Dommel1984
-
Items
9 -
Registratiedatum
-
Laatst bezocht
Dommel1984's prestaties
-
Nou ik heb de laatste stappen doorlopen en volgens mij zijn alle problemen opgelost. Kape echt mega bedankt voor alle info!! Ben d'r echt super blij mee en ik weet waar ik heen moet als ik weer een probleem krijg!! Maar uiteraard kan dat niet want alles is nu helemaal afgedekt!! Ik markeer de discussie als opgelost en hopelijk tot nooit weer ;-)
-
Kape, hierbij de twee logs zoals je vroeg. ComboFix ComboFix 11-10-20.05 - Joost 20-10-2011 22:43:32.2.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2943.2023 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Joost\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . FILE :: "c:\windows\Tasks\Norton Security Scan for Joost.job" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Joost\Local Settings\Application Data\1378f99a c:\documents and settings\Joost\Local Settings\Application Data\1378f99a\@ c:\program files\AVAST Software c:\program files\AVAST Software\Avast\Setup\setup.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))) . . 2011-10-20 19:30 . 2011-10-20 19:30 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2011-10-20 19:30 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-20 14:45 . 2011-10-20 14:53 -------- d-----w- c:\windows\system32\drivers\AVG 2011-10-19 17:34 . 2011-10-20 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2011-10-19 15:04 . 2011-10-19 15:04 388096 ----a-r- c:\documents and settings\Joost\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-17 18:56 . 2011-10-20 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-10-17 16:52 . 2011-10-17 16:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2011-10-17 16:41 . 2011-10-17 16:41 -------- d-----w- c:\program files\Trend Micro 2011-10-17 16:19 . 2011-10-17 16:19 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2011-10-17 16:16 . 2011-10-17 16:16 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-10-17 15:38 . 2011-10-17 15:38 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2011-10-16 18:56 . 2011-10-16 18:56 -------- d-----w- c:\documents and settings\Joost\Application Data\AVG2012 2011-10-16 18:48 . 2011-10-16 18:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012 2011-10-16 18:47 . 2011-10-20 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2011-10-16 17:15 . 2011-10-16 17:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-10-16 17:00 . 2011-01-17 07:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-10-16 17:00 . 2010-07-16 12:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2011-10-16 17:00 . 2010-07-16 12:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2011-10-16 17:00 . 2010-12-10 14:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-10-16 17:00 . 2010-12-10 11:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-10-16 17:00 . 2010-12-16 06:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-10-16 17:00 . 2011-10-16 19:19 -------- d-----w- c:\program files\PC Tools Security 2011-10-16 17:00 . 2011-10-16 17:05 -------- d-----w- c:\program files\Common Files\PC Tools 2011-10-16 17:00 . 2011-10-16 17:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools 2011-10-16 16:55 . 2011-10-16 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-10-16 16:53 . 2011-10-16 16:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2011-10-16 16:53 . 2011-10-16 16:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-10-16 16:00 . 2011-10-16 16:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-10-16 15:51 . 2011-10-16 15:51 -------- d-----w- c:\windows\system32\LogFiles 2011-10-16 15:40 . 2011-10-20 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2011-07-27 20:24 . 2009-08-31 17:46 78813 ----a-w- c:\documents and settings\Joost\Application Data\mdb.bin . . ((((((((((((((((((((((((((((( SnapShot@2011-10-20_17.27.00 ))))))))))))))))))))))))))))))))))))))))) . + 2011-10-20 19:20 . 2011-10-20 19:20 16384 c:\windows\Temp\Perflib_Perfdata_7ac.dat - 2001-09-07 12:00 . 2011-10-20 17:30 628832 c:\windows\system32\perfh013.dat + 2001-09-07 12:00 . 2011-10-20 19:24 628832 c:\windows\system32\perfh013.dat - 2001-09-07 12:00 . 2011-10-20 17:30 544958 c:\windows\system32\perfh009.dat + 2001-09-07 12:00 . 2011-10-20 19:24 544958 c:\windows\system32\perfh009.dat + 2001-09-07 12:00 . 2011-10-20 19:24 146888 c:\windows\system32\perfc013.dat - 2001-09-07 12:00 . 2011-10-20 17:30 146888 c:\windows\system32\perfc013.dat + 2001-09-07 12:00 . 2011-10-20 19:24 114600 c:\windows\system32\perfc009.dat - 2001-09-07 12:00 . 2011-10-20 17:30 114600 c:\windows\system32\perfc009.dat + 2011-10-20 18:15 . 2011-10-20 18:15 2185216 c:\windows\Installer\3a7de.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\programma's\Deamon Tools\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "DAEMON Tools Pro Agent"="d:\programma's\DAEMON Tools Pro\DTAgent.exe" [2010-11-11 570688] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944] "nwiz"="nwiz.exe" [2006-10-30 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-30 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800] "SkyTel"="SkyTel.EXE" [2007-08-03 1826816] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="d:\programma's\Itunes\iTunesHelper.exe" [2011-03-07 421160] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Joost\Menu Start\Programma's\Opstarten\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Programma's\\BitTorrent\\bittorrent.exe"= "d:\\Programma's\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "d:\\Programma's\\Itunes\\iTunes.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Documents and Settings\\Joost\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\Joost\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "d:\\Programma's\\Picasa3\\PicasaUpdater.