Vraag & Antwoord

Beveiliging & privacy

Erg trage XP machine

Anoniem
None
9 antwoorden
 • Beste HijackThis deskundigen.
  Het is weer zo ver, ik ben weer met een pc bezig van een vriend die erg traag is. Hoewel ik er al een aantal Gb's aan onnodige zaken verwijdert en Malware Bytes 41 besmettingen heeft vewijdert is er nog niet erg veel verandert. Ik heb dan ook het idee dat er verder nog iets mis is vandaar dat ik een logje plaats. Wil iemand hier eens naar kijken? b.v.d.

  Logfile of Trend Micro HijackThis v2.0.4
  Scan saved at 17:02:24, on 29-10-2010
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v8.00 (8.00.6001.18702)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\AVG\AVG9\avgchsvx.exe
  C:\Program Files\AVG\AVG9\avgrsx.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\AVG\AVG9\avgcsrvx.exe
  C:\WINDOWS\system32\PackethSvc.exe
  C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  C:\Program Files\AVG\AVG9\avgwdsvc.exe
  C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Java\jre6\bin\jqs.exe
  C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\SPAMfighter\sfus.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\AVG\AVG9\avgemc.exe
  C:\Program Files\AVG\AVG9\avgnsx.exe
  C:\Program Files\AVG\AVG9\avgcsrvx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\RunDll32.exe
  C:\WINDOWS\CNYHKey.exe
  C:\Program Files\SPAMfighter\SFAgent.exe
  C:\PROGRA~1\AVG\AVG9\avgtray.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Common Files\Java\Java Update\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\msiexec.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\Totalcmd\TOTALCMD.EXE
  K:\Tools\HijackThis 2.0.4.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
  O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
  O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
  O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.freeler.nl/
  O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
  O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
  O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
  O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
  O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
  O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
  O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
  O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
  O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Leen\LOCALS~1\Temp\hpdj.exe (file missing)
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


  End of file - 8876 bytes
 • Hoi Gerard, jammer dat je het MBAM-log niet meegepost hebt.

  Wil je dat alsnog doen (in MBAM tab Logbestanden).
 • Abraham,
  Fijn dat je zo snel reageert.
  Hierbij het logje.

  Malwarebytes' Anti-Malware 1.46
  www.malwarebytes.org

  Databaseversie: 4979

  Windows 5.1.2600 Service Pack 3
  Internet Explorer 8.0.6001.18702

  28-10-2010 23:10:51
  mbam-log-2010-10-28 (23-10-51).txt

  Scantype: Snelle scan
  Objecten gescand: 177376
  Verstreken tijd: 9 minuut/minuten, 15 seconde(n)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 1
  Registerwaarden geïnfecteerd: 0
  Registerdata geïnfecteerd: 0
  Mappen geïnfecteerd: 16
  Bestanden geïnfecteerd: 24

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Registersleutels geïnfecteerd:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully.

  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Registerdata geïnfecteerd:
  (Geen kwaadaardige objecten gedetecteerd)

  Mappen geïnfecteerd:
  C:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Center\Icons (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\DesktopIcons (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\20061023221049 (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\20061023221049\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\20061023221049\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\20061023221049\medias (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20050810230856 (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20050810230856\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20050810230856\img (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20060104220135 (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20060104220135\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20060104220135\img (Adware.EGDAccess) -> Quarantined and deleted successfully.

  Bestanden geïnfecteerd:
  C:\Program Files\Instant Access\Center\Crazy Girls.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Center\NoCreditCard.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\DesktopIcons\Crazy Girls.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\20061023221049\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\20061023221049\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\20061023221049\js\js_api_dialer.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\20061023221049\medias\4250_dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\20061023221049\medias\button1.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\20061023221049\medias\button2.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\20061023221049\medias\button3.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\20061023221049\medias\button4.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20050810230856\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20050810230856\Common\show_module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20050810230856\Common\show_module.php_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20050810230856\img\button1.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20050810230856\img\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20060104220135\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20060104220135\Common\show_module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20060104220135\Common\show_module.php_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20060104220135\img\button1.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\Program Files\Instant Access\Multi\Exe\20060104220135\img\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\WINDOWS\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
  C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.
 • Hoi Gerard, het lijkt mij het beste dat je het volgende gaat doen:

  download ComboFix van één van deze locaties:

