .

    2009-06-07 22:43 . 2009-06-07 22:44 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\PCToolsFirewallPlus
    2009-06-07 22:38 . 2008-09-22 10:29 97408 —-a-w- c:\windows\system32\drivers\pctfw.sys
    2009-06-07 22:36 . 2008-12-10 09:36 64392 —-a-w- c:\windows\system32\drivers\pctplsg.sys
    2009-06-07 22:36 . 2009-06-08 10:32 ——– d—–w- c:\program files\Spyware Doctor
    2009-06-07 22:36 . 2009-06-07 22:36 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\PC Tools
    2009-06-07 22:36 . 2009-06-07 22:36 ——– d—–w- c:\documents and settings\All Users\Application Data\PC Tools
    2009-06-07 22:33 . 2009-06-07 22:33 ——– d–h–r- c:\documents and settings\Eigenaar\Onlangs geopend
    2009-06-07 22:27 . 2009-06-07 22:27 ——– d—–w- c:\program files\CodeStuff
    2009-06-04 11:19 . 2009-06-04 11:19 ——– d—–w- c:\program files\Trend Micro
    2009-06-04 10:59 . 2009-06-04 10:59 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes
    2009-06-04 10:52 . 2009-05-26 11:20 40160 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-04 10:52 . 2009-06-04 10:52 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-04 10:52 . 2009-06-04 10:59 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-04 10:52 . 2009-05-26 11:19 19096 —-a-w- c:\windows\system32\drivers\mbam.sys
    2009-05-17 11:17 . 2009-05-17 11:17 ——– d—–w- c:\program files\PFPortChecker