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1385:TCP"= 1385:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [16-10-2011 19:00 239168] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [16-10-2011 19:00 338880] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 229840] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [30-12-2010 19:58 219200] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4-8-2004 1:03 14336] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 6:09 184828] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 1:14 16720] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8-11-2009 13:49 47360] R4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20-10-2011 21:30 22216] R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware2\mbamservice.exe [19-10-2011 19:34 359008] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-9-2011 6:23 5265248] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5-1-2010 17:39 129784] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe --> c:\program files\PC Tools Security\pctsAuxs.exe [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5-1-2010 17:39 129784] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - MBAMSwissArmy . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2011-10-16 c:\windows\Tasks\AdobeAAMUpdater-1.0-JOOSTWIELAND-Joost.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-26 01:44] . 2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 18:17] . 2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 18:17] . 2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-630328440-725345543-1003Core.job - c:\documents and settings\Joost\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-17 16:24] . 2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-630328440-725345543-1003UA.job - c:\documents and settings\Joost\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-17 16:24] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-10-20 22:49 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-73586283-630328440-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11] "GameDir"="d:\\Programma's\\FM Genie Scout 11\\games" "ShortlistDir"="d:\\Programma's\\FM Genie Scout 11\\shortlists" "FMPath"="" "ScreenshotsDir"="d:\\Programma's\\FM Genie Scout 11" "SaveDir"="d:\\Programma's\\FM Genie Scout 11\\" "HistoryDir"="d:\\Programma's\\FM Genie Scout 11\\History Points" "LangDB"="d:\\Programma's\\FM Genie Scout 11\\lang_db.dat" "LastSaveGame"="c:\\Documents and Settings\\Joost\\Mijn documenten\\Sports Interactive\\Football Manager 2011\\games\\JW_Spurs.fm" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:0000004b "GraphStep"=dword:00000000 "SkinName"="PSV Eindhoven" "LastUpdateCheck"=dword:00009f6c "VersionOf"=dword:0000007b "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000081 "UniqueID"="C4-F435-2813" "Currency"=dword:00000056 "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "PlayerSearchFeatureNum"=dword:00000038 "StaffSearchFeatureNum"=dword:0000000f "ClubSearchFeatureNum"=dword:00000021 "FilterByClubFeatureNum"=dword:0000004d "CompareFeatureNum"=dword:00000000 "ShortlistFeatureNum"=dword:00000000 "ExportFeatureNum"=dword:00000000 "HistoryFeatureNum"=dword:00000000 "LanguageDBFeatureNum"=dword:00000052 "HintsFeatureNum"=dword:00000000 "GenieReportFeatureNum"=dword:00000005 "TopFormationFeatureNum"=dword:00000017 "ScreenshotFeatureNum"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'lsass.exe'(1104) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . Voltooingstijd: 2011-10-20 22:51:12 ComboFix-quarantined-files.txt 2011-10-20 20:51 ComboFix2.txt 2011-10-20 17:33 . Pre-Run: 34.365.714.432 bytes beschikbaar Post-Run: 34.387.771.392 bytes beschikbaar . - - End Of File - - 64173D14D2182658D4343799D8AAD6DF HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:53:39, on 20-10-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Malwarebytes' Anti-Malware2\mbamservice.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe D:\Programma's\Itunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\PC Tools Security\pctsGui.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG2012\avgtray.exe D:\Programma's\DAEMON Tools Pro\DTAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Joost\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Joost\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Joost\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Joost\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Joost\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Joost\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\hi3\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programma's\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programma's\Deamon Tools\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Programma's\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing) O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\PC Tools Security\pctsAuxs.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\PC Tools Security\pctsSvc.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 10307 bytes
-
Whooo, het probleem lijkt opgelost. Ik heb de AVG2012 gedraaid en die gaf echt een enorme berg problemen weer. Die zijn allemaal hersteld/verwijderd. Daarna nog een keer "Malwarebytes' Anti-Malware" gedraaid. Die gaf geen probleem meer, het enige wat gebeurde was dat tijdens het draaien van de "Malwarebytes' Anti-Malware scan" AVG ineens dit probleem weer gaf Uit de Malwarebytes' Anti-Malware scan kwam helemaal niks maar ik heb voor de zekerheid nogmaals AVG met een full-scan nu draaien. Kun jij aangeven of die melding nog problemen kan opleveren? Daarnaast ben ik nog even benieuwd of ik met AVG2012 en Malwarebytes' Anti-Malware volledig gedekt ben tegen dergelijke problemen of dat ik nog aanvullende dingen moet installeren?? Alvast super bedankt voor dit alles want volgens mij werkt het weer helemaal zoals het hoort!!