  [b:ee3dc42f5e]Bleepingcomputer[/b:ee3dc42f5e]

  [b:ee3dc42f5e]ForoSpyware[/b:ee3dc42f5e]


 • Abraham,
  Misschien is het in het geheel niet terzake doende maar ik wil toch even meldingf maken van het volgende. Toen Combofix (bijna) klaar was kwam de volgende melding in beeld: Lograpport wordt voorbereid. Start geen andere programma's tot Combofix klaar is.
  In een ander schermpje wordt dan nog het volgende toegevoegd: Er bevindt zich geen schijf in het station. Plaats een geschikt medium.
  Dit is geheel nieuw voor mij. Maar hier de log. Ik hoop dat je er brood van kunt bakken…

  ComboFix 10-10-28.09 - Leen 29-10-2010 19:00:59.1.2 - x86
  Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.63 [GMT 2:00]
  Gestart vanuit: c:\documents and settings\Leen\Bureaublad\ComboFix.exe
  AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  c:\documents and settings\Leen\Cookies\hpothb07.dat
  c:\program files\Internet Explorer\OLD80.tmp
  c:\windows\system\hpscnmgr.dll
  c:\windows\system\hpsjrreg.exe
  c:\windows\system32\Bank.dll
  c:\windows\system32\Thumbs.db

  .
  ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  ——-\Service_NPF


  (((((((((((((((((((( Bestanden Gemaakt van 2010-09-28 to 2010-10-29 ))))))))))))))))))))))))))))))
  .

  2010-10-29 16:03 . 2010-09-07 14:52 165584 —-a-w- c:\windows\system32\drivers\aswSP.sys
  2010-10-29 16:03 . 2010-09-07 14:47 17744 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
  2010-10-29 16:03 . 2010-09-07 14:47 23376 —-a-w- c:\windows\system32\drivers\aswRdr.sys
  2010-10-29 16:03 . 2010-09-07 14:52 46672 —-a-w- c:\windows\system32\drivers\aswTdi.sys
  2010-10-29 16:03 . 2010-09-07 14:47 100176 —-a-w- c:\windows\system32\drivers\aswmon2.sys
  2010-10-29 16:03 . 2010-09-07 14:47 94544 —-a-w- c:\windows\system32\drivers\aswmon.sys
  2010-10-29 16:03 . 2010-09-07 14:46 28880 —-a-w- c:\windows\system32\drivers\aavmker4.sys
  2010-10-29 16:02 . 2010-09-07 15:12 38848 —-a-w- c:\windows\avastSS.scr
  2010-10-29 16:02 . 2010-09-07 15:11 167592 —-a-w- c:\windows\system32\aswBoot.exe
  2010-10-29 16:02 . 2010-10-29 16:02 ——– d—–w- c:\program files\Alwil Software
  2010-10-29 16:02 . 2010-10-29 16:02 ——– d—–w- c:\documents and settings\All Users\Application Data\Alwil Software
  2010-10-28 21:13 . 2010-10-29 15:32 ——– d–h–r- c:\documents and settings\Leen\Onlangs geopend
  2010-10-28 20:59 . 2010-10-28 20:59 ——– d—–w- c:\documents and settings\Leen\Application Data\Malwarebytes
  2010-10-28 20:58 . 2010-04-29 13:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  2010-10-28 20:58 . 2010-10-28 20:58 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
  2010-10-28 20:58 . 2010-04-29 13:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
  2010-10-28 18:18 . 2009-05-26 12:35 583552 —-a-w- c:\windows\system32\drivers\RTL8192su.sys
  2010-10-14 09:44 . 2010-09-18 06:53 974848 -c—-w- c:\windows\system32\dllcache\mfc42.dll
  2010-10-14 09:44 . 2010-09-18 06:53 953856 -c—-w- c:\windows\system32\dllcache\mfc40u.dll
  2010-10-14 09:44 . 2010-08-23 16:13 617472 -c—-w- c:\windows\system32\dllcache\comctl32.dll

