Ga naar inhoud

domblondje

Lid
  • Items

    20
  • Registratiedatum

  • Laatst bezocht

Alles dat geplaatst werd door domblondje

  1. Zoals gevraagd heb ik gedaan wat jullie gezegd hebben. Ik startte pc op, direct bij het op start drukken van de game op FB viel die uit. Ik deed reboot, kreeg volgend scherm Press DEL tot SETUP --> geen reactie , ik klik reboot, hij gaat verder, beeldscherm laadt op ( eerder ben ik al een half uur bezig geweest met rebooten waarop hij geen reactie gaf en bij heropstarten viel die na het bureaublad direct uit alvorens ik ook maar een site kon openen,. Ik had alle stappen uitgetikt maar mijn tijd hier was verstreken en de moest terug inloggen) en tbeeld blijft nu staan op windows maar kreeg geen bureaublad, ik reboot , terwijl ik hier tik staat er dat ik kan opstarten in normale modus, valt terug uit en start niet, start automatisch terug op, ik kies veilige modus ( ik ben nu ah wachten) , ik krijg geen reactie, reboot opnieuw en krijg nu volgende melding Windows kan niet worden gestart omdat het volgende bestand beschadigd is of niet kan worden gevonden Windows system32 config System U kunt proberen dit bestand te repareren door windows setup te starten vanaf de originele cd rom ( heb ik niet) met installatiebetanden. Kies ‘R’ in het eerste beeldscherm…. Ik klik op d R…..pc valt uit, start autmatisch terug op maar ik krijg geen beeldscherm ( zwart) Ik heb 5 min gewachte en ipv te rebooten, herstart ik volledig --> zwart scherm. Ik start weer opnieuw , press DEL to enter SETUP , ik duw op DEL --> geen reactie. Ik reboot en krijg nu als boodschap ‘ windows kan niet worden gestart vanwege een fout in de software, meld dit probleem als : de benodigde DLL –bestanden voor de kernel laden. Neem contact op met uw leverancier over dit probleem. Ik klik op ENTER --> geen reactie, geen reactie, ik reboot ‘press DEL to SETUP, ik klik op DEL --> geen reactie. Ik probeer nog 1 maar volledig op te starten ( weer melding van fout in de software) Nu kan ik nog minder dan voor het verwijderen van de door u aangeraadde bestanden ( ik neem je dat uiteraard niet kwalijk!). Is het mogelijk om via de BIOS (door DEL te drukken bij het opstarten, terug naar een eerder herstelpunt te gaan ofzo? Help me pls! Tis nu echt niet het moment want ik ga maandag via mijn telenet e-mail account digitiale data toegestuurd krijgen die ik nodig heb voor mijn eindwerk dat ik woensdag reeds deels moet presenteren. Indien er geen oplossing is voor mijn pc, kan je mij dan zeggen hoe ik mijn telenet account kan activeren bij de MAC ( ik gebruik deze enkel voor grafische vakken en ken er nog minder van dan van een pc…grrrrr……The devil is in the house! Alvast bedankt
  2. Hoi hoi, Kan iemand aub mijn logfiles van Hijack en Malwarebytes bekijken aub? Sinds gisteren heb ik een spel gespeeld op FB and de pc viel gewoon uit tot 5-6 keer toe. Als ik niet naar de games ga, gebeurt er niks. Ik heb niet geopend op FB dat dit zou kunnen veroorzaken. Ik heb een malware laten draaien met een volledige scan en toen gaf hij 2 geïnfecteerde bestanden aan die ik verwijderd heb. Ik probeer opnieuw bij de FB games en weer hetzelfde. Ik heb een schijfopruiming gedaan + defragmentatie. Bij het laten draaien van system Mechanial pro kreeg ik net hetzelfde voor als bij de FB games. Nu heb ik vandaag een snelle scan gedaan van Marware maar er zijn geen geïnfecteerde bestanden meer. Ik log net in op FB en bij de games ( die ik al een jaar speel), krijg ik weer hetzelfde voor. In plaats van een zwart scherm kreeg ik nu een scherm met tekst waarin stond dat de fout waarschijnlijk kwam door win32Ksys ( wat dat ook moge betekenen?) Hieronder kopieer ik de logfiles : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:51:51, on 6/05/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\PROGRA~1\IWONGIE\bar\1.bin\vrbrmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Aanmelden | Facebook R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file) R3 - URLSearchHook: (no name) - {2ad11eb6-a327-4dfe-88bf-c6071e09f05b} - C:\Program Files\IWONGIE\bar\1.bin\vrSrcAs.dll R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - G:\YouTubeDownloader\IDTB.dll (file missing) O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - G:\YouTubeDownloader\VDTB.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: QWBandToolBar - {8270927A-FB8B-4647-8E21-C9459BB2610D} - C:\Program Files\AA2716FF22FB4CE889332A4059330BD1\QWS.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll O2 - BHO: Toolbar BHO - {d6995d07-cd9b-4cc0-a22a-9e14684d6d64} - C:\PROGRA~1\IWONGIE\bar\1.bin\vrbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Search Assistant BHO - {f0f3f55e-edfc-4ed4-affb-bcaf081ddeba} - C:\Program Files\IWONGIE\bar\1.bin\vrSrcAs.dll O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - G:\YouTubeDownloader\VDTB.dll (file missing) O3 - Toolbar: QWBandToolBar - {8270927A-FB8B-4647-8E21-C9459BB2610D} - C:\Program Files\AA2716FF22FB4CE889332A4059330BD1\QWS.dll O3 - Toolbar: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - G:\YouTubeDownloader\IDTB.dll (file missing) O3 - Toolbar: IWON - {43a3055a-6ff3-4aa5-90e6-18a10297cb53} - C:\Program Files\IWONGIE\bar\1.bin\vrbar.