-
Ok ik heb het hele proces wat je beschreef doorlopen. Hier volgt het rapport Combofix ComboFix 11-10-20.05 - Joost 20-10-2011 19:14:28.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2943.2423 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Joost\Application Data\inst.exe c:\documents and settings\Joost\Application Data\vso_ts_preview.xml c:\documents and settings\Joost\Bureaublad\Internet Explorer.lnk c:\documents and settings\Joost\Local Settings\Application Data\1378f99a\U c:\documents and settings\Joost\Local Settings\Application Data\1378f99a\U\800000cb.@ c:\program files\Autodesk_Revit_Architecture_2011_English_Win_32-64bit.exe c:\windows\$NtUninstallKB5405$\326695322\@ c:\windows\$NtUninstallKB5405$\326695322\L\vvgbeohk c:\windows\$NtUninstallKB5405$\326695322\loader.tlb c:\windows\$NtUninstallKB5405$\326695322\U\@00000001 c:\windows\$NtUninstallKB5405$\326695322\U\@000000c0 c:\windows\$NtUninstallKB5405$\326695322\U\@000000cb c:\windows\$NtUninstallKB5405$\326695322\U\@000000cf c:\windows\$NtUninstallKB5405$\326695322\U\@80000000 c:\windows\$NtUninstallKB5405$\326695322\U\@800000c0 c:\windows\$NtUninstallKB5405$\326695322\U\@800000cb c:\windows\$NtUninstallKB5405$\326695322\U\@800000cf c:\windows\$NtUninstallKB5405$\4242094643 c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735} c:\windows\2600040467 c:\windows\assembly\GAC_MSIL\desktop.ini c:\windows\ehome\medctrro.exe c:\windows\system32\ c:\windows\system32\d3d9caps.dat c:\windows\$NtUninstallKB5405$ . . . . konden niet verwijderd worden . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_1378f99a . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))) . . 2011-10-20 14:45 . 2011-10-20 14:53 -------- d-----w- c:\windows\system32\drivers\AVG 2011-10-19 17:34 . 2011-10-20 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2011-10-19 17:34 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-19 15:04 . 2011-10-19 15:04 388096 ----a-r- c:\documents and settings\Joost\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-17 18:56 . 2011-10-20 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-10-17 18:56 . 2011-10-17 18:56 -------- d-----w- c:\program files\AVAST Software 2011-10-17 16:52 . 2011-10-17 16:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2011-10-17 16:41 . 2011-10-17 16:41 -------- d-----w- c:\program files\Trend Micro 2011-10-17 16:19 . 2011-10-17 16:19 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2011-10-17 16:16 . 2011-10-17 16:16 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-10-17 15:38 . 2011-10-17 15:38 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2011-10-16 18:56 . 2011-10-16 18:56 -------- d-----w- c:\documents and settings\Joost\Application Data\AVG2012 2011-10-16 18:48 . 2011-10-16 18:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012 2011-10-16 18:47 . 2011-10-20 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2011-10-16 17:15 . 2011-10-16 17:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-10-16 17:00 . 2011-01-17 07:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-10-16 17:00 . 2010-07-16 12:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2011-10-16 17:00 . 2010-07-16 12:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2011-10-16 17:00 . 2010-12-10 14:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-10-16 17:00 . 2010-12-10 11:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-10-16 17:00 . 2010-12-16 06:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-10-16 17:00 . 2011-10-16 19:19 -------- d-----w- c:\program files\PC Tools Security 2011-10-16 17:00 . 2011-10-16 17:05 -------- d-----w- c:\program files\Common Files\PC Tools 2011-10-16 17:00 . 2011-10-16 17:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools 2011-10-16 16:55 . 2011-10-16 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-10-16 16:53 . 2011-10-16 16:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2011-10-16 16:53 . 2011-10-16 16:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-10-16 16:00 . 2011-10-16 16:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-10-16 15:51 . 2011-10-16 15:51 -------- d-----w- c:\windows\system32\LogFiles 2011-10-16 15:40 . 2011-10-20 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-10-16 14:11 . 2011-10-20 17:22 -------- d-sh--w- c:\documents and settings\Joost\Local Settings\Application Data\1378f99a . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2011-07-27 20:24 . 2009-08-31 17:46 78813 ----a-w- c:\documents and settings\Joost\Application Data\mdb.bin . