Ga naar inhoud

percussive

Lid
  • Items

    18
  • Registratiedatum

  • Laatst bezocht

Over percussive

  • Verjaardag 10-11-1985

percussive's prestaties

  1. Dag allemaal, ik geraakte zelfs niet in de Bios, de pc bleef steeds afsluiten na 15 seconden. Ik ontdekte wel dat een van de USB-poorten lichtjes beschadigd was. Ik heb deze ontkoppeld van het moederbord en nu werkt alles weer naar behoren. Vermoedelijk kortsluiting dus. Probleem opgelost, bedankt voor alle hulp!! Mvg Sam
  2. Al gebeurd, zonder resultaat. De foutmelding (usb device over current status detected) lijkt eerder op een probleem met de usb's denk ik? Groetjes sam
  3. Impossible... Veilig modus lukt ook niet, pc blijft hangen bij het begin en wordt na 15sec automatisch uitgeschakeld!
  4. Bedankt allebei voor jullie reacties! @ Jean-Pierre: ik heb alle USB's al uitgetrokken maar de foutmelding blijft verschijnen @ stegisoft: dat downloaden en uitvoeren van Everest wordt moeilijk, ik geraak niet eens in Windows + pc valt steeds uit na 15 seconden... Mvg Sam
  5. Het gaat niet om een merkcomputer. Windows XP SP3, AMD processor, ASUS moederbord... Mvg sam
  6. Dag allemaal, "usb device over current status detected - system will shut down after 15 seconds" is de boodschap die plotseling voortdurend op mijn scherm komt. Mijn pc deed het nochtans perfect. Het gaat om een ASUS moederbord, MZN-VM DVI met ADM processor. Na de eerste 'biep' volgt meteen een tweede met de gezegde foutmelding en valt de pc uit. Ik kom dus nog niet in de buurt van Windows. Ik vind op diverse fora gelijkaardige berichten maar geen nuttige of heel verouderde tips en reacties. Het heeft vermoedelijk wel iets met een stroomprobleem te maken, maar daar ken ik echt niets van. Iemand een idee? Bedankt alvast! Sam Mvg Sam ---------- Post toegevoegd om 19:09 ---------- Vorige post was om 19:04 ---------- Nog vergeten erbij te zeggen: - Heb alle USB's uitgetrokken (Ipod, muis, toetsenbord, printer) maar verandert niks - Geen stof of vuil in computerbak Mvg! sam
  7. Volgens wat ik kan terugvinden heeft de cijfermap te maken met Windows-updates, de andere mapjes met Intel en AMD processor. Weinig speciaals blijkbaar. Nog eens hartelijk merci voor de steeds snelle reply's en efficiënte hulp! Mvg Sam
  8. Ik heb voor de zekerheid nog een keer extra opgestart (had vorige keer ook al eens te vroeg gejuicht). Volgens mij doet hij het weer helemaal normaal. Alleen onder C: kan ik nog een ComboFix mapje vinden, met daarin 1 bestand 'NircmdB'. Qoobox is wel weg. Ging het hier nu om een virus/spyware? Nog een laatste vraagje, in de C:map staat bovenaan als eerste mapje altijd een lange gecodeerde map '6e405479e68fd4dffaa74f1cca8b4f' met daarin de mappen i386 en amd64.Is dat iets speciaals? Moest er alsnog iets mislopen laat ik het spoedig weten. Ontzettend hard bedankt voor alle hulp en moeite!!! Mvg Sam
  9. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, August 10, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, August 10, 2010 08:52:02 Records in database: 4131149 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 235409 Threats found: 4 Infected objects found: 8 Suspicious objects found: 0 Scan duration: 03:56:30 File name / Threat / Threats count C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\srvklw32.exe.vir Infected: Trojan.Win32.Jorik.Bredolab.bs 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\bycool\winacces.exe.vir Infected: Trojan-Dropper.Win32.Agent.afpc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\aec.sys.vir Infected: Rootkit.Win32.Agent.bier 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\fjhdyfhsn.bat.vir Infected: Trojan.BAT.Agent.vf 1 C:\System Volume Information\_restore{646DADF1-444D-4C68-B8D6-E68E0715A4D0}\RP345\A0141233.exe Infected: Trojan.Win32.Jorik.Bredolab.bs 1 C:\System Volume Information\_restore{646DADF1-444D-4C68-B8D6-E68E0715A4D0}\RP345\A0141234.exe Infected: Trojan-Dropper.Win32.Agent.afpc 1 C:\System Volume Information\_restore{646DADF1-444D-4C68-B8D6-E68E0715A4D0}\RP345\A0141235.bat Infected: Trojan.BAT.Agent.vf 1 C:\System Volume Information\_restore{646DADF1-444D-4C68-B8D6-E68E0715A4D0}\RP345\A0156471.sys Infected: Rootkit.Win32.Agent.bier 1 Selected area has been scanned.
  10. Hier ben ik weer! Al enkele dagen in het land, maar nu pas terug op de plaats waar de pc staat... Ik heb gedaan wat gevraagd. Misschien wel belangrijk om weten: - ik kon alleen maar starten (en dus scannen) in veilige modus - hierdoor is de Recovery Console nog niet geïnstalleerd Mvg Sam Hierbij de log: ComboFix 10-08-09.03 - Gebruiker 10/08/2010 16:17:08.4.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1919.1546 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: F:\CFScript.txt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: "c:\program files\Lavasoft\Ad-Aware\AAWService.exe" "c:\windows\DUMP5236.tmp" "c:\windows\system32\drivers\aec.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=1044202&alertFeedId=1039913.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=10896&alertFeedId=10676.