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iWONGIE Browser Plugin Loader] C:\PROGRA~1\IWONGIE\bar\1.bin\vrbrmon.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Search - http://tbedits.iwon.com/one-toolbaredits/menusearch.jhtml?s=100000420&p=ZVxdm217YYbe&si=xBE&a=8DD60886-D740-4197-BAA8-C87984038436&n=2011011305 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: *.qword.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239872965484 O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IWON Service (IWONGIEService) - IWON - C:\PROGRA~1\IWONGIE\bar\1.bin\vrbarsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 11062 bytes Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Databaseversie: 4014 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/05/2011 1:39:19 mbam-log-2011-05-07 (01-39-19).txt Scantype: Snelle scan Objecten gescand: 117671 Verstreken tijd: 2 uur/uren, 46 minuut/minuten, 51 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Kan iemand mij zeggen wat te doen aub zodat ik terug op FB kan gamen? Niet dat dat een noodzaak is maar ik heb niet graag dat mijn pc'tje niet in orde is. Alvast bedankt! Groetjes Domblondje
  3. Goeiemorgen, Toen ik eerder dreamweaver opstartte had ik een optie bovenaan in de balk ( afbeelding van een wereldbol) om een preview te doen in safari. Nu is deze optie weg. Ik vind dit nog steeds de beste optie om een controle te doen van hoe je website er online uitziet. Nu heeft men mij gezegd dat ik F12 moet kiezen en dat ik die optie terugkrijg maar met F12 in te drukken op mijn Mac kan ik enkel het geluid veranderen. Ik ben alle tabbladen afgegaan om de preview in safari optie terug aan te kunnen schakelen maar ik vind het niet. Ik ben nog maar een 3 tal weken met dreamweaver aan het werk dus veel ken ik er niet van en heb ik vertrouwd domein nodig. Is er iemand die mij kan zeggen wat ik moet doen om die optie ' preview in safari' ( wereldbolletje in menubalk bovenaan) weer te voorschrijn te halen aub? Alvast dikke merci! Groetjes van domblondje ( naam kan niet missen )
  4. Awel 'man', zal ik uwe goede raad eens volgen sèh haha Euhh en hoe verwijder ik dat 'enig mannelijk' bestandje? Vind ik die terug in de HiJacklog? Jaaaaaa, ik ben blond, ik weet het! ;-p
  5. Heejkes Kape! Pffffffffttt, tsssssssssss...dan vraag ik mij begot af wat het kan zijn? Grrrrrrrrrr....Ni te doen....Mijn pc reageert juist gelijk ne man....geen oren ;-p Hieronder mijn logske..Ik hoop dat dat meer duidelijkheid brengt. Alvast dikke merci! x ComboFix 10-06-15.04 - Eigenaar 16/06/2010 20:25:06.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1918.1365 [GMT 2:00] Gestart vanuit: c:\documents and settings\Eigenaar\Mijn documenten\Software\ComboFix1.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((( Bestanden Gemaakt van 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))) . 2010-06-10 20:25 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-05-19 21:11 . 2010-05-19 21:11 8463808 ----a-w- c:\documents and settings\Eigenaar\Application Data\Azureus\tmp\AZU5784108512189826301.tmp\Vuze_4.4.0.4_win32.exe 2010-05-17 20:57 . 2010-05-17 20:57 -------- d-----w- c:\program files\Common Files\eSellerate 2010-05-17 20:57 . 2010-05-17 21:14 -------- d-----w- C:\E-Zsoft 2010-05-17 19:22 . 2010-05-17 19:22 -------- d-----w- c:\program files\E-Zsoft . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-10 21:29 . 2006-03-02 12:00 86256 ----a-w- c:\windows\system32\perfc013.dat 2010-06-10 21:29 . 2006-03-02 12:00 499226 ----a-w- c:\windows\system32\perfh013.dat 2010-06-04 10:57 . 2009-05-20 09:43 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-01 21:50 . 2009-03-27 17:15 -------- d-----w- c:\program files\Kaspersky Lab 2010-05-28 14:14 . 2009-03-31 19:31 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\LimeWire 2010-05-20 12:39 . 2009-03-27 23:30 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Azureus 2010-05-19 17:22 . 2009-03-27 23:30 52000 ----a-w- c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-06 10:37 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-05 08:43 . 2010-05-05 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2010-05-04 07:21 . 2010-05-04 07:21 -------- d-----w- c:\program files\VS Revo Group 2010-05-03 12:15 . 2010-04-29 22:24 -------- d-----w- c:\program files\JewelQuest4_at 2010-05-02 08:10 . 2006-03-02 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-04-21 09:08 . 2009-07-03 21:22 65536 ----a-w- c:\windows\system32\afasrv32.exe 2010-04-21 07:50 . 2010-02-07 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-20 05:35 . 2006-03-02 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-14 16:47 . 2010-04-01 21:48 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-04-14 16:47 . 2010-04-01 21:48 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-04-14 16:35 . 