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2010-10-28 20:49 . 2004-10-06 00:26 17408 —-a-w- c:\windows\system32\drivers\USBCRFT.SYS
  2010-10-28 19:22 . 2007-04-25 11:12 73728 —-a-w- c:\windows\system32\javacpl.cpl
  2010-10-28 19:22 . 2010-05-03 15:54 472808 —-a-w- c:\windows\system32\deployJava1.dll
  2010-09-18 10:23 . 2004-10-06 06:21 974848 —-a-w- c:\windows\system32\mfc42u.dll
  2010-09-18 06:53 . 2004-10-06 06:21 974848 —-a-w- c:\windows\system32\mfc42.dll
  2010-09-18 06:53 . 2004-10-06 06:21 954368 ——w- c:\windows\system32\mfc40.dll
  2010-09-18 06:53 . 2004-10-06 06:21 953856 —-a-w- c:\windows\system32\mfc40u.dll
  2010-09-10 05:52 . 2004-10-06 06:22 916480 —-a-w- c:\windows\system32\wininet.dll
  2010-09-10 05:52 . 2004-10-06 06:21 43520 —-a-w- c:\windows\system32\licmgr10.dll
  2010-09-10 05:52 . 2004-10-06 06:21 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
  2010-09-01 11:52 . 2004-10-06 06:21 285824 —-a-w- c:\windows\system32\atmfd.dll
  2010-09-01 07:57 . 2004-10-06 06:22 1852928 —-a-w- c:\windows\system32\win32k.sys
  2010-08-27 08:03 . 2004-10-06 06:22 119808 —-a-w- c:\windows\system32\t2embed.dll
  2010-08-27 05:55 . 2004-10-06 06:22 99840 —-a-w- c:\windows\system32\srvsvc.dll
  2010-08-27 01:43 . 2008-05-05 05:25 5632 —-a-w- c:\windows\system32\xpsp4res.dll
  2010-08-26 13:39 . 2004-10-06 06:22 357248 —-a-w- c:\windows\system32\drivers\srv.sys
  2010-08-23 16:13 . 2004-10-06 06:21 617472 —-a-w- c:\windows\system32\comctl32.dll
  2010-08-17 13:17 . 2004-10-06 06:22 58880 —-a-w- c:\windows\system32\spoolsv.exe
  2010-08-16 08:45 . 2004-10-06 06:22 590848 —-a-w- c:\windows\system32\rpcrt4.dll
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-20 4583424]
  "nwiz"="nwiz.exe" [2004-09-20 921600]
  "ledpointer"="CNYHKey.exe" [2004-02-03 5794816]
  "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-16 325768]
  "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
  "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
  "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
  "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
  "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
  @="Driver"

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
  path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
  backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BlueSoleil.lnk]
  path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\BlueSoleil.lnk
  backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
  path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
  backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan.lnk]
  path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\McAfee Security Scan.lnk
  backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
  2005-11-28 13:02 118784 -c–a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  2010-09-20 21:07 932288 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
  2005-03-04 10:01 88209 —-a-w- c:\windows\AGRSMMSG.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
  2004-02-24 12:05 508416 —-a-w- c:\windows\mHotkey.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
  2004-07-20 16:18 90112 —-a-w- c:\windows\Dit.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
  2010-03-25 23:10 142120 —-a-w- c:\program files\iTunes\iTunesHelper.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
  2008-04-14 17:03 1695232 —-a-w- c:\program files\Messenger\msmsgs.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  2001-07-09 09:50 155648 —-a-w- c:\windows\system32\NeroCheck.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
  2004-10-08 15:14 81920 -c–a-w- c:\program files\Home Cinema\PowerCinema\PCMService.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
  2007-03-23 12:20 227328 —-a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  2010-03-17 19:53 421888 —-a-w- c:\program files\QuickTime\QTTask.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkoppeling naar eigenschappenvenster voor High Definition Audio]
  2004-03-17 14:10 61952 —-a-w- c:\windows\system32\Hdaudpropshortcut.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
  2007-06-18 11:17 68856 —-a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
  2004-10-08 17:02 180269 —-a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
  2005-11-28 13:02 988701 -c–a-w- c:\program files\Acronis\TrueImage\TrueImageMonitor.exe