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-08 10:45 . 2007-05-30 12:18 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\OpenOffice.org2
    2009-06-08 10:45 . 2009-02-24 18:08 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-06-07 22:46 . 2009-03-26 07:24 ——– d—–w- c:\program files\Registry Easy
    2009-06-07 22:44 . 2009-06-07 22:38 ——– d—–w- c:\program files\PC Tools Firewall Plus
    2009-06-07 22:38 . 2009-06-07 22:36 ——– d—–w- c:\program files\Common Files\PC Tools
    2009-06-07 22:37 . 2009-06-07 22:37 ——– d—–w- c:\program files\Avira
    2009-06-07 22:37 . 2009-06-07 22:37 ——– d—–w- c:\documents and settings\All Users\Application Data\Avira
    2009-06-07 22:32 . 2008-10-28 12:47 ——– d—–w- c:\program files\CCleaner
    2009-05-15 17:38 . 2008-12-01 16:58 137928 —-a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-05-15 17:38 . 2008-12-01 16:58 75064 —-a-w- c:\windows\system32\PnkBstrA.exe
    2009-05-15 17:38 . 2008-12-01 16:58 189768 —-a-w- c:\windows\system32\PnkBstrB.exe
    2009-05-13 21:01 . 2004-08-04 12:00 76582 —-a-w- c:\windows\system32\perfc013.dat
    2009-05-13 21:01 . 2004-08-04 12:00 455614 —-a-w- c:\windows\system32\perfh013.dat
    2009-05-07 10:34 . 2009-05-07 10:27 ——– d—–w- c:\documents and settings\All Users\Application Data\Hitman Pro 3
    2009-05-07 10:34 . 2009-05-07 10:27 ——– d—–w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2009-05-07 10:27 . 2009-05-07 10:27 ——– d—–w- c:\program files\Hitman Pro 3
    2009-05-07 10:25 . 2009-05-07 10:23 ——– d—–w- c:\program files\Hitman Pro
    2009-05-07 10:19 . 2009-02-24 18:27 ——– d—–w- c:\program files\Lavasoft
    2009-05-07 10:19 . 2009-02-24 18:27 ——– d—–w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-05-07 10:16 . 2009-05-07 10:09 ——– d—–w- c:\program files\Enigma Software Group
    2009-04-29 21:30 . 2009-04-29 21:20 ——– d—–w- c:\program files\Common Files\Blizzard Entertainment
    2009-04-29 21:25 . 2009-04-29 21:25 ——– d—–w- c:\documents and settings\All Users\Application Data\Blizzard
    2009-04-23 14:34 . 2009-04-23 14:34 ——– d—–w- c:\program files\Google
    2009-04-19 14:14 . 2007-05-30 10:51 98304 —-a-w- c:\windows\DUMP5818.tmp
    2009-04-11 17:29 . 2009-04-10 21:10 441408 —-a-w- c:\documents and settings\Eigenaar\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
    2009-04-11 17:29 . 2009-04-10 21:10 334912 —-a-w- c:\documents and settings\Eigenaar\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
    2009-04-11 17:29 . 2009-04-10 21:10 171072 —-a-w- c:\documents and settings\Eigenaar\Application Data\id Software\quakelive\home\baseq3\uix86.dll
    2009-04-11 17:10 . 2009-04-10 21:10 874660 —-a-w- c:\documents and settings\Eigenaar\Application Data\id Software\quakelive\home\pb\pbcl.dll
    2009-04-11 17:10 . 2009-04-10 21:10 57344 —-a-w- c:\documents and settings\Eigenaar\Application Data\id Software\quakelive\home\pb\pbag.dll
    2009-04-11 17:10 . 2009-04-10 21:10 479232 —-a-w- c:\documents and settings\Eigenaar\Application Data\id Software\quakelive\home\pb\pbsv.dll
    2009-04-11 17:10 . 2009-04-10 21:10 2669632 —-a-w- c:\documents and settings\Eigenaar\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
    2009-04-10 21:10 . 2009-04-10 21:10 874660 —-a-w- c:\documents and settings\Eigenaar\Application Data\id Software\quakelive\home\pb\pbcls.dll
    2009-04-10 21:10 . 2009-04-10 21:10 57344 —-a-w- c:\documents and settings\Eigenaar\Application Data\id Software\quakelive\home\pb\pbags.dll
    2009-04-10 11:33 . 2009-04-10 11:33 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\id Software
    2009-04-10 11:32 . 2009-04-10 11:32 22328 —-a-w- c:\documents and settings\Eigenaar\Application Data\PnkBstrK.sys
    2009-04-10 11:32 . 2009-04-10 11:32 22328 —-a-w- c:\documents and settings\Eigenaar\Application Data\PnkBstrK.sys
    2009-04-10 11:31 . 2009-04-10 11:31 2246144 —-a-w- c:\windows\system32\pbsvc.exe
    2009-04-10 11:31 . 2009-04-10 11:31 ——– d—–w- c:\documents and settings\All Users\Application Data\id Software
    2009-04-03 09:18 . 2009-06-07 22:36 130936 —-a-w- c:\windows\system32\drivers\PCTCore.sys
    2009-03-30 08:33 . 2009-06-07 22:37 96104 —-a-w- c:\windows\system32\drivers\avipbb.sys
    2009-03-27 11:27 . 2009-03-27 11:27 0 —-a-w- C:\LOGB.tmp
    2009-03-24 14:08 . 2009-06-07 22:37 55640 —-a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-03-22 16:16 . 2008-10-18 16:27 31552 —-a-w- c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    .

    ——- Sigcheck ——-

    [-] 2005-03-02 18:21 578560 0B62745CE93E8C6F56547F70269DBABC c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    [-] 2007-03-08 15:51 579584 FA35431E333943F4B2A6D33FA4EE3CE9 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    [-] 2007-03-08 15:39 579072 CB18F701A5D55A6308FAB8D18322C060 c:\windows\$NtServicePackUninstall$\user32.dll
    [7] 2008-04-14 17:02 580096 4CF588D2F2363B73EB4AF57967D46DFF c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2007-03-08 15:39 579072 CB18F701A5D55A6308FAB8D18322C060 c:\windows\system32\user32.dll

    [-] 2007-05-30 10:43 504832 459612338A74DD083969D5C5E8BDAA4D c:\windows\$NtServicePackUninstall$\winlogon.exe
    [7] 2008-04-14 17:03 510464 1247D4D5444E28519BBE31BE8AB4C029 c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2007-05-30 10:43 504832 459612338A74DD083969D5C5E8BDAA4D c:\windows\system32\winlogon.exe

    [-] 2007-06-13 13:24 1036800 147E95A42A58CE99E403F7F57656BBEB c:\windows\explorer.exe
    [-] 2007-06-13 13:12 1036800 1D6245AFBD3FAABC16A885116BE1874D c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 13:24 1036800 147E95A42A58CE99E403F7F57656BBEB c:\windows\$NtServicePackUninstall$\explorer.exe
    [7] 2008-04-14 17:02 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\ServicePackFiles\i386\explorer.exe