2010-04-01 21:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-04-14 16:35 . 2010-04-01 21:48 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-04-14 16:31 . 2010-04-01 21:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-04-14 16:31 . 2010-04-01 21:48 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-04-14 16:31 . 2010-04-01 21:48 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-04-14 16:31 . 2010-04-01 21:48 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-04-14 16:30 . 2010-04-01 21:48 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-04-06 07:36 . 2009-09-01 15:54 66 ----a-w- c:\windows\popcinfot.dat 2010-03-30 07:26 . 2010-03-30 07:26 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-03-30 07:26 . 2010-03-30 07:26 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-03-29 22:46 . 2010-02-07 19:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 22:45 . 2010-02-07 19:19 20824 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSystemAnalyzer"="c:\program files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 557056] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008] "nwiz"="nwiz.exe" [2007-10-04 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800] "SkyTel"="SkyTel.EXE" [2007-08-03 1826816] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "ioloDelayModule"="c:\program files\iolo\System Mechanic Professional 6\delay.exe" [2005-06-08 96256] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"= 8085:TCP:VMware FilterPort R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/04/2010 23:48 162768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/04/2010 23:48 19024] R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [27/12/2009 3:25 222968] S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [3/07/2009 23:22 51072] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] meetsvc REG_MULTI_SZ FltOkoMgr . Inhoud van de 'Gedeelde Taken' map 2010-06-13 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2010-06-16 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2010-06-16 c:\windows\Tasks\User_Feed_Synchronization-{3298A495-2537-4C7A-9210-A8168FA21542}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab . . ------- Bestandsassociaties ------- . JSEFile=NOTEPAD.EXE %1 . ************************************************************************** scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3184) c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2010-06-16 20:28:15 ComboFix-quarantined-files.txt 2010-06-16 18:28 ComboFix2.txt 2010-04-21 18:11 Pre-Run: 98.172.968.960 bytes beschikbaar Post-Run: 98.176.651.264 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 2F6780475A9258D4E68DAE25DEB9421C
  6. Hoikes, Sinds een week ervaar ik een enorme traagheid van mijn pc. Constant loopt alles vast en moet ik via Windows taakbeheer mijn pagina's sluiten ( rapport verzenden enz..). Ik heb nooit eerder problemen gekend met windows xp, ik heb niets gedownload noch geïnstalleerd en mijn factuur is betaald xD. Wat zou de oorzaak kunnen zijn? Ik ga nu Hijack laten lopen en hopelijk kan iemand daar iets in terug vinden wat er niet hoort te zitten en waardoor mijn probleem zal opgelost geraken. Alvast dikke merci! The HiJack-log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:27:17, on 15/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ICQ6Toolbar\ICQ Service.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - G:\YouTubeDownloader\VDTB.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - G:\YouTubeDownloader\VDTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239872965484 O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6976 bytes
  7. Jurgen, Ik heb weer iets bijgeleerd....mijn nick is niet voor niets domblondje ;-) Ik dacht dat je voor elk virusprogramma de optie had om 1 maand gratis uit te proberen en dat je daarna moest betalen. Bedankt voor de goede raad x
  8. Ik begrijp best wat je wilt zeggen Jean-Pierre maar ik maak steeds gebruik van een 'gratis' antivirusprogramma ipv een pakket te kopen. Ik weet dat er steeds 'dll'-bestanden ed overblijven en dit enkel een balast is voor je pc. Vandaag is mijn laatste proefdag van Kaspersky en ga ik normaal weer op zoek naar een gratis virusscanner voor een maand. Zou je mij toch aanraden om een pakket te kopen ipv steeds gebruik te maken van een gratis antivirusprogramma? Groetjes Heidi
  9. Dikke merci ze! :knuddel: Domblondje ;-)