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "%WinDir%\\system32\\fxsclnt.exe"=
  "%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"=
  "%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"=
  "%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"=
  "%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
  "%ProgramFiles%\\CompuServe 6.0\\cs.exe"=
  "c:\\Program Files\\Messenger\\msmsgs.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
  "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
  "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
  "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
  "c:\\Program Files\\iTunes\\iTunes.exe"=
  "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
  "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
  "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
  "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
  "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
  "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
  "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=

  R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29-10-2010 18:03 165584]
  R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [8-8-2006 15:54 6144]
  R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29-10-2010 18:03 17744]
  R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [19-9-2002 20:29 53248]
  R2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [9-10-2004 10:06 64512]
  R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [16-1-2009 11:11 184968]
  R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [6-10-2004 1:38 1272000]
  R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [1-10-2004 17:35 24704]
  R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [6-10-2004 2:27 19928]
  S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\sharshtl.sys [1-2-2005 13:10 18432]
  S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [19-9-2002 20:27 77824]
  S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [19-9-2002 20:41 77824]
  S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [6-10-2004 2:26 17408]
  S3 epstw2k;SCM-SCSI stuurprogramma voor parallele poort;c:\windows\system32\drivers\epstw2k.sys [1-2-2005 0:01 114944]
  S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [28-10-2010 20:18 583552]
  S3 scsiscan;Stuurprogramma voor SCSI-scanner;c:\windows\system32\drivers\scsiscan.sys [1-2-2005 0:01 11520]
  S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [12-10-2004 14:04 11672]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
  hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
  .
  Inhoud van de 'Gedeelde Taken' map

  2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
  - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
  .
  .
  ——- Bijkomende Scan ——-
  .
  uStart Page = hxxp://www.google.nl/
  uDefault_Search_URL = hxxp://www.google.com/ie
  uInternet Settings,ProxyOverride = <local>;*.local
  uSearchAssistant = hxxp://www.google.com/ie
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
  IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
  .
  - - - - ORPHANS VERWIJDERD - - - -

  HKLM-Run-Cmaudio - cmicnfg.cpl
  MSConfigStartUp-AntivirusRegistration - c:\program files\Excid.com Aps\eTrust Antivirus Registration\EzAntivirusRegistrationCheck.exe
  MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
  MSConfigStartUp-Instant Access - c:\windows\system32\linewsrv.exe
  AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
  AddRemove-{6B103F43-069C-11D6-9EA2-0050BAE317E1} - c:\program files\Uninstall_PCM.exe  **************************************************************************

  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2010-10-29 19:11
  Windows 5.1.2600 Service Pack 3 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  ——————— VERGRENDELDE REGISTER SLEUTELS ———————

  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*]
  "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
  .
  ——————— DLLs Geladen Onder Lopende Processen ———————

  - - - - - - - > 'lsass.exe'(792)
  c:\windows\system32\relog_ap.dll

  - - - - - - - > 'explorer.exe'(3824)
  c:\progra~1\WINDOW~2\wmpband.dll
  c:\windows\system32\msls31.dll
  c:\windows\system32\webcheck.dll
  c:\windows\system32\WPDShServiceObj.dll
  c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
  c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
  c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_dut.nlr
  c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
  c:\windows\system32\PortableDeviceTypes.dll
  c:\windows\system32\PortableDeviceApi.dll
  .
  ———————— Andere Aktieve Processen ————————
  .
  c:\program files\Alwil Software\Avast5\AvastSvc.exe
  c:\windows\System32\SCardSvr.exe
  c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
  c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
  c:\program files\Bonjour\mDNSResponder.exe
  c:\program files\Java\jre6\bin\jqs.exe
  c:\windows\system32\nvsvc32.exe
  c:\windows\system32\wscntfy.exe
  c:\windows\system32\RunDll32.exe
  c:\windows\CNYHKey.exe
  c:\windows\system32\msiexec.exe
  .
  **************************************************************************
  .
  Voltooingstijd: 2010-10-29 19:21:22 - machine werd herstart
  ComboFix-quarantined-files.txt 2010-10-29 17:21