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\programma's\Deamon Tools\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "DAEMON Tools Pro Agent"="d:\programma's\DAEMON Tools Pro\DTAgent.exe" [2010-11-11 570688] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944] "nwiz"="nwiz.exe" [2006-10-30 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-30 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800] "SkyTel"="SkyTel.EXE" [2007-08-03 1826816] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="d:\programma's\Itunes\iTunesHelper.exe" [2011-03-07 421160] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware2\mbamgui.exe" [2011-08-31 449608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Joost\Menu Start\Programma's\Opstarten\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Programma's\\BitTorrent\\bittorrent.exe"= "d:\\Programma's\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "d:\\Programma's\\Itunes\\iTunes.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Documents and Settings\\Joost\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\Joost\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "d:\\Programma's\\Picasa3\\PicasaUpdater.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware2\\mbam.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1032:TCP"= 1032:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [16-10-2011 19:00 239168] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [16-10-2011 19:00 338880] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 1:13 229840] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [30-12-2010 19:58 219200] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4-8-2004 1:03 14336] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-9-2011 6:23 5265248] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware2\mbamservice.exe [19-10-2011 19:34 359008] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 1:14 16720] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19-10-2011 19:34 22216] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8-11-2009 13:49 47360] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 6:09 192776] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5-1-2010 17:39 135664] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe --> c:\program files\PC Tools Security\pctsAuxs.exe [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5-1-2010 17:39 135664] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2011-10-16 c:\windows\Tasks\AdobeAAMUpdater-1.0-JOOSTWIELAND-Joost.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-26 01:44] . 2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 15:39] . 2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 15:39] . 2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-630328440-725345543-1003Core.job - c:\documents and settings\Joost\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-17 16:24] . 2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-630328440-725345543-1003UA.job - c:\documents and settings\Joost\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-17 16:24] . 2011-10-16 c:\windows\Tasks\Norton Security Scan for Joost.job - c:\progra~1\NORTON~2\Engine\311~1.6\Nss.exe [2011-05-05 10:23] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) SafeBoot-klmdb.sys AddRemove-{bf769cf6-1953-4e23-8429-6937fc40b7f4} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-10-20 19:26 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-73586283-630328440-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11] "GameDir"="d:\\Programma's\\FM Genie Scout 11\\games" "ShortlistDir"="d:\\Programma's\\FM Genie Scout 11\\shortlists" "FMPath"="" "ScreenshotsDir"="d:\\Programma's\\FM Genie Scout 11" "SaveDir"="d:\\Programma's\\FM Genie Scout 11\\" "HistoryDir"="d:\\Programma's\\FM Genie Scout 11\\History Points" "LangDB"="d:\\Programma's\\FM Genie Scout 11\\lang_db.dat" "LastSaveGame"="c:\\Documents and Settings\\Joost\\Mijn documenten\\Sports Interactive\\Football Manager 2011\\games\\JW_Spurs.fm" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:0000004b "GraphStep"=dword:00000000 "SkinName"="PSV Eindhoven" "LastUpdateCheck"=dword:00009f6c "VersionOf"=dword:0000007b "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000081 "UniqueID"="C4-F435-2813" "Currency"=dword:00000056 "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "PlayerSearchFeatureNum"=dword:00000038 "StaffSearchFeatureNum"=dword:0000000f "ClubSearchFeatureNum"=dword:00000021 "FilterByClubFeatureNum"=dword:0000004d "CompareFeatureNum"=dword:00000000 "ShortlistFeatureNum"=dword:00000000 "ExportFeatureNum"=dword:00000000 "HistoryFeatureNum"=dword:00000000 "LanguageDBFeatureNum"=dword:00000052 "HintsFeatureNum"=dword:00000000 "GenieReportFeatureNum"=dword:00000005 "TopFormationFeatureNum"=dword:00000017 "ScreenshotFeatureNum"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'lsass.exe'(1104) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . - - - - - - - > 'explorer.exe'(1708) c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\program files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe c:\program files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\program files\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Voltooingstijd: 2011-10-20 19:33:07 - machine werd herstart ComboFix-quarantined-files.txt 2011-10-20 17:33 . Pre-Run: 18.368.139.264 bytes beschikbaar Post-Run: 34.641.297.408 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 728CBD8A9AD9A2874163972DD49408DA