  10. Heejkes, Maandelijk gebruik ik een ander anti- virus programma om mee te werken. Eerst verwijder ik dan het het programma dat niet meer geldig is. Vaak heeft het geïnstalleerde programma een optie ' verwijderen' . Deze vind ik niet terug bij Avast. Nu heb ik het volgende gedaan : 1 /Via configuratiescherm --> software ---> aanklikken van Avast ---> verwijderen 2/ There was an error during product installation 3/ view log 4/ kopie van log 03.05.2010 14:54:20 general: Started: 03.05.2010, 14:54:20 03.05.2010 14:54:20 general: Running setup_ais-1fb (507) 03.05.2010 14:54:20 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [service Pack 3] 03.05.2010 14:54:20 system: Memory: 43% load. Phys:1111312/1964524K free, Page:3296384/3903948K free, Virt:2065384/2097024K free 03.05.2010 14:54:20 system: Computer WinName: SCHROYEN 03.05.2010 14:54:20 system: Windows Net User: SCHROYEN\Eigenaar 03.05.2010 14:54:20 general: Cmdline: /uninstwiz 03.05.2010 14:54:20 general: Old version: 1fb (507) 03.05.2010 14:54:20 registry: Deleted registry: Software\Alwil Software\Avast\5.0\UpdateReady 03.05.2010 14:54:20 system: Using temp: C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\_asw_aisI.tm~a01748 (99338M free) 03.05.2010 14:54:20 general: SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1 03.05.2010 14:54:20 general: DldSrc set to inet 03.05.2010 14:54:20 internet: SYNCER: Agent=Syncer/5.00 (ais-507;p) 03.05.2010 14:54:20 system: Computer DnsName: schroyen 03.05.2010 14:54:20 system: Computer Ip Addr: 84.196.3.193 03.05.2010 14:54:20 system: Installed in: C:\Program Files\Alwil Software\Avast5 (99338M free) 03.05.2010 14:54:20 internet: SYNCER: Type: use IE settings 03.05.2010 14:54:20 internet: SYNCER: Auth: another authentication, use WinInet 03.05.2010 14:54:20 package: Part prg_ais-1fb is installed 03.05.2010 14:54:20 package: Part vps_win32-10050300 is installed 03.05.2010 14:54:20 package: Part setup_ais-1fb is installed 03.05.2010 14:54:20 package: Part jrog-a7 is installed 03.05.2010 14:54:20 general: LoadState: Edition=1 03.05.2010 14:54:20 general: Old version: 1fb (507) 03.05.2010 14:54:20 file: SetExistingFilesBitmap: 360->85->85 03.05.2010 14:54:20 general: GUID: efc2af33-2443-410e-b444-6b18358d9b9b 03.05.2010 14:54:21 general: Server definition(s) loaded for 'main': 353 (maintenance:0) 03.05.2010 14:54:21 general: SelectCurrent: selected server 'Download725 AVAST5 Server' from 'main' 03.05.2010 14:54:21 internet: SYNCER: Type: use IE settings 03.05.2010 14:54:21 internet: SYNCER: Auth: another authentication, use WinInet 03.05.2010 14:54:25 general: Operation set to INST_OP_UNINSTALL 03.05.2010 14:54:25 general: Entered SetupProcessAIS::Do( INST_OP_UNINSTALL ) 03.05.2010 14:54:25 general: Entered SetupProcessWin32Avast::Do( INST_OP_UNINSTALL ) 03.05.2010 14:55:46 package: Transferred: files 0, bytes 0, time 0 ms 03.05.2010 14:55:46 package: Retries: total 0, files 0, servers 1 03.05.2010 14:55:47 internet: Sending stats 'http://download725.avast.com/cgi-bin/iavs4stats.cgi': 00000000 204 03.05.2010 14:55:47 file: NeedReboot=false 03.05.2010 14:55:47 general: Return code: 0x000004C7 [De bewerking is geannuleerd door de gebruiker.] 03.05.2010 14:55:47 general: Stopped: 03.05.2010, 14:55:47 Kan iemand mij zeggen welke acties te ondernemen zodat Avast van mijn schijf verwijderd wordt? Alvast bedankt, Groetjes Domblondje
  11. Hoe kan jij weten hoe ik eruit zie? ;-p (grapjeuuhhhh) Neen, ik krijg geen rare meldingen meer, niet via FB, niet in 't algemeen. Er is nog 1 probleempje....Mijn pc is wel heel wat trager.... Ik heb mijn pc in ' safe modus' gezet (niet door F8 te drukken maar door het volgende toe te passen ---> start > uitvoeren > msconfig + enter en 'boot ini' aan te vinken. Toen ik na de te ondernemen acties de pc terug opstarten, kreeg ik meerdere opties om mijn pc in 'een bepaalde modus' op te starten....Ik vrees dat ik de verkeerde heb aangeklikt....*rood tot over men oren*.... Het beeldscherm is ok, enkel is de pc trager. Kan je me zeggen wat te doen om te controleren of mijn pc in 'normale modus' staat? Groetjes Domblondje
  12. Beste Kape, Hieronder vind u eerst de ComboFix-log, gevold door de Hijack-log. Groetjes Domblondjeuuhhh ComboFix 10-04-21.01 - Eigenaar 21/04/2010 20:04:30.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1918.1479 [GMT 2:00] Gestart vanuit: c:\documents and settings\Eigenaar\Mijn documenten\Software\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\OpenOffice.org 3.0 .lnk . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CAPTCHA (((((((((((((((((((( Bestanden Gemaakt van 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))) . 2010-04-01 21:48 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-04-01 21:48 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-04-01 21:48 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-04-01 21:48 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-04-01 21:48 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-04-01 21:48 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-04-01 21:48 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-04-01 21:48 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-04-01 21:48 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-04-01 21:48 . 2010-04-01 21:48 -------- d-----w- c:\program files\Alwil Software 2010-04-01 21:48 . 2010-04-01 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-04-01 14:34 . 2010-04-01 14:34 -------- d-----w- c:\windows\system32\wbem\Repository 2010-04-01 13:07 . 2010-04-01 13:07 -------- d-----w- c:\windows\system32\drivers\Avg 2010-03-31 21:30 . 