  Pre-Run: 98.686.025.728 bytes beschikbaar
  Post-Run: 98.566.762.496 bytes beschikbaar

  WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
  [boot loader]
  timeout=2
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  [operating systems]
  c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  UnsupportedDebug="do not select this" /debug
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

  - - End Of File - - F1CF7595BAEB7B48E2FE9059B39DF7EE


  PS. Ik heb inmiddels AVG vervangen door Avast mede vanwege de overwegend positieve beoordelingen.
 • Hoi Grard, dat log van VomboFix ziet er verder goed uit!

  En die rare melding - die heb ik een keer eerder gehoord!

  ComboFix mag nu verwijderd worden:
  [list:c37008b916][*:c37008b916] ga daarvoor naar Start - Uitvoeren
  [*:c37008b916] kopieer en plak hierin het volgende: [b:c37008b916]Combofix /Uninstall[/b:c37008b916]
  [*:c37008b916] klik daarna op [b:c37008b916]OK[/b:c37008b916].
  [*:c37008b916] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:c37008b916]

  Voorbeeld:

  [img:c37008b916]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:c37008b916]

  Doe dan nu dit: een test, om te kijken hoe je huidige veiligheidssituatie is.

  Download naar je bureaublad [b:c37008b916][/b:c37008b916].
  [list:c37008b916][*:c37008b916] Klik/dubbelklik op [b:c37008b916]SecurityCheck.exe[/b:c37008b916] en let op de instrukties in het zwarte vesnter.
  [*:c37008b916] Een Kladblok document genaamd [b:c37008b916]checkup.txt[/b:c37008b916] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
  [*:c37008b916] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:c37008b916]
  Post de inhoud van [b:c37008b916]checkup.txt [/b:c37008b916]in je volgende post.
 • Komt tie

  Results of screen317's Security Check version 0.99.6
  Windows XP Service Pack 3
  Internet Explorer 8
  [b:3f8fa0e335]``````````````````````````````
  [u:3f8fa0e335]Antivirus/Firewall Check:[/u:3f8fa0e335][/b:3f8fa0e335]
  avast! Free Antivirus
  [b:3f8fa0e335]```````````````````````````````
  [u:3f8fa0e335]Anti-malware/Other Utilities Check:[/u:3f8fa0e335][/b:3f8fa0e335]
  Malwarebytes' Anti-Malware
  CCleaner
  Java(TM) 6 Update 22
  [b:3f8fa0e335]````````````````````````````````
  Process Check:
  [u:3f8fa0e335]objlist.exe by Laurent[/u:3f8fa0e335][/b:3f8fa0e335]
  Alwil Software Avast5 AvastSvc.exe
  Alwil Software Avast5 avastUI.exe
  [b:3f8fa0e335]````````````````````````````````
  [u:3f8fa0e335]DNS Vulnerability Check:[/u:3f8fa0e335][/b:3f8fa0e335]
  GREAT! (Not vulnerable to DNS cache poisoning)

  [b:3f8fa0e335]``````````End of Log````````````[/b:3f8fa0e335]
 • Hoi Gerard, ter controle kan je nog een keer MBAM laten draaien in de snelscanmodus.

  Vindt MBAM niks, dan denk ik dat de eigenaar blij zal zijn met wat je weer gedaan hebt!
 • Hoi Abraham,

  Heb ik al gedaan evenals Avast en TFC. Alles proper zouden ze in België zeggen. De machine loopt in elk geval een stuk vlotter.
  Dit houdt dus in: twee blije mensen, ik zelf voor de door jouw geboden hulp en mijn vriend voor de mijne.
  Mijn dank voor de snelle afhandeling.
  Groet, Gerard.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.