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=24183&alertFeedId=23680.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=24247&alertFeedId=23744.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=24250&alertFeedId=23747.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=24264&alertFeedId=23761.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=24266&alertFeedId=23763.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=24349&alertFeedId=23846.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=24350&alertFeedId=23847.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=28311&alertFeedId=27793.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=28312&alertFeedId=27794.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=28313&alertFeedId=27795.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=28315&alertFeedId=27797.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=563458&alertFeedId=559322.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml c:\program files\Lavasoft\Ad-Aware c:\program files\Lavasoft\Ad-Aware\ShellExt.dll c:\windows\DUMP5236.tmp c:\windows\system32\drivers\aec.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AEC -------\Legacy_LAVASOFT_AD-AWARE_SERVICE -------\Service_aec -------\Service_Lavasoft Ad-Aware Service (((((((((((((((((((( Bestanden Gemaakt van 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))) . 2010-07-22 07:02 . 2010-07-22 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-07-21 18:03 . 2010-07-21 18:03 -------- d-----w- c:\documents and settings\Gebruiker\Tracing 2010-07-15 21:25 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll 2010-07-15 21:24 . 2010-07-15 21:24 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-07-15 19:17 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-12 09:30 . 2010-07-12 09:30 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\My Games 2010-07-12 09:23 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-10 14:33 . 2004-08-04 12:00 501868 ----a-w- c:\windows\system32\perfh013.dat 2010-08-10 14:33 . 2004-08-04 12:00 87068 ----a-w- c:\windows\system32\perfc013.dat 2010-08-10 14:29 . 2010-08-10 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-08-10 14:29 . 2010-08-10 14:29 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-08-10 14:26 . 2008-08-27 21:52 -------- d-----w- c:\program files\Lavasoft 2010-07-15 22:01 . 2008-10-23 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-12 09:24 . 2008-08-08 19:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-12 09:24 . 2010-07-12 09:24 -------- d-----w- c:\program files\2K Games 2010-06-22 20:16 . 2010-06-22 20:16 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb4.tmp.exe 2010-06-14 14:31 . 2008-08-07 01:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-29 39408] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-11 2356088] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600] "dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984] "DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728] "nwiz"="nwiz.exe" [2007-04-20 1626112] "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\EA SPORTS\\World Cup 98\\fifawc.exe"= "c:\\SAM\\Games\\Age of empires\\empires2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25/01/2010 15:33 64288] R2 KotNET AutoLogin Service;KotNET AutoLogin Service;c:\program files\CuSo4\KotNET AutoLogin 3.0\Be.Cuso4.Kotnet.AutoLogin.Service.exe [8/11/2007 12:26 77824] S2 gupdate1c9f05f84474a56;Google Updateservice (gupdate1c9f05f84474a56);c:\program files\Google\Update\GoogleUpdate.exe [18/06/2009 23:55 133104] S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;"c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe" --> c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [?] . Inhoud van de 'Gedeelde Taken' map 2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-08-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-29 21:54] 2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 21:55] 2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 21:55] 2010-07-15 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-08-10 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\q1a0bvgl.default\ FF - prefs.js: browser.startup.homepage - www.google.be FF - component: c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\q1a0bvgl.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\q1a0bvgl.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Musicnotes\npmusicn.dll FF - plugin: c:\program files\Musicnotes\NPSibelius.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-10 16:29 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scannen van verborgen bestanden ... c:\docume~1\GEBRUI~1\LOCALS~1\Temp\lucene-825ca3656c541ba9e8c67e65d133a598-commit.lock 0 bytes c:\docume~1\GEBRUI~1\LOCALS~1\Temp\lucene-825ca3656c541ba9e8c67e65d133a598-write.lock 0 bytes Scan succesvol afgerond verborgen bestanden: 2 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3200) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\windows\system32\dlcgcoms.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2010-08-10 16:39:12 - machine werd herstart ComboFix-quarantined-files.txt 2010-08-10 14:39 ComboFix2.txt 2010-07-22 21:18 Pre-Run: 22.737.182.720 bytes beschikbaar Post-Run: 22.647.492.608 bytes beschikbaar - - End Of File - - 2BF6722DF1C1C313C0AF82B79AC9C2E5