2009-08-24 12:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-03-31 21:30 . 2009-08-19 09:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-03-31 21:30 . 2010-04-02 06:27 -------- d-----w- c:\program files\Common Files\PC Tools 2010-03-30 07:26 . 2010-03-30 07:26 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-03-30 07:26 . 2010-03-30 07:26 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-21 09:08 . 2009-07-03 21:22 65536 ----a-w- c:\windows\system32\afasrv32.exe 2010-04-21 07:50 . 2010-02-07 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-06 07:36 . 2009-09-01 15:54 66 ----a-w- c:\windows\popcinfot.dat 2010-04-06 07:18 . 2009-09-01 15:53 -------- d-----w- c:\program files\PopCap Games 2010-04-01 14:37 . 2006-03-02 12:00 86256 ----a-w- c:\windows\system32\perfc013.dat 2010-04-01 14:37 . 2006-03-02 12:00 499226 ----a-w- c:\windows\system32\perfh013.dat 2010-04-01 14:34 . 2010-03-01 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-04-01 08:41 . 2009-08-28 13:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-29 22:46 . 2010-02-07 19:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 22:45 . 2010-02-07 19:19 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-10 06:17 . 2006-03-02 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-05 09:46 . 2010-03-05 09:46 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\AVG9 2010-03-05 09:45 . 2010-03-05 09:45 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-03-05 09:45 . 2010-03-05 09:45 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys 2010-03-05 09:45 . 2010-03-05 09:45 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-03-05 09:45 . 2010-03-05 09:45 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys 2010-03-05 09:45 . 2010-03-05 09:45 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-03-05 09:45 . 2010-03-05 09:45 25736 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys 2010-03-05 09:45 . 2010-03-05 09:45 25608 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys 2010-03-05 09:45 . 2010-03-05 09:45 161800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys 2010-03-05 09:45 . 2010-03-05 09:45 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys 2010-03-05 09:44 . 2010-03-05 09:44 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll 2010-03-04 19:56 . 2009-03-31 19:31 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\LimeWire 2010-03-01 22:37 . 2010-03-02 09:27 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe 2010-03-01 22:37 . 2010-03-05 09:43 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe 2010-03-01 22:37 . 2010-03-05 09:43 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll 2010-03-01 22:37 . 2010-03-01 22:37 -------- d-----w- c:\program files\AVG 2010-03-01 22:27 . 2010-01-25 23:52 -------- d-----w- c:\program files\CheckPoint 2010-02-28 22:21 . 2010-01-25 23:52 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-02-25 06:20 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2006-03-02 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:09 . 2006-03-02 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2004-08-04 00:58 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:35 . 2006-03-02 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2006-03-02 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-01-25 23:53 . 2010-01-25 23:53 144 ----a-w- c:\windows\system32\lkfl.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSystemAnalyzer"="c:\program files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 557056] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008] "nwiz"="nwiz.exe" [2007-10-04 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800] "SkyTel"="SkyTel.EXE" [2007-08-03 1826816] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "ioloDelayModule"="c:\program files\iolo\System Mechanic Professional 6\delay.exe" [2005-06-08 96256] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"= 8085:TCP:VMware FilterPort R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/04/2010 23:48 162768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/04/2010 23:48 19024] R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [27/12/2009 3:25 222968] R3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [3/07/2009 23:22 51072] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] meetsvc REG_MULTI_SZ FltOkoMgr . Inhoud van de 'Gedeelde Taken' map 2010-04-18 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2010-04-21 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{3298A495-2537-4C7A-9210-A8168FA21542}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.demorgen.be/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab . . ------- Bestandsassociaties ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{7A0FA690-7664-498C-B3AF-F97A3EEF96D1} - c:\windows\system32\win0678.dll WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe HKCU-Run-Messenger (Yahoo!) - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe HKCU-Run-ICQ - ~c:\program files\ICQ6.5\ICQ.exe