    [-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
    [7] 2008-04-14 17:03 57856 DB454135DE1A09FE7FEDA7B554B5CCA2 c:\windows\ServicePackFiles\i386\spoolsv.exe
    [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-23 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
    "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\
    OpenOffice.org 2.2 .lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)
    "NoThumbnailCache"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u:d497901f81]0[/u:d497901f81]bootdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001
    "AntiVirusDisableNotify"="0"
    "UpdatesDisableNotify"="0"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8-6-2009 0:36 130936]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8-6-2009 0:37 159600]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8-6-2009 0:37 108289]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [8-6-2009 0:36 73840]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8-6-2009 0:36 348752]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 20:19 13592]
    R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [8-6-2009 0:38 95640]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys –> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [22-3-2009 15:55 1527900]
    S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys –> c:\windows\system32\drivers\hitmanpro3.sys [?]
    S3 LUDrv32;LUDrv32; [x]
    S3 pohci13F;pohci13F; [x]

    — Andere Services/Drivers In Geheugen —

    *Deregistered* - mchInjDrv
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-06-08 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

    2009-06-04 c:\windows\Tasks\Schedule Task Weekly.job
    - c:\program files\Registry Easy\RE.exe [2009-03-26 16:33]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    SafeBoot-procexp90.Sys


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uInternet Settings,ProxyOverride = *.local
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-08 12:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'explorer.exe'(3584)
    c:\program files\Spyware Doctor\pctgmhk.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\PC Tools Firewall Plus\FWService.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Spyware Doctor\pctsSvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\OpenOffice.org 2.2\program\soffice.exe
    c:\program files\OpenOffice.org 2.2\program\soffice.bin
    c:\windows\system32\msiexec.exe
    c:\program files\Java\jre6\bin\jucheck.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-06-08 12:50 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-06-08 10:50

    Pre-Run: 38.263.271.424 bytes beschikbaar
    Post-Run: 38.315.401.216 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    259 — E O F — 2009-06-05 06:23
    [/quote:d497901f81]


    [quote:d497901f81]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:55:19, on 8-6-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe


    End of file - 6912 bytes
    [/quote:d497901f81]


    Heb ik toch nog een vraag, waarom liet je me niet meteen dat programma gebruiken. Deze vraag is niet omdat ik zo ongeduldig ben maar wat is er met dat programma waarom dat wel werkt en de rest niet? Kan ik dat programma vaker gebruiken? En wat was de foutmelding precies? Weet je dat?

    In ieder geval hartstikke bedankt voor je hulp! Ik hoop dat dit de oplossing is en dat de melding wegblijft.

    Met HELE vriendelijke groet,

    Duff


  • Hoi Duff,

    [quote:5833dae715="Duff"]
    Heb ik toch nog een vraag, waarom liet je me niet meteen dat programma gebruiken….
    Kan ik dat programma vaker gebruiken? En wat was de foutmelding precies? Weet je dat?
    [/quote:5833dae715]

    ComboFix moet met de grootste voorzichtigheid gebruikt worden.
    [b:5833dae715]Enkel op advies van HJT Analysten wordt dit tool van sUBs gebruikt[/b:5833dae715].
    Het wordt totaal afgeraden dit te gebruiken voor eigen gebruik. Dit op aandringen van [i:5833dae715]sUBs[/i:5833dae715] (de maker).

    De reden waarom ik het nu pas inzet, is te vergelijken met dat je niet direct [i:5833dae715]een mug doodschiet met een kanon[/i:5833dae715].
    Jouw foutmelding zijn naar alle waarschijnlijkheid het gevolg van "verkeerde programma's" te hebben gedownload en
    het niet op correcte wijze daarna verwijderdt.

    We zijn er bijna, nog even volgende uitvoeren:

    Open een kladblokbestand.
    Kopieer het ondestaande vetgedrukte, en plak dit in het kladblokbestand.
    Sla het kladblokbestand op als [i:5833dae715]CFScript.txt[/i:5833dae715]
    [b:5833dae715]
    Driver::
    LUDrv32
    pohci13F
    [/b:5833dae715]
    Sleep nu het bestand [i:5833dae715]CFScript.txt [/i:5833dae715]in het bestand [i:5833dae715]ComboFix.exe [/i:5833dae715]
    [img:5833dae715]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:5833dae715]
    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van de logfile.
    Maak een nieuwe hijackthislog en post deze ook.

    Emphyrio :)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.