  11. Ik ben voorlopig niet meer in Windows geraakt, blijft altijd hangen. Probleem is dat ik morgen op reis vertrek, dus ik ga pas opnieuw kunnen reageren vanaf 4 augustus, sorry! Dan ga ik er zeker mee verder, ik had gedacht dat ik dit sneller zou opgelost krijgen Tot snel dus en alvast bedankt voor de hulp! Mvg Sam
  12. Beste, hier alvast mijn eerste logje van Combofix. Ik moest echter via Veilige modus werken omdat dit de enige weg was om in Windows te geraken. Hierdoor kon de recovery console nog niet worden geïnstalleerd, maar combofix heeft wel verdergescand op malware. Ik wilde pc net heropstarten in normale modus maar hij is weer vastgelopen op de welkom-page.... Zucht... Ik probeer verder, bedankt alvast voor de hulp! ComboFix 10-07-21.02 - Gebruiker 2010-07-22 23:01:01.3.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1919.1651 [GMT 2:00] Gestart vanuit: F:\ComboFix.exe WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Gebruiker\Application Data\avdrn.dat c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\srvklw32.exe c:\windows\system32\_id.dat c:\windows\system32\bycool c:\windows\system32\bycool\winacces.exe c:\windows\system32\fjhdyfhsn.bat . (((((((((((((((((((( Bestanden Gemaakt van 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))) . 2010-07-22 07:02 . 2010-07-22 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-07-21 18:03 . 2010-07-21 18:03 -------- d-----w- c:\documents and settings\Gebruiker\Tracing 2010-07-15 21:25 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll 2010-07-15 21:24 . 2010-07-15 21:24 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-07-15 21:22 . 2010-07-15 21:22 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit 2010-07-15 21:22 . 2010-04-21 10:06 101376 ----a-w- c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\q1a0bvgl.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll 2010-07-15 21:22 . 2010-04-21 10:06 52224 ----a-w- c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\q1a0bvgl.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll 2010-07-15 19:17 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-12 09:30 . 2010-07-12 09:30 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\My Games 2010-07-12 09:23 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-22 20:56 . 2004-08-04 12:00 87068 ----a-w- c:\windows\system32\perfc013.dat 2010-07-22 20:56 . 2004-08-04 12:00 501868 ----a-w- c:\windows\system32\perfh013.dat 2010-07-22 12:52 . 2008-08-07 02:45 90112 ----a-w- c:\windows\DUMP5236.tmp 2010-07-22 07:15 . 2008-08-08 19:01 565280 ----a-w- c:\windows\system32\drivers\aec.sys 2010-07-15 22:01 . 2008-10-23 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-12 09:24 . 2008-08-08 19:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-12 09:24 . 2010-07-12 09:24 -------- d-----w- c:\program files\2K Games 2010-06-22 20:16 . 2010-06-22 20:16 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb4.tmp.exe 2010-06-14 14:31 . 2008-08-07 01:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-04 15:38 . 2009-04-22 06:22 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-28 13:30 . 2008-10-29 12:15 -------- d-----w- c:\program files\Google 2010-05-06 10:37 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:10 . 2004-08-04 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys . ------- Sigcheck ------- [-] 2010-07-22 07:15 . A4AE4610F9BE1D09E3F6511BE9343E0C . 565280 . . [------] . . c:\windows\system32\drivers\aec.sys [7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys [7] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-29 39408] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-11 2356088] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600] "dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984] "DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728] "nwiz"="nwiz.exe" [2007-04-20 1626112] "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\EA SPORTS\\World Cup 98\\fifawc.exe"= "c:\\SAM\\Games\\Age of empires\\empires2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-01-25 64288] S2 gupdate1c9f05f84474a56;Google Updateservice (gupdate1c9f05f84474a56);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 133104] S2 KotNET AutoLogin Service;KotNET AutoLogin Service;c:\program files\CuSo4\KotNET AutoLogin 3.0\Be.Cuso4.Kotnet.AutoLogin.Service.exe [2007-11-08 77824] S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;"c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe" --> c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [?] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?] . Inhoud van de 'Gedeelde Taken' map 2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-07-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-29 21:54] 2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 21:55] 2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 21:55] 2010-07-15 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-07-22 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\q1a0bvgl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=12607 FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - www.google.be FF - component: c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\q1a0bvgl.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\q1a0bvgl.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Musicnotes\npmusicn.dll FF - plugin: c:\program files\Musicnotes\NPSibelius.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - (no file) HKLM-Run-Norman ZANDA - c:\program files\Norman\Npm\Bin\ZLH.EXE AddRemove-AviSynth - c:\program files\AviSynth 2.5\Uninstall.exe AddRemove-AVS Registry Cleaner 1.1_is1 - c:\program files\AVS4YOU\AVSRegistryCleaner\unins000.exe AddRemove-Babylon - c:\program files\Babylon\Babylon-Pro\Utils\uninstbb.exe AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe AddRemove-myBabylon_English Toolbar - c:\progra~1\MYBABY~1\UNWISE.EXE AddRemove-PDF Compress_is1 - c:\program files\PDF Compress\unins000.exe AddRemove-PDFCreator - c:\program files\Capsoft\PDFCreator\uninstpw.exe AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe AddRemove-Videora iPod Converter - c:\program files\Red Kawa\Video Converter 3\uninstaller.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-22 23:15 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2010-07-22 23:18:01 ComboFix-quarantined-files.txt 2010-07-22 21:17 Pre-Run: 22,035,755,008 bytes beschikbaar Post-Run: 22,737,862,656 bytes beschikbaar - - End Of File - - 6382002BCC43417BE3382A7AF7E1690C
  13. Beste, alvast bedankt voor je hulp. Het probleem is toch nog niet helemaal opgelost, de PC bleef nog steeds hangen bij het opstarten. Na lang proberen ben ik toch in Windows geraakt en heb gedaan wat je vroeg. Alleen die O4 - Startup: srvklw32.exe blijft steeds terugkomen in HJThis, en die krijg ik nergens anders verwijderd. Lijkt me verdacht... Hierbij de logjes: Malwarebytes' Anti-Malware 1.34 Database versie: 1749 Windows 5.1.2600 Service Pack 3 2010-07-21 20:10:08 mbam-log-2010-07-21 (20-10-08).txt Scan type: Snelle Scan Objecten gescand: 92414 Verstreken tijd: 14 minute(s), 47 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:16, on 2010-07-21 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell AIO 810\dlcgmon.exe C:\WINDOWS\system32\dlcgcoms.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe" O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: srvklw32.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Pagina niet gevonden | Facebook O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe O23 - Service: Google Updateservice (gupdate1c9f05f84474a56) (gupdate1c9f05f84474a56) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KotNET AutoLogin Service - CuSo4 - C:\Program Files\CuSo4\KotNET AutoLogin 3.0\Be.Cuso4.Kotnet.AutoLogin.Service.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Unknown owner - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9677 bytes Alvast nogmaals bedankt voor jullie hulp! Mvg Sam
  14. Beste, ik had deze namiddag een ernstig probleem met de PC tijdens een scan met Adaware. Inmiddels is dat gelukkig opgelost (www.pc-helpforum.be/f167/pc-herstart-steeds-26197/) maar ik wilde voor de zekerheid nog even dit logje plaatsen.Willen jullie dit even bekijken? Een controle via Spybot leverde niks op. Ik zie dat er in dit lijstje van HJThis een aantal keer Babylon opduikt. Vorige week per ongeluk geïnstalleerd en er nu niet meer af te krijgen... Als ik het via deze weg kan verwijderen, let me know aub Alvast bedankt! Groetjes Sam Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:45, on 2010-07-20 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CuSo4\KotNET AutoLogin 3.0\Be.Cuso4.Kotnet.AutoLogin.Service.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell AIO 810\dlcgmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dlcgcoms.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (file missing) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe" O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: srvklw32.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate1c9f05f84474a56) (gupdate1c9f05f84474a56) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KotNET AutoLogin Service - CuSo4 - C:\Program Files\CuSo4\KotNET AutoLogin 3.0\Be.Cuso4.Kotnet.AutoLogin.Service.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 11051 bytes
  15. Na nog enkele keren proberen is het gelukt wat langer in Windows te blijven. Zoals ik al vertelde was de PC, tijdens de eerste spontane heropstart, bezig met een Scan in Adaware. Blijkbaar zat daar het probleem. Gecrashed in het midden van de scan, Windows taakbeheerd stond vol met taken van AdAware waardoor het CPU-balkje helemaal gevuld was. Heb alles van Adaware stopgezet en nu doet hij weer normaal... Ik zet voor de zekerheid nog een HJThis logje op de juiste plaats. Bij deze zal ik jullie hier niet meer mee lastigvallen Groetjes Sam
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.