AddRemove-DealAssistant - c:\documents and settings\Eigenaar\Application Data\DealAssistant\DAUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-04-21 20:08 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3080) c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\System32\SCardSvr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\program files\Logitech\Video\FxSvr2.exe c:\windows\system32\WgaTray.exe . ************************************************************************** . Voltooingstijd: 2010-04-21 20:11:36 - machine werd herstart ComboFix-quarantined-files.txt 2010-04-21 18:11 Pre-Run: 106.444.050.432 bytes beschikbaar Post-Run: 106.381.676.544 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlog - - End Of File - - DD922AB437A156C135AE0B7C59588653 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:17:03, on 21/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ICQ6Toolbar\ICQ Service.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Morgen Home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239872965484 O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6867 bytes
  13. Kape, euhhhh...dzjees ik ben echt dom haha! Hoe start ik op in 'veilige modus'?. Ik zet mijn pc aan maar krijg dan geen optie niet om die al dan niet in een bepaalde modus op te starten. Ik stuur je straks de logs. Dikke merci!
  14. Dank je wel Kape voor je reactie. Hieronder vindt u de log van Malware en van Hijack na het 'runnen' van Malware. Ik kan pas deze avond terug reageren, alvast dikke merci! Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Databaseversie: 4014 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 21/04/2010 11:07:04 mbam-log-2010-04-21 (11-07-04).txt Scantype: Snelle scan Objecten gescand: 105736 Verstreken tijd: 46 minuut/minuten, 42 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 13 Registerwaarden geïnfecteerd: 2 Registerdata geïnfecteerd: 2 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 18 Geheugenprocessen geïnfecteerd: C:\WINDOWS\bill107.exe (Worm.Koobface) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: c:\WINDOWS\system32\captcha.dll (Worm.KoobFace) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\captcha (Worm.KoobFace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8afa6f8-90af-2466-c153-04043912ffbc} (Adware.MegaSwellAdsForYou) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d35da2a5-1d09-03bb-fe6e-c569be05cfa0} (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b8afa6f8-90af-2466-c153-04043912ffbc} (Adware.MegaSwellAdsForYou) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d35da2a5-1d09-03bb-fe6e-c569be05cfa0} (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fltokomgr (Worm.Koobface) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MegaSwellAdsForYou (Adware.MegaSwellAdsForYou) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.Koobface) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\captcha (Worm.KoobFace) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\WINDOWS\bill107.exe (Worm.Koobface) -> Quarantined and deleted successfully. c:\WINDOWS\system32\captcha.dll (Worm.KoobFace) -> Delete on reboot. C:\WINDOWS\system32\btw_oko.dll (Worm.Koobface) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Application Data\rdr_1271779463.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\BOPXN2SS\setup[1].exe (Rogue.SecurityCentral) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\BOPXN2SS\setup[2].exe (Rogue.SecurityCentral) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\BOPXN2SS\setup[3].exe (Rogue.SecurityCentral) -> Quarantined and deleted successfully. C:\WINDOWS\lgo (Koobface.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\fs1235.dat (KoobFace.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Application Data\010112010146100109.xxe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Application Data\010112010146115119.xxe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Application Data\0101120101465198.xxe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Application Data\rdr_1271768352.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Application Data\rdr_1271768352.exe.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Application Data\rdr_1271835136.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Application Data\rdr_1271835136.exe.exe (Worm.KoobFace) -> Quarantined and deleted successfully. HiJack-Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:13:59, on 21/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Sitecom MD-020 SIM Editor\iconcs122208812.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\WgaTray.exe C:\Program Files\ICQ6Toolbar\ICQ Service.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\afasrv32.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Morgen Home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [uSBestCR] C:\Program Files\Sitecom MD-020 SIM Editor\iconcs122208812.exe RunFromReg O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [iCQ] ~"C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239872965484 O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\WINDOWS\system32\afasrv32.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7751 bytes