-
Met frisse moed heb ik zojuist een nieuwe AVG2012 scan gedraaid maar al snel was het mis. In eerste instantie kreeg ik deze melding: Ik heb in eerste instantie "alle niet herstelde onderdelen verwijderd" maar toen wilde de virusscanner niet verder lopen. Ik heb de computer opnieuw opgestart (de computer wil trouwens ook niet meer uit zichzelf afsluiten, hij sluit windows af en dan wordt het scherm zwart maar de PC blijft draaien, dit is alleen vanuit normale modus. Uit veilige modus sluit deze wel af). Nadat ik de computer opnieuw opgestart had kreeg ik direct deze melding: En toen ik de AVG scan weer aanzette kreeg ik bijna direct deze melding: Ik heb de computer weer opnieuw opgestart in veilige modus en heb een Hijackthis gedraaid, de log hiervan staat hieronder: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:19:00, on 20-10-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\hi3\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 301 Moved Permanently O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programma's\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware2\mbamgui.exe" /starttray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing) O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware2\mbamservice.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\PC Tools Security\pctsAuxs.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\PC Tools Security\pctsSvc.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 8602 bytes Helaas helaas helaas is ondanks het goede advies het probleem dus nog niet opgelost. Graag hoor ik van je of je me nog verder kan helpen.
-
Ok kape, thnxz voor je reactie. Ik heb alle stappen doorlopen. Het volgende is eruit gekomen: HijackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:49:27, on 19-10-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe D:\hi3\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 301 Moved Permanently O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programma's\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware2\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware2\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing) O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\PC Tools Security\pctsAuxs.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\PC Tools Security\pctsSvc.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 8220 bytes Mbam-Log: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7983 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 19-10-2011 19:44:50 mbam-log-2011-10-19 (19-44-50).txt Scan type: Quick scan Objects scanned: 198746 Time elapsed: 8 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\1378f99a (Backdoor.0Access) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\2600040467:3968271973.exe (Backdoor.0Access) -> Quarantined and deleted successfully. c:\WINDOWS\trz244.tmp (Backdoor.0Access) -> Quarantined and deleted successfully. Hope hearing from you soon!
-
Het is me in de veilige modus gelukt. Hierbij de resultaten... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:07:58, on 19-10-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\hi3\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 301 Moved Permanently R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 301 Moved Permanently R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programma's\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\RunServices: [WUSB54GC] %ProgramFiles%\ O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Free Uninstall Survey | AVG Nederland O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing) O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\PC Tools Security\pctsAuxs.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\PC Tools Security\pctsSvc.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 9067 bytes Ben benieuwd wat de uitkomst is!!
-
Allereerst bedankt voor jullie super snelle reactie!! @Matlock Ik heb AVG netjes verwijderd en Avast geinstalleerd maar ik krijg hetzelfde probleem als met AVG dat die halverwege de scan vastloopt.. Ik heb twee jpgjes toegevoegd waar je kunt zien wat er gebeurd. @Asus Ik heb HiJack gedownload zoals je zei maar op het moment dat ik de scan uit laat voeren loopt de bovenste balk vol tot 100% en vervolgens wordt het programma afgesloten. Ik heb ook hier twee jpgjes bijgevoegd. Eentje van het moment voordat ik op scan druk (niet zo spannend) en eentje van als ik op de snelkoppeling druk nadat het programmatje automatisch is afgesloten. Hopelijk weten jullie nog enkele vervolgstappen!!
-
Sinds 2 dagen wordt ik helemaal gek van de virusmeldingen op m'n computer. Het begon met de melding dat de virusbeveiliging uitgeschakeld was en niet meer kon worden ingeschakeld. Na veel gerommel heb ik AVG12 free weer kunnen installeren maar hij blijft maar bedreigingen detecteren. In de bijlage heb ik een screenshot van de meldingen weergegeven. WIE KAN MIJ HELPEN??