  15. Dag allemaal, Misschien hebben meerdere van jullie reeds ondertussen ook een trojan binnen gehaald via FB. Ik krijg meldingen dat ik 'wormen' en 'trojans' heb binnengehaald enz....Ik heb HiJack laten draaien ( u vindt de log hieronder). Daarnaast wou ik 'Malwarebytes' laten draaien maar deze wordt tegenhouden wss door die trojan. Kan mij iemand zeggen wat te doen aub? Groetjes Domblondje Ik kopier hieronder de Hijacklog Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:47:07, on 20/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Sitecom MD-020 SIM Editor\iconcs122208812.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\afasrv32.exe C:\Program Files\ICQ6Toolbar\ICQ Service.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe c:\windows\bill107.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Mirar - {7A0FA691-7664-498C-B3AF-F97A3EEF96D1} - C:\WINDOWS\system32\win0678.dll (file missing) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MegaSwellAdsForYou - {B8AFA6F8-90AF-2466-C153-04043912FFBC} - C:\Program Files\MegaSwellAdsForYou\MegaSwellAdsForYou.dll (file missing) O2 - BHO: PrimoAdsForYou - {D35DA2A5-1D09-03BB-FE6E-C569BE05CFA0} - C:\Program Files\PrimoAdsForYou\PrimoAdsForYou.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Mirar - {7A0FA690-7664-498C-B3AF-F97A3EEF96D1} - C:\WINDOWS\system32\win0678.dll (file missing) O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [uSBestCR] C:\Program Files\Sitecom MD-020 SIM Editor\iconcs122208812.exe RunFromReg O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [sysfbtray] c:\windows\bill107.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [DealAssistant] C:\Documents and Settings\Eigenaar\Application Data\DealAssistant\dealassistant.exe O4 - HKCU\..\Run: [sfKg6wIPuSpdcduD7] C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Windows\qggpyx.exe O4 - HKCU\..\Run: [iCQ] ~"C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239872965484 O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\WINDOWS\system32\afasrv32.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9559 bytes
  16. Beste, Vandaag heb ik PC Tools Antivirus geïnstalleerd en ondervind nu problemen met mijn outlook express. Ik open Outlook en enkel 7 van de 11 berichten komen binnen. Hij neemt 60 sec de tijd om mails binnen te laten maar daarna krijg ik de vraag of ik nog 60 sec wil wachten, waarop ik uiteraard 'ja' zeg en daarna krijg ik een melding : De server heeft de verbinding onverwachts afgebroken. Mogelijke oorzaken zijn problemen met de server, netwerkproblemen of te lange inactiviteit. Account: 'in.telenet.be', Server: 'in.telenet.be', Protocol: POP3, Poort: 110, Beveiligd(SSL): Nee, Foutnummer: 0x800CCC0F Heeft mijn foutmelding te maken met het anti-virus programma? Waarom komen sommige mails door en anderen niet? Mijn mails zijn belangrijk voor mij daar ik deze nodig heb voor mijn werk. Iemand anders een idee om 'dit probleem' op te lossen? Nog ter informatie, mijn mailbox is ver van vol, dus dat kan het probleem niet zijn. Groetjes Domblondje:D
  17. Beste, Reeds eerder heb ik een topic gepost, genaamd ' pc bezoek'. Na jullie raad te hebben opgevolgd heb ik geen problemen meer ondervonden MAAR zoals reeds eerder vermeld, weet ik dat iemand zich bezig houdt met mijn pc binnen te dringen. Nadat ZoneAlarm vervallen was, heb ik AVG geïnstalleerd....Regelmatig laat ik System Mechanic 6 professional draaien. Daar heb ik nooit eerder problemen mee gekend tot over een maand. Plots deed mijn pc raar...System M 6 startte plots op ( zonder dat ik persoonlijk een scan liet doen of een reparatie...) en gaf een foutmelding. Ik heb dan SM6P laten draaien en hij vond geen anti-virusprogramma terug en toch was AVG geïnstalleerd. Het leek wel of mijn SM6P nu gekraakt was. Vanaf gisteren heb ik een nieuwe anti-virus beschermer, m.n. Pc Tools Antivirus. Ik neem vandaag de proef op de som ....Ik start mijn pc op, Pc Tools Antivirus geeft aan dat de firewall geactiveerd is en als ik dan weer SM6P laat draaien vindt hij weer geen anti-virus programma. Nu stel ik mij de vraag...waar ligt het probleem? Er is een anti-virus + firewall maar wordt niet herkent door SM6P?! Ben ik nu beveiligd of niet? Kan het zomaar dat SM6P opeens faalt? Kan iemand mij helpen aub? Ik ben een domblondje ;-)
  18. Ik ben al opgelucht dat die rotzooi ervan af is. Maar hoe stop je dat? Is me dat toegestuurd geweest of zit dat als een addertje onder het gras bij downloads die ik gedaan heb? Mijn zone-alarm registreerd nog steeds pc inbraken. Ben ik genoeg beveiligd met zone-alarm of zou je een andere firewall aanraden? Ondertussen heb ik ook telenet terug gecontacteerd, daar men geprobeerd heeft om mij het volgend bestand scvhost.exe toe te sturen. Wat houdt dat programma net in? Wat is de bedoeling daarvan? Nogmaals mercikes he!
  19. Hartelijk dank voor je antwoord! Ik heb stap voor stap uitgevoerd zoals je het mij uitgelegd hebt. Zie hier de Anti-malware log : Malwarebytes' Anti-Malware 1.44 Database versie: 3702 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/02/2010 20:32:44 mbam-log-2010-02-07 (20-32-44).txt Scan type: Snelle Scan Objecten gescand: 111860 Verstreken tijd: 9 minute(s), 18 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 14 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 2 Mappen geïnfecteerd: 7 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\megaswelladsforyou.megaswelladsforyou (Adware.MegaSwellAdsForYou) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\megaswelladsforyou.megaswelladsforyou.1 (Adware.MegaSwellAdsForYou) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\primoadsforyou.primoadsforyou (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\primoadsforyou.primoadsforyou.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b8afa6f8-90af-2466-c153-04043912ffbc} (Adware.MegaSwellAdsForYou) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8afa6f8-90af-2466-c153-04043912ffbc} (Adware.MegaSwellAdsForYou) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d35da2a5-1d09-03bb-fe6e-c569be05cfa0} (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b8afa6f8-90af-2466-c153-04043912ffbc} (Adware.MegaSwellAdsForYou) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d35da2a5-1d09-03bb-fe6e-c569be05cfa0} (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MegaSwellAdsForYou (Adware.MegaSwellAdsForYou) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.0.21210 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.0.21210\bin (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Program Files\Advantage\AdVantageupdate.exe (Adware.Advantage) -> Quarantined and deleted successfully. De Hijacklog : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:49:50, on 7/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\afasrv32.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\MySecurityCenter\Programs\service.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe O4 - HKLM\..\Run: [setc] C:\Program Files\MySecurityCenter\Programs\setc.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [iCQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239872965484 O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\WINDOWS\system32\afasrv32.exe O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MySecurityCenter License Service - Unknown owner - C:\Program Files\MySecurityCenter\Programs\service.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8110 bytes We zijn al een stapje dichterbij Groetjes
  20. Heejkes Stegisoft! Eerst en vooral een dikke proficiat voor deze site! Ik heb een vraagje...Ik heb destijds 'tergoedertrouw' van een 'zogenaamde vriendin' een trojan ontvangen. Ik had dit niet opgemerkt maar het werd mij wss toegestuurd via een foto of een andere bijlage. Nu weet ik van haarzelf dat haar stiefpapa, een zeer bekwame IT-er....regelmatig pc's doorsnuistert...Ik heb het contact met die vriendin gebroken en ik heb zonealarm geïnstalleerd. Nu krijg ik uiteraard alle info van die persoon aangaande ip adress enz...maar de info die ik krijg is voor mij chinees. Ik heb telenet al aangeschreven en die hebben mij gezegd via Welcome to RIPE.NET (Welcome to RIPE.NET) het ip adres van de binnendringer op te zoeken. Maar UDP,TCp...enz zijn mij totaal vreemd. Als ik dan het Ip adress van de binnendringer intik op de site van ripe, krijg ik daar een hele uitleg waar ik geen jotta van versta. Indien ik u de logs van de aanvallen zou doorsturen, zou je mij dan meer info kuinnen geven over de belager? Ik heb hier echt geen kaas van gegeten maar ik wil nu wel dat het stopt. Hopelijk kunnen jullie mij bruikbare feedback geven. Alvast bedankt, Groetjes Heidi Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:26:18, on 4/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\afasrv32.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\MySecurityCenter\Programs\service.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Sitecom MD-020 SIM Editor\iconcs122208812.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\msfeedssync.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2452474 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file) R3 - URLSearchHook: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam0.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Mirar - {7A0FA691-7664-498C-B3AF-F97A3EEF96D1} - C:\WINDOWS\system32\win0678.dll (file missing) O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam0.dll O2 - BHO: PrimoAdsForYou - {D35DA2A5-1D09-03BB-FE6E-C569BE05CFA0} - C:\Program Files\PrimoAdsForYou\PrimoAdsForYou.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Mirar - {7A0FA690-7664-498C-B3AF-F97A3EEF96D1} - C:\WINDOWS\system32\win0678.dll (file missing) O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O3 - Toolbar: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGam0.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [uSBestCR] C:\Program Files\Sitecom MD-020 SIM Editor\iconcs122208812.exe RunFromReg O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe O4 - HKLM\..\Run: [setc] C:\Program Files\MySecurityCenter\Programs\setc.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [regist] C:\Program Files\MySecurityCenter\Programs\RegistrationPopup.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [iCQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; msn OptimizedIE8;NLNL)" -"http://www.leukespellen.be/spelletjes/body/c2tlaTM4OTNza2Vp.php" O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239872965484 O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\WINDOWS\system32\afasrv32.exe O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MySecurityCenter License Service - Unknown owner - C:\Program Files\MySecurityCenter\Programs\service.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10